Cloud or On-Premise? Three Ways to Decide

Nov 18, 2015 5:10:19 PM / by Sarah Spangler

A new report by CDW says that 35 percent of all IT services in the U.S. are now delivered via the cloud. 64% of small businesses already have an average of three cloud solutions in place. 90 percent of all U.S. businesses have adopted cloud to some degree.

The most common cloud-delivered applications tend to be for mainstream needs like email, collaboration, sales management or marketing. There’s no doubt that cloud usage will continue to spread. We’re now seeing apps and workloads in the cloud that IT never expected would run there—and they’re often working leaner and faster than ever before.

It’s understandable. The flexibility of access to applications anywhere, any time, makes cloud the best option for anyone on the move. In fact, some mainstream corporate systems wouldn’t be possible without using the cloud. Some cloud tools enable breakthrough ways of sharing and collaboration. Cloud can streamline costs and reduce administration time, and it’s definitely a better option than the clunky and frustrating process of dialing in to a VPN.

Despite the rise of cloud, there are quite a few scenarios where it’s not the right answer. Areas like healthcare, HR, finance, government, public utilities or defense that that have critical dependence on business continuity, regulatory compliance or data security are more likely to pick software that can be hosted onsite. Let’s look at these areas in more detail.

When critical data and business technology resides in the cloud, you have to factor in the possibility of Internet outages or slow networks. There are specific instances, like financial services or retail transactions, where speed of response equates to the difference between profit or loss. Connectivity-critical applications are less likely to be placed in the hands of external hosts - no matter how robust the cloud providers’ service level agreements. In some cases, the risks of downtime outweigh the rewards of cloud.

Regulatory compliance has bitten deep into the heart of many organizations, and it hurts. Any firm that maintains a personal data records or undertakes or financial transactions is staring down the gunsights of SOX, SEC, PCI, HIPAA or other regulatory bodies.

Compliance is complicated. Fines for non-compliance are heavy, and audits are intense and draining. The failure rate of compliance audits for cloud implementations are still high, chiefly because of the very detailed network safeguards that are required. In a survey of 276 IT professionals in December 2014, 56 percent of respondents said that lack of understanding of compliance conditions led to failed cloud audits. Inadequate security measures, improper network configurations, poor data encryption and insufficient numbers of dedicated compliance personnel were just some of the reasons for failing to make the grade.

Faced with this difficulty, many firms prefer to host applications that are subject to regulatory compliance within their own network, reserving cloud usages for less sensitive systems. This hybrid model is widely used. In response, many application providers offer both a hosted and a premise-based option, although it isn’t universal.

Not surprisingly, security is the number one concern when it comes to businesses or governments switching to cloud services. The cloud is not a watertight entity, so planning against the possibility of some sort of security breach, sooner or later, is a sensible option, as is careful selection of your provider. Many offer certifications such as ISO27000 at the basic level, or Healthcare Insurance Portability Act (HIPAA), Federal Information Security Management Act (FISMA), and Payment Card Industry Data Security Standard (PCI DSS).

Nevertheless, a large number of businesses are still opting to keep some critical solutions on premise. And surprisingly large blocks of potential users have no intention of making bolder moves towards cloud in the near or medium term, because there is too much at stake in terms of security, compliance, or business continuity.

An all-cloud environment is not yet all-enveloping – in fact I doubt whether this will ever be the case. The hybrid model offers a level of comfort and convenience, while leaving the door open for future adaptation. The more critical the application, the more important it is to be able to select from cloud or on-premise options.

Topics: Issue Tracking, Software Solutions

Sarah Spangler

Written by Sarah Spangler