Decision guide: Public cloud versus on-prem storage

Choosing where to host workloads -- on-premises, in the cloud, or in a hybrid mix of both -- requires careful analysis. Here are the most important questions to ask and how to make hosting decisions that meet your specific needs.

As organizations transform their operations to meet today’s digital needs, the question of where to store their data and applications becomes critical.

The public cloud is often seen as an option that provides affordable and flexible data storage and application hosting services. Yet many worry that a data center “somewhere” on the Internet is too risky a home to store their most sensitive data.

Once you factor in hidden costs, it can also make more sense to keep some of your data and workloads on site. Making an informed choice between cloud, on-premises computing, or a hybrid mix of both requires a detailed analysis of your requirements in four areas:

  • Location of data storage
  • Security of data and applications
  • Cost
  • Level of control and flexibility needed

Understanding the specific capabilities and pricing structures of both cloud providers and third-party tools that can enhance their capabilities is key. Overall, you’ll want to evaluate the pros and cons of public clouds (shared with other customers), dedicated private clouds, and on-premises infrastructure that can deliver cloud-like costs, performance, and consumption models.

Get our report: Navigating IT Transformation - Tales from the front lines

This complexity can make for difficult choices. A fall 2016 survey by market researcher IDG, sponsored by IT services provider Datalink, found that nearly 40 percent of organizations with public cloud experience report moving public cloud workloads back on premises. Of those, 55 percent cited security concerns, 52 percent cost or pricing, 45 percent manageability, and 38 percent either reliability or performance, lack of flexibility or customization, or support or service issues.

Here are some essential questions you should ask to make the best choice about whether, when, and how cloud is right for your storage and application needs.

Start with the data 

A good place to start is with the nature of your data and determining the best storage location from which to provide it as quickly and securely as the business requires, while meeting security and regulatory needs. Data storage decisions are vital because of their implications in terms of application performance, data integrity, and data protection and restore.

To speed performance, the data should be as close as possible to the application that uses it, says Greg Schulz, senior advisory analyst at consulting firm StorageIO.

Some IT vendors are now offering services that bring cloud economics to on-prem data centers. In a recent Forbes article, “Hewlett Packard Enterprise Goes After Amazon Public Cloud In Enterprise Storage,” analyst Gina Longoria discussed HPE’s Flash Now offering, a flexible flash storage consumption approach for enterprise IT that provides on-premises, all-flash storage on a pay-as-you-go basis. Such services can help customers achieve cloud-like cost savings for infrastructure that they decide to keep in house for performance, security, control, or other reasons.

When comparing performance service-level agreements (SLAs), pay close attention to how each cloud provider measures performance, says John Pescatore, director of emerging security trends at SANS Institute, a research and training provider. An SLA that guarantees, say, an average storage retrieval response each month doesn’t ensure that every request during the month meets that standard. That makes the SLA much less valuable if, as in the case of a trading application, every transaction needs the faster response time.

Cloud providers are helping to solve this storage challenge, says Simon Margolis, director of cloud platform at SADA Systems, a cloud migration and IT consulting services company. Google Cloud Services, for example, provides “automatic edge caching…[whereby] if I have a data center in the Google cloud on the West Coast and a device is constantly pulling data in New York, Google realizes that…and will place that data on the edge location without any involvement by the customer,” he says.

Customers can also pay up for dedicated resources to achieve tighter SLAs, says Pescatore. Expect additional costs for dedicated “private cloud” resources that enhance performance, security, or control.

According to a July 2016 report from 451 Research Group, sponsored by HPE, 90 percent of a sample of 900 enterprise IT decision-makers surveyed said they expect to pay a premium for private cloud, with the average being 20 percent over public cloud. Seventy percent cited security as the leading driver for using a private cloud, with flexibility, transparency, compliance, and control being key value-added benefits of a private cloud over public cloud.

How much security is enough? 

By most accounts, the security of data and applications stored on the cloud is steadily improving and, especially for smaller companies, is better than what most customers could provide themselves. But security is still a major concern, with the latest Datalink/IDG survey reporting that 62 percent of IT decision-makers see it as a critical factor in their hosting decisions.               

As with performance, the key to good decision-making is a highly detailed assessment. The question isn’t whether “the cloud” is secure enough, but whether a specific cloud provider—perhaps with the help of third-party tools—can meet the security requirements for a specific application or set of data and at what cost.

Some providers, such as Amazon Web Services, offer dedicated private servers that are physically isolated from others and run on protected networks, effectively blurring the line between cloud and older colocation managed services, says Schulz.

Schulz recommends listing and ranking specific security concerns and then evaluating, for each, the type of application and data storage they involve, the potential breaches, and the problems such breaches would cause.

When you get into highly customized implementations, that’s really where you’ll find the strongest case for on-premises solutions.

#authorName #authorPosition

Many industries, such as healthcare, law enforcement, and financial services, “have unique and varying degrees of regulatory compliance” needs, says Vadim Vladimirskiy, CEO of IT consulting firm Adar Inc. While many cloud providers offer specialized services to meet these requirements, “when you get into highly customized implementations, that’s really where you’ll find the strongest case for on-premises solutions,” he says.  

Watch out for hidden costs  

The cloud has a reputation for being a low-cost choice for hosting applications and infrastructure. But you need to sweat the details to determine if that’s true, especially as your needs grow larger and more complex.

Among the less obvious costs to check for are charges to access or download (rather than just store) data and how much it costs to add more servers or storage when you need them, says Schulz.   

Of the various cloud models, public cloud—when customers share servers and storage with other customers—is the easiest option to price, according to the 451 Research Group/HPE report. Most cloud providers list prices for such services online, and many have their own tools to calculate spending.

Customers should also beware of applications such as SAP and Oracle, whose licensing terms can make them cost-prohibitive for the cloud, says Jeremy Steinert, chief technology officer of application migration service provider WSM. Because their licensing is based on the number of server cores the application uses, a customer might pay a license fee based on the 64 cores the application uses in peak periods, even if you’re using only four cores for 99 percent of the time.

Some cloud providers also charge less for servers whose use is purchased and reserved in advance compared with customers spinning them up as needed, says Steinert. That’s another argument for carefully assessing each application’s needs and building in room for growth. 

Comparing pricing for private clouds—in which customers buy the use of dedicated resources—is more difficult, the report says, as providers usually generate quotes based on each customer’s needs. In general, the 451 Research Group/HPE report found public cloud to be least expensive, followed by self-managed private cloud. The most expensive option was private cloud services managed by the provider.

The more mature your own IT management practices, and the more effectively you use automation, the better you can reduce the cost of any cloud and perhaps the cost premium of a private cloud. According to the report, “The key is to automate and simplify as much management as possible without opening up the infrastructure to unnecessary risk.”

The key is to automate and simplify as much management as possible without opening up the infrastructure to unnecessary risk.

How to Create a Quick Comparative Multi-Cloud TCO Analysis Spanning Public, Private and Managed Cloud 451 Research

If part of your cloud strategy is shifting among providers to get the best price, remember that different providers have different pricing models for storage, servers, and networking capabilities, as well as in areas such as security and APIs for management tools. Be careful to factor in the cost of assessing their capabilities and understanding their pricing in order to be sure that after all the costs are factored in, a shift is still worthwhile.  

Maintaining control and flexibility 

As IT becomes more critical to the business, organizations need to track the performance and cost of their storage and application infrastructures and change them to meet new business needs.

“Companies are used to being able to move very quickly and flexibly, and change things very rapidly,” says Pescatore. However, he adds, they often find that “any time you involve a third party, you’ve lost some of your flexibility, as you have to do things the way the third party wants you to. When you look at how many times a week you can change things” or how much it costs to add extra resources as needed, the cloud might cost more than an in-house data center where “when we bought extra hardware, we bought it once, and the capacity was free after that,” he says.

Companies are used to being able to move very quickly and flexibly, and change things very rapidly. Any time you involve a third party, you’ve lost some of your flexibility, as you have to do things the way the third party wants you to.

John Pescatore Director of Emerging Security Trends, SANS Institute

Given all these variables, larger companies that have more customers to spread their costs among might “realize they could be more efficient in house or on premises,” or with hybrid cloud to tap the cloud for peak needs, says Bill Ho, CEO at Biscom, a secure document delivery and security consulting firm.

One area where customers are pulling services back in house is SIEM (security information and event management) systems, says Pescatore. “It initially looked attractive to consume this from the cloud, but then they added up all the costs” and found they weren’t saving money or couldn’t customize the service as much as they could a stand-alone offering, he says.

Public cloud or on-premises storage: Lessons for leaders

  • Consider keeping data storage close to the applications that need it to maximize performance.
  • Make decisions based on a detailed analysis of the needs of each workload and database, and the capabilities and costs of each cloud platform.
  • Watch for hidden costs, such as charges for accessing (rather than just storing) data, or to meet security, performance, or control requirements.
  • The more efficiently you manage your on-premises IT infrastructure, the better you can extend best practices such as automation to the cloud.
  • For on-premises IT, consider cloud-like storage consumption models from IT vendors that allow you to purchase capacity on demand at a low rate and on a pay-per-use basis.

Get our report: Navigating IT Transformation - Tales from the front lines