Is Your Head in the Cloud?

Here at Deep Core Data, we deal with a lot of web applications: applications that corporations use to manage their data, their employees, their operations, their finances, and so on and so forth.  One of the first questions we need to answer when we deploy these products is one we never worried about 10 years ago: Is this going on-premise or into the Cloud?

Now a lot of people have defined the Cloud in a lot of different ways over the years, but for our purposes, there’s one main defining feature: the application can be accessed via the public Internet.  That’s the major advantage of a Cloud implementation, allowing users at home or on the road to connect to the application without having to finagle a VPN into the corporate network.  However, this is also the source of one of the major flaws of using the Cloud: security exposure. If the application has a security flaw, or a user’s credentials are compromised, an attack originating from anywhere on the planet can walk right in the front door.

On-premise is the more traditional approach to applications.  The data center (either physically on-premise or as part of the secured WAN) houses the machines that actually contain the application information, and data as a general rule never flows outside the organization (at least, not in an unencrypted form.)  This is usually considerably more expensive in capital and manpower, but provides greater security in the sense that an outside attacker must first breach the company’s internal network before breaking into the application itself. Some vendors offer what they call a “Private Cloud” option, which is quite similar to an on-premise installation at an off-site data center.

Cloud solutions are almost always cheaper and more flexible than an on-premise solution, but the economics for each individual business vary significantly.  For instance, businesses that already maintain an on-premise data center will frequently prefer a solution hosted there rather than opening a cloud account, as they’re already paying the overhead costs and adding a single new server won’t significantly increase them.  

Overwhelmingly, though, businesses run some combination of on-premise and cloud services.  Exactly where a particular application lives on their network depends more on the realities of the network infrastructure than cost or security considerations.  For instance, a dashboarding tool that draws from an on-premise SAP system will almost certainly also have to be hosted locally, as opening the SAP system to a cloud provider (even under very controlled circumstances) can be a very dangerous proposition.  Likewise, a Salesforce application that sales personnel are primarily accessing from their mobile devices far from their home office is most likely going to be in some kind of cloud application.

Every time we roll out a web application to a client, we have this discussion.  Ultimately, we can engineer solutions to put any application in just about any environment; choosing a location in the accessibility/security/cost space is the real issue.  For both developers and clients, it is critical to understand the trade-offs, and how your decision will affect the success of your implementation. Don’t feel like you have jump right into the Cloud just because it seems everyone else is doing it. Take time to explore your options, evaluate the risks, and choose the setup that works for you.