Cloud computing has become a pervasive and generic term today that includes paid and free, unbranded and branded services.
In its most simple terms, cloud computing is the delivery of on-demand computing services to computing power over the internet, without having to buy, install, or install your own servers. You can run your company’s IT operations with nothing more than a browser.
Most consumers buy or download applications from Google Play and the iOS App Store. Major operating systems like Mac and Windows offer free and paid accounts to back up documents, emails, photos, contacts and calendars in the cloud.
On the business side of cloud, companies rely on hosted solutions that are vital for their day-to-day operations including ERP, CRM and payroll.
Different types of ways to use the cloud
But when taking an important decision regarding cloud, it is important to differentiate between cloud native solutions, which are built for and to operate within the cloud, and hosting on-premise architecture in the cloud.
Many companies are sold cloud services, which take an on-premise version of their software and host it on hardware in a remote location. The customer is relieved of having to set up infrastructure themselves but is still responsible for licensing, configuration, maintenance and upgrades, which makes it still a costly option.
A true cloud environment ensures automatic and frequent software upgrades and class 1 hardware and software that guarantees uptime, security, and dependable data backup and disaster recovery. It does this by having data distributed in different data centers.
It is also important to differentiate between private and public cloud. The former is a cloud service that is not shared with any other organization. By contrast, a public cloud shares computing services among different customers, even though each customer’s data and applications running in the cloud remain hidden from other cloud customers.
The largest providers are Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Alibaba.
Public cloud is the biggest growth area. Gartner predicts public cloud spending will reach US$323.3bn in 2021, a 23.1% increase compared to 2020.
Among the three main services offered: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS), SaaS will account for the largest market segment to reach US$122.6bn in 2021.
What to consider when choosing a public cloud provider
Where data is stored
The location where data is stored is important. First there is the issue of latency. If the application is coming from a data center on the other side of the world, data may be slow to retrieve versus a local connection.
Secondly there is the issue of data sovereignty. More than 100 countries have data sovereignty laws in place, particularly for certain sectors, such as financial services. This is closely related to security concerns about another country accessing sensitive data.
In 2016, the European Parliament approved their own data sovereignty measures with a General Data Protection Regulation (GDPR), which forces companies based outside of the EU to align their data protection policies with those of the EU in order to do business.
Many multinational cloud vendors have addressed the issue of data sovereignty by building regional data centers to keep data physically in the region of influence of the customer. Another solution is Edge data centers. These smaller facilities which are located close to the populations they serve, deliver cloud computing resources and content stored locally. They typically connect to a larger central data center or multiple data centers.
Microsoft has gone a step further in Germany by setting up two data centers to offer its Azure cloud services. The customer data is under the control of an independent German company. Microsoft cannot access data at those sites without permission of customers, or this “data trustee”. Likewise, AWS recently sold a portion of its cloud infrastructure to its local Chinese partner, Ningxia Western Cloud Data Technology, because of strict regulations.
Cloud providers also have to comply with different retention period policies, referring to the amount of time they need to hold onto information. Not all data is created equal. Different laws and regulations may require customers to store data and make sure it is easily retrievable, or make multiple copies of that data. There is critical and non-critical data. Financial and health records are examples of data that could be critical.
But given the sheer amount of data generated, it is not possible to keep all data. And not all data is worth keeping. Unstructured data from social media may be relevant for a short period of time but could be deleted after being used.
There are different life cycles and that is why policies are important. After certain periods of time, sensitive data may be put in cold storage, where it is not immediately accessible but could be retrieved if required, for compliance reasons.
Making copies of data is essential for disaster recovery measures and can also be a way around regulations that require the original data set to be kept within a country. Copies could be made and available elsewhere. Having multiple layers of authentication can be a good way of preventing data from being accidentally deleted.
Clients need to trust that their data will be protected. Security is crucial for the growth of cloud computing but can be complex. Data can be encrypted at multiple levels, for example securing cloud clusters, which are individual nodes that carry out different tasks, securing applications, encrypting data in transit, when it is traveling between a server and the client, or at rest, when it is in storage.
There are different cryptographic protocols designed to provide communications securely over a computer network, such as Transport Layer Security (TLS), which is widely used in applications such as email, instant messaging, and voice over IP.
Often the process of securing data will start with vulnerability analysis and a number will be assigned to each vulnerability that is found.
Security protection can be heightened by minimizing the number of accesses to data or having double or triple layers of authentication. Other common practices include giving users that manage data only limited access to some but not all of the data.
Each cloud provider will have their own schemes and can configure security according to the client’s particular needs and can be based on an analysis of customer behavior, so that if there is activity that steps outside of those parameters, an alert can be created.
When choosing a cloud provider for transferring a workload there are multiple factors to take into account.
One thing to consider is how binding a contract you have with a cloud provider and also how technically dependent you become on that provider. Customers should always ensure they remain the owners of their data and not face obstacles to change providers, if needed.
Best practices include ensuring basic programming for applications. Often a license will run out and a client will want to change to another provider or extract elements of the application.
And what skill sets are needed to migrate to a public cloud? While the basic concepts of cloud computing are similar, there can be some configuration challenges for when moving between clouds, for example moving between a private and a public cloud.
Price is always an important factor. It is often stated that using cloud services can save companies a lot of money. Hosting workloads in the cloud eliminates the cost of owning proprietary servers and paying the staff to maintain them. It also gives elasticity to increase or decrease resources as needed, using the “pay-as-you-grow” model.
Price is not always the main determining factor in a decision to choose between one cloud provider and another and usually has to do with other elements of the service on offer.
However, cost savings can depend very much on a case-by-case basis.
For example, when using Kubernetes, which is an open-source container-orchestration system for automating computer application deployment, scaling, and management, putting together a cloud cluster manually can often be cheaper than using services offered by the cloud provider.
In addition, it is also important to remember to turn off services, or resources or storage capacity that one is not using, to avoid costs piling up.
The future in the cloud
In summary, the use of cloud services is an inevitable trend that has only accelerated with the pandemic. With many employees working remotely, many companies have sped up digital transformation plans.
The benefits of the cloud are more visible than ever. Different sizes of companies can cut costs in digital infrastructure and office rental and have their workforce completely online and add resources as necessary. Most startups today are born completely in the cloud.
However, there are important factors to take into account including security, the location of the data and how long it will be stored which are essential for complying with local regulations.
Retaining control of one’s data is a must and customers should ensure that they retain the option to change between providers, or even move certain resources back on-premise, if desired.