Many companies nowadays choose to purchase their software from the public cloud because of scalability and cost considerations. For companies who have digital sovereignty high on their agenda, the public cloud though may not always be the best solution. So then how do you host your software?
As a provider of self-hosted software, we recommend organizations to avoid hosting software in the public cloud as much as possible. But we understand that such a decision depends on many factors like your needs, level of expertise, budget, organizational requirement and so on. So, to help you understand the pros and cons of both cloud and on-premises, we’ve listed the most important things to take into account when choosing a hosting solution.
Let’s start with a little bit of terminology to make sure we’re all on the same page.
Public cloud offerings are usually a full service ‘turn-key’ solution. The data is stored in the public cloud provider’s data center. This means that the provider is responsible for the management and maintenance of the IT resources (both software and hardware) and the customer just purchases a service or computing resources.
These services or resources are shared by multiple users, not necessarily from the same organization (a multi-tenant environment). The main disadvantage of the public cloud is that the customer has limited or no control about the location of your data, so you cannot be sure whether your data is secure or not.
A private cloud differs from a public cloud in that the infrastructure on which data is stored is dedicated to a single organization. This means that resources in the private cloud are not shared with other users. Resources offered in a private cloud are still scalable, but accessible by only one organization. Therefore, the private cloud provides more control and privacy than a public cloud. A private cloud can either be hosted on your own hardware (on-premises or co-location), or on hardware you rent (IaaS).
Then there is the hybrid cloud which is a combination of public and private cloud solutions. The idea is that in a hybrid environment you use the private cloud part to store your sensitive data and the public cloud for all your other data.
Multicloud is the latest buzzword in cloud country. According to Wikipedia:
Multicloud is the use of multiple cloud computing and storage services in a single heterogeneous architecture.A typical multicloud architecture utilizes two or more public clouds as well as multiple private clouds. A multicloud environment aims to eliminate the reliance on any single cloud provider. It differs from hybrid cloud in that it refers to multiple cloud services rather than multiple deployment modes (public, private, legacy).
What it’s mostly about is minimizing risk and avoiding vendor lock-in by mixing and matching the best cloud technologies.
There are different ways in which cloud services are offered. The most common delivery models are:
SaaS (Software as a Service)
SaaS is a software delivery model where third party vendors offer software on a subscription basis. More and more applications are offered as SaaS. SaaS can be very useful for people or organizations who don’t have sensitive data and need a scalable and affordable software solution. However, SaaS solutions are always offered in a public cloud. Data privacy is therefore not guaranteed.
PaaS (Platform as a Service)
PaaS means that a third party vendor provides, hosts and manages operating systems, runtime and middleware.
With a public PaaS, your organization controls the software deployment part, whereas the PaaS provider delivers the infrastructure that is needed to host your applications. AWS is a nice example of a public PaaS solution offering. It is relatively easy to deploy software via AWS Marketplace. However, the infrastructure on which everything runs is owned by Amazon and not your organization. You are therefore not fully in control over your data.
Private PaaS differs from public PaaS in that both the hardware and software needed to support PaaS need to be purchased and maintained by the organization that uses the PaaS solution. This does give organizations more control and privacy than with a public PaaS solution.
IaaS (Infrastructure as a Service)
In an IaaS model the cloud provider offers you (physical but most often virtual) IT infrastructure like Virtual Machines, data storage space and servers. With IaaS, a third party provider maintains the hardware, but you are in control of everything else. Although IaaS gives you relatively much control over your IT resources, you are not in control of all security measures taken to protect your data.
On-premises means that all parts of your IT are under your own control. You own the infrastructure, the software and physical location where you store your IT. Because of that you can you can create the maximum level of control and privacy.
Now that all terms are clear, let’s look at some considerations.
As mentioned before, although we recommend having your data on-premises, we know that this is not always feasible. So let’s have a look at the things you need to consider when choosing a solution to host your software.
What is the size of your company?
If you’re a small company without the need to have your data under your control, then the public cloud might fulfill all your needs. However, once your organization grows, deploying public cloud applications might get more complicated because there are more services you need to connect with your user management application (like LDAP). This is often even more complicated than setting these things up locally.
To what extent does your IT need to be flexible?
If you own your hardware and software, you can change and configure almost everything you want, building an IT environment perfectly tailored to your needs. However, if you do not have the people in-house to help you tweak your systems, this benefit won’t do anything for you. Depending on how much you’ll be able to do yourself, you could opt for IaaS, PaaS or SaaS. The downside is that in these all these cases you can customize only parts of your IT environment, and not always the parts you’d like to change. You can always request a change or new feature, however, it’s up to the provider if they will implement it.
How much technical knowledge do you have in-house?
On-premises solutions give you full control over your data and for this reason you can make sure they are more secure than public cloud solutions. If security is a number one priority for you, having your sensitive data on-premises is almost a must. Full control, however, means full responsibility. If you host your own IT, you are responsible for maintenance, monitoring and support. In order to self-host your software, you require access to a wide range of IT skills and solid knowledge of the technologies involved. Make sure you have those skills ready.
What is your budget?
In many cases, to host your software in a public cloud is cheaper than hosting in a private cloud or on a dedicated server. After all, the only costs you have are those of your subscriptions. There are usually no or little hidden or unpredictable costs, making budget planning easier. Self-hosting does not necessarily have to come with high or hidden costs, but you should know what you are doing. Our advice is to never choose self-hosting just for budget reasons, because then you might end up disappointed.
Are there corporate security or compliance policies you need to consider?
In some companies, strict compliance policies apply. In those cases, a SaaS solution or, as a matter of fact, any solution that you have not under your own control, might not fulfill your company’s needs. Therefore, before you decide which hosting solution to choose, make sure you know what corporate rules you need to comply to and choose a solution that meets those requirements.
How much computing power do you need?
The amount of data you have, and the computing power required to process this data, is something else you need to keep in mind. If, for example, you have a lot of data that needs a lot of computing power, then a private cloud will probably work best for you. However, in case you do not have that much data, but still require a lot of processing power, you might want to consider to have your computing power in the cloud but store your data locally. If you don’t need a lot of computing power, an on-premises solution is in our opinion a good solution.
Where is your company located?
Lastly, don’t forget to take the location of your company into consideration. Legally, for example, it makes a lot of difference whether your company’s headquarter is located in the United States or the European Union. The EU protects data privacy per default better than the US. For more information about EU and US privacy laws, you can read our whitepaper here. If your company has a lot of locations spread around the world, then you probably also send around a lot of internal data. Is this the case, you may want to consider to at least have the most sensitive corporate data on-premises.
It’s clear that choosing a hosting solution is not straightforward. The right solution really depends on many factors. One thing is clear though. If you want to achieve full digital sovereignty, self-hosted is what you should choose.
Want to learn more about on how to host your software or how Kopano can help you become more digitally sovereign? We’d be happy to have a chat!