1. It’s Not About Whether You Should Move to the Cloud.
It’s About Why You Haven’t Yet
A lot is being said and written about the many business benefits of utilizing Cloud technologies for your business applications and tools. So much so that one could think that every organization has already transitioned all IT operations to the cloud. But the truth is that many of you are still hesitating to take the leap.
When considering a move to the Cloud, some companies have — legitimate — concerns about security, compliance, and overall risk. It does make sense: moving your data from in-house servers and IT infrastructure into remote servers operated by third-party providers may sound like signing away control of your information.
It may appear counter-intuitive, but in fact the Cloud empowers businesses to better control the risk to their IT environment. Here’s why.
Exponentially lower cost is the first reason why the Cloud helps improve risk control.
On-premise IT entails significant investment. In addition to capital expenses for in-house servers and software licenses, you need to factor in the costs associated with managing and maintaining the solutions (e.g. IT support resources).
With Cloud computing, the upfront cost is minimal. There is no hardware to buy and install. Deployment involves minimal intervention from internal IT.
Once the system is up-and-running, ongoing operations can be managed without network or server-level admin involvement.
Many SaaS subscriptions are priced based on number of users and usage/traffic patterns, you avoid the costs associated with the need to provision for peak usage, and you only have to pay for the resources you actually use.
The cherry on top is that eliminating on-premise hardware results in energy savings.
All in all, SaaS deployments reduce TCO by up to 50%.
Combined with reduced time-to-deployment — and therefore improved time-to-value — lower investment automatically translates into lower risk: to put it simply, you have much less to lose.
Cloud services providers invest in server infrastructure that is beyond the affordability of most businesses, resulting in higher performance and resilience.
For example, SaaS/Cloud vendors frequently offer more sophisticated disaster recovery capabilities than internal IT, including the ability to seamlessly and rapidly resume services from replicated servers operating in alternative locations.
Just consider our own solution Sciforma. Due to the way Sciforma is designed and developed, all data is stored in the customer database. The Sciforma.net Disaster Recovery Plan (DRP) takes advantage of this characteristic. In case of a delivery platform outage, a replacement platform would be built with automatic provisioning for impacted customers of new Sciforma environments in the same version they were using, followed by the restoration of the latest backup, at most four hours old from the outage time.
Overall, Cloud offerings usually come with contractual service-level agreements with timeframes.
On-premise infrastructure seldom offers that level of guarantees — meaning that the risk associated with downtime, outage or performance issues is much lower with the Cloud.
In the same vein, SaaS providers like Sciforma provide their clients with dedicated resources to ensure real-time vulnerability monitoring and timely prevention of issues.
From the threat of cyber attacks to the risk of data loss, security concerns are playing a key role in the reluctance of some businesses to embrace the Cloud. However it usually offers much better protection — just like depositing your money at the bank is safer than hiding it under your mattress.
SaaS vendors just cannot afford not to go all out when it comes to protecting customer data from intrusion, tampering or disasters. They are constantly investing in advanced security systems and tools: bolstered data center walls, temperature monitoring systems, etc. They are providing resources that are solely dedicated to protecting your data, and they are always striving to come up with newer, better ways to ensure top-notch security.
For example, Sciforma customer environments are single tenant, meaning that every customer has its own application instance and dedicated database. This provides the strongest possible isolation of customer data. Each customer can choose between standard authentication (credentials are stored in the customer database) or SSO (based on SAML 2.0).
The Sciforma SaaS service is delivered from several Points of Delivery (PoD) around the world. Each of them is set up as a private network, so there is no possible direct access to the customer environments from the Internet.
Each customer environment corresponds to a unique URL. The only public entry point is a reverse proxy server behind a firewall which routes the HTTPS requests based on the URL of the corresponding customer’s environment. All data is encrypted, both at rest and in transit. Data in transit is encrypted with TLS 1.2 (RSA-4096, AES-256, SHA-256). The stored data and backups are encrypted using the AES-256 standard. A different key is used for each customer.
Complete backups are made every four hours. Every night, these backups are erased except for the most recent backup, which is kept for 60 days. All backups are encrypted with AES-256 and stored both locally and remotely in another data center in the same AWS Availability Zone. Backup integrity is controlled by using hash signatures.
Did you know?
Sciforma implemented an Information Security Management System (ISMS) to manage all the information security procedures and risks in compliance with the standard ISO/IEC 27001. Our ISMS was certified ISO 27001 in July 2019 by a certification body. This certification proves Sciforma correctly manages the risks and the security of information.
What about compliance with ever-increasing data privacy regulation? That’s another of the considerations that discourage some businesses from switching to the Cloud. All the more so as organizations involved in specific lines of business — such as healthcare — have to comply with more stringent regulations.
Today, most Cloud services providers are compliance-ready. Just like with data security, it is mission-critical for them to provide applications that meet the legal requirements of GDPR, HIPAA, and so forth.
At Sciforma, we comply with all applicable laws, rules and regulations for each datacenter located in the subsidiary countries in which we operate, including the US, France, Germany, the United Kingdom, Japan, and Australia. We commit to store and process customer data only in the region selected by the customer.
In addition to offering automatic upgrades, SaaS deployments can scale computing resources up or down instantly to meet your business needs.
The Sciforma product development teams adopt sophisticated application architecture solutions, available only on the cloud to optimize application performance. For example, Cloud Operations teams can quickly adapt the infrastructure to meet your system demands ensuring that system performance is managed and delivered consistently.
This level of capacity flexibility is not possible in on-premise deployments and leads to the expensive alternative of peak-performance provisioning.
Finally, Cloud solutions are also designed to allow administrators to configure advanced functionality on the fly as needs grow and mature (i.e., no need for professional service interventions).
All things considered, the arguments that discourage businesses and enterprises from adopting cloud-based solutions don’t really stand the test of reality. Far from being a high-risk venture, a move to the Cloud actually helps businesses to better control their IT risk. SaaS solutions provide all kinds of performance, security and compliance guarantees while allowing businesses to focus on what they do best.
So it may be time to revisit the reasons why you haven’t moved to the Cloud yet — and choose again?
Please reach out with any question or concern you may have about your migration to the Cloud. I’ll be happy to help.
Other articles about PPM optimization:
- What is the role of a Project Management Office?
- What is a PPM tool?
- Simple ways to handle a complex portfolio