A question that every company must ask itself is: What solution do I use to store data and provide applications?
There are basically two different possibilities for this:
A solution that runs on-premises, or a product hosted in the cloud. Where exactly the difference lies and which advantages and disadvantages are related to the two options, we will discuss in this newsletter.
What is an on-premises solution?
In an on-premises solution (on-prem), the software runs – as mentioned – on the local servers of a company. These can, for example, be located in a secure data center or in their own offices. Thus, the entire IT infrastructure is managed on own devices. This has various advantages and disadvantages. If the required installations run on company-owned servers, the company retains comprehensive control over hardware and software and thus also over its data. However, this also means that internal resources are required to be able to solve emerging technical problems independently and promptly, by professionally trained staff.
A big advantage is the clarity of where the server stands. Thus, the storage location of the data is also clearly defined. This facilitates compliance with the data protection guidelines. An on-prem solution also makes it possible to use all applications and data without an Internet connection. However, if you work outside the company, for example in the home office, a VPN connection is required, which usually runs over the Internet.
One of the main disadvantages of on-prem installations is that the purchase of the hardware, the operation of the systems and their maintenance are associated with relatively high costs. A company must be able to raise the appropriate cash. This is often not possible, especially for small companies or startups, which is why they often resort to the second option – a cloud solution!
What is a cloud solution?
For cloud installations, the software runs on the servers of the providers. The hosting is quasi-sourced, which means that the cloud provider takes care of the availability of the systems, the provision of other storage capacities, for example, and the maintenance of the servers. The data are made available via the Internet. This has the advantage that you can access the data and systems from any place with Internet access. At the same time, however, said procedure also represents a vulnerability if problems occur during the Internet connection and no alternative access is available or if the performance of the Internet connection is poor.
However, this solution also offers the greatest possible flexibility, since it can be adapted flexibly and individually. In this way, the responsible employees can ensure that the provider automatically increases and reduces the provided storage space or CPU capacities as required. This ensures high performance without unnecessary costs. Another big plus is the implementation costs. Because these are significantly lower than with an on-prem solution and thus easy to handle, especially for small or newly founded companies. In addition, there are no costs for maintenance and expenses associated with establishing your own support or hiring a third-party provider. However, the costs remain in the long term, as the cloud, unlike the purchased hardware, never goes into own ownership.
Another big topic: the storage of all data with a third-party provider. This presents challenges in terms of data protection. It must be ensured that only data leaves the company's network, where it does not matter if it is lost. In practice, the motto always applies: "All data exported to the cloud is no longer your own." After all, no one knows exactly what a cloud provider could do with the data. There are certainly trustworthy providers in this context, but since the legal and political framework conditions are constantly changing, organizations of all kinds should keep their business-critical information in-house if possible. In any case, it is a constant process to clarify the legal requirements and always adapt the data protection guidelines to the current circumstances.
In this context, it is also important to know that most cloud offerings have a "shared responsibility" model in terms of data security. This means that the cloud provider and its customer share the steps required to realize the necessary level of data security. Usually, the provider takes care of the physical security of the data centers and secures the underlying systems, such as hypervisors or operating systems that run on rented servers. Depending on the offer, it is then the task of the customer to protect the IT components running on it, for example to patch operating systems in virtual machines or to keep applications such as web servers up to date. The protection of data, for example through the backup of databases, also falls into this area. Some providers of cloud environments take over these tasks – for a fee – partially or completely, but by far not all. Many customers do not know this, which can lead to catastrophic results. It is therefore always important to have the local know-how and resources to solve the tasks related to data security.
Conclusion
In summary, a cloud solution has more agility, reliability and cost efficiency than the on-prem approach. This is why the majority of companies today use the cloud solution. But which solution is the right one for your company must be considered and evaluated individually. In most cases, it would make sense to drive a hybrid strategy and use on-prem solutions that work with critical and particularly protective data, and gradually move the rest to the cloud. We are always at your disposal when selecting the right strategy – it is best to contact us today.
Warm greetings
Your TWINSOFT
Author: Dr. Götz Gütich, Senior IT Security Advisor, TWINSOFT
