Deciding between Cloud Hosting and On-Premise Solutions
Those that work with me know that I’m pretty adamant about not having servers in all but the largest organizations. This stems from the fact that servers have become sort-of a lemming in our world – we open an office, we need a server, or at least that’s what we think sometimes. But it’s really not the case – there are reasons when a server makes sense, but in my world they are few and limited. Servers are costly to acquire, can be costly to maintain, and costly to back up properly (properly is the key word here.) On-premise servers also make it more difficult to operate in the virtual space – in other words, to access most information contained on a server, you need to be within the same local area network – otherwise you have to implement elaborate VPN systems, or other ways to get into your network from the outside world. And if the application that you are serving from your location is mission critical, then the next question is, is your office internet connection fail safe? If the answer is NO, then it might be time to consider moving some of that to the cloud.
What really is The Cloud?
We’ve had “The Cloud” for quite some time now, although the buzzword is just a few years old. The internet was often referred to as a cloud on charts and in diagrams, since as far back as I can remember – and in loose terms, refers to applications and data that are delivered to you vis server farms that have only an internet presence. The major shift that has occurred in the internet (among many) is that due to increases in computing power, internet bandwidth, web browser capability, and other factors, the existence of web based applications ( or “software as a service”) has expanded to encompass just about every area that you can imagine an installed “on premise” application being used for. In the church world, everything from document creation, constituent management, and even children’s check-in can be handled with cloud based applications
So what’s the benefit?
Let’s take one of the most common applications that is still run “on premise” in many organizations (and is the reason that these organizations will still have a server) – the organization’s accounting package. Often, this is a client-server application setup so that it can be accessed by several different users at the same time. It’s fairly mission critical data in most cases, and so let’s assume that a proper backup procedure is in place, with offsite storage, etc (cost.) The server hardware does not have to be overly powerful, but it may be performing other operations around the office, like domain login, print serving, and even internet routing. In order to function at an acceptable level, the server most likely is refreshed with new hardware every 3-4 years (cost.) To maintain data integrity, the server needs to be connected to a UPS (battery backup) and those batteries need to be replaced every 2-3 years (cost). The server and the accounting software have frequent updates and security patches that need to be applied (cost.) The server upgrades can not be implemented until it is verified that the accounting software us compatible with the Operating System updates (cost.) The list could continue to grow, but I believe you get the idea. If you were to do the best, most high quality job of security, backups, and disaster preparedness – your best support effort will pale in comparison to the support and disaster-preparadness efforts of major hosting providers. Unless you are a professional SysAdmin, they will surpass you in skill, resources (probably 24/7) quality of hardware (servers, firewalls, etc) and quality of software (enterprise supported versions of Operating Systems, etc.) So the number one benefit is essentially that a quality hosting provider will do better at just about every aspect of maintaing the server environment than you. And if you are doing a great job in that area already, it’s costing you a lot more time and/or money than it costs them to do the same, because they have the benefit of basic economics – Economies of Scale. If this is all working for you, great! Don’t change just to change – but at least evaluate the way you are doing things now using some of the thoughts on the rest of this page – and then, if you still feel good about your solution, by all means, stay with it!
…what about the drawbacks?
Let me just cut to the chase and say that in most every case, the benefits far outweigh the costs for the type of organizations I support. But to be fair,. there are drawbacks. There are security risks – and thanks to the media, most of the instances that we hear about are blown somewhat out of proportion, and are also targeted at large organizations who store credit card numbers. Chances are, your church does not store CC info within your application (especially with all of the rules surrounding PCI compliance – and if you do, we need to talk quick – you are very liable) and so is generally not worth the time for a hacker to invest in hacking your system, as the prize would be minimal. There are those hackers that like to hack just for the challenge, and in that case defacing your web site might be all that they leave behind. Or perhaps your mail accounts get used as a spam source. And all of these things are recoverable.
But let’s put that into perspective
The chances of a hacker getting through your small firewall that you bought at the office supply store and doing damage to your systems, is far more likely than a hacker breaking their way through the enterprise firewall at your hosting provider. Also don’t forget the largest and most overlooked risk that I’m aware of – theft and disaster. If someone breaks into your office, or heaven forbid, a fire breaks out – let’s be honest – most of you have your backup drives plugged in and sitting right next to your server. Those can all be stolen or damaged in case of a fire, and there goes your data. I think this is one of the most overlooked areas when folks consider how safe the data is on their own on-premise server. It’s similar to people who refuse to use their credit card online, but will go to a restaurant, and allow the server to take their card out of sight (where imprints can be taken and numbers copied down.) You have to consider all sides of the security equation in order to make a judgement.
But We’re Different
Perhaps you feel that your organization is unique – and requires a very specialized solution. Im going to hit this one dead on – in many cases, this answer is really a cover up for someone saying “we’re scared to death to change…” Sure, there are cases where the online accounting software may not have a feature that you use currently in your on-premise package. But here’s how I recommend you evaluate that feature: Ask yourself if that feature is key what makes your organization unique at what you do – and without it, you would not be able to do what you do, better than any other organization. If the answer to that is not a solid yes, then what you are likely dealing with is a feature that your organization got used to – and in many cases, built a process around. The good news is that processes can be re-engineered! The more you realize that, especially operationally, your organization is similar to the hundreds of thousands of other organizations out there, the more you can consider alternative solutions. If a hosted software solution works for those other organizations, it most likely will work for you – you might just have to think a little differently than you have for the last 100 years But it’s worth it – moving to cloud solutions gets the disaster recovery off of your back, and into the hands of organizations much better equipped than you. And it get’s you one step closer to retiring that server back in your IT closet.
What about Hybrids?
No, I’m not talking about a Toyota Prius! If we take one step back away from Software as a Service (Saas -like an online accounting solution) then we have what we can call self hosted solutions – these are things like web sites, file sharing, and even VoIP phone solutions – things that are applications that you own, but run on a professional hosting environment.
Generally I shy away from anything that depends on a single individual in your organization’s knowledge (like the SysAdmin volunteer at your church.) Organizations change, and people fall in and out of favor, and it is rare that this ends well over time. I prefer that your apps are supported by organizations who make their livelihood by keeping that solution alive, rather than the singular volunteer that runs IT for the FBI who has graciously volunteered to hand-code a web site for you.
There are some areas where I break that general rule, but I don’t do so without careful consideration. For example, I help organizations implement VoIP PBX systems in the cloud. They are hosted by companies who specialize in hosting PBX systems, but at the end of the day, I am responsible for the content and functionality. And being that it is open source (community written) the community is where the support comes from. But in this case empirical experience overrides, and I can say that properly configured VoIP systems are as maintenance free as a software solution can be. I also run my own mail collaboration server, and provide that service free to my clients. Third, I have a web hosting infrastructure, that I also provide free of charge to my ongoing clients, that meets similar metrics for being extremely low maintenance.
For all of these hybrid solutions, you need to consider the acid test. If something happens and the system goes down, can you function for a day without it. If not, then you should probably consider a SaaS solution – but be sure to analyze the question fairly – and don’t answer it based on the fact that an outage would be an inconvenience. If you do, you will be paying a lot of money each month for convenience.
In the case of the VoIP system, my clients tell me that everyone has a cell phone, and that if the phones go down, their major concern would just be that incoming calls go somewhere that they can be answered – so we put in safety measures for that specific situation. In the case of e-mail servers, we have a similar way for incoming mail to be “caught” should the server not be able to receive mail. Just be willing to dissect what you need out of a given service, and you can get laser focused on how you create your “just in case” plans – you stand to save a lot of money over just running toward a SaaS provider – and – it’s just good stewardship. In the case of VoIP – an entire self-hosted system can be had for less than the cost of two subscribed lines from a reputable SaaS VoIP provider.
If you answered,”YES we can tolerate a day’s outage,” then you have an opportunity to save a bunch of ongoing cost. In the case of VoIP PBX, I can rebuild any one of my client’s phone systems in about a day, should something bad happen. e-mail and web have several levels of backup, and are hosted by top tier providers. The web infrastructure has a control panel that has a separate level of support from that vendor. All in all, I’m clear up front to my clients that I am not a 24/7 sysadmin, but in 5+ years of operating the infrastructure, I’ve not had that be an issue. It’s all about weighing the risk, and everything has some sort of inherent risk. It’s up to you and your organization to weigh the costs against the benefits. And in many cases, a hybrid solution may be just the thing for your organization.
If I can help you weigh out the risks for your organization in these areas, please send me a note. The sending of an e-mail is free, and in the case of my response, most of the time it’s free as well I simply want to see your organization win, and be good stewards. That comes out of spending money on the right solution for your needs – which is not always the obvious one.