Security, Applications & Cost: Key Considerations for Hybrid Cloud Evaluation
In Part 1 of our hybrid cloud whitepaper excerpt, we reviewed the primary benefits to public, private & hybrid cloud infrastructures, and reviewed a number of considerations including service & support, availability and uptime, and proximity. In Part 2 below, we dive into additional factors to contemplate, specifically: security, application hosting and cost. Remember, to download the full whitepaper, Is Hybrid Cloud Right For Your Firm?, click here.
While your public cloud provider may provide world-class security for its services, your company is still on the hook for certifying all aspects of information security. For compliance-driven businesses, there are still countless vulnerabilities and exposures that public clouds often fail to address. Advancing security features such as multi-factor authentication, targeted attack protection and managed phishing simulations are gaining traction among private/hybrid cloud users who benefit from their providers’ extensive managed security services.
Multi-factor authentication requires at least two authenticating factors to log into a system or network (e.g. strong passwords, security tokens, fingerprint scanning) and can add an additional layer of security for users across email, applications, etc.
Since email often serves as a gateway for hackers to surreptitiously penetrate networks, it’s become essential for firms to employ targeted protection tools and advanced email precautions to ward off these threats. That’s one of the many advantages a private cloud provider can bring to a firm. For example, next-generation security technology can protect private cloud users from attacks delivered through email, social media and mobile applications, prevent advanced attacks, and minimize compliance risks.
Another benefit to working with a private cloud provider – either exclusively or as part of a hybrid solution – is that many MSPs also offer their own cybersecurity training and security plan development services to complement the protections afforded in their private cloud environment. Public cloud providers, on the other hand, may have online resource libraries, but seldom offer these types of complementary security services to their clients.
Given the sensitive nature of their data, investment firms must constantly monitor and secure their network endpoints and servers. From perimeter monitoring to antivirus protection, it’s critical to have watchful eyes on your networks at all times. Public and private cloud providers have varying skills and capacities to perform this vital task. Some cloud providers leverage tools, for example, to extend the domain name system and provide an added layer of phishing protection and web filtering. Look for a cloud solution supported by a provider with the resources and expertise to extend its solution for the highest levels of security.
Financial firms rely heavily on mission-critical applications that support their daily trading operations – everything from order/execution management to portfolio accounting to investor relationship management. It’s essential that you don’t experience any unplanned downtime with these applications – or serious financial repercussions could result.
While flexible and, arguably, more cost-effective, public clouds aren’t necessarily the ideal total infrastructure for mission-critical application hosting – when availability/uptime is critical and network latency is equally vital. Also, if your firm relies on proprietary applications, beware: some public-cloud providers may be unable to support them, in which case you might be better off partnering with a private/hybrid cloud MSP that has the financial industry experience to meet your unique needs.
At first glance, public clouds can appear to present a cost-effective alternative to private (or hybrid) clouds. But firms should look for the numbers behind the upfront expenses for a truer picture of the total cost. For instance, your per user/per month private/hybrid cloud fee likely includes many of the additional features we mentioned previously (e.g. multi-factor authentication, file auditing applications, etc.). These services are typically offered ad hoc on a public cloud environment, which means your apples-to-apples cost comparison is not accurate. To incorporate advanced security features, mobile device management and market access to financial counterparties, the line item cost for the public cloud is not as far off as you’d think.
And let’s be clear – cutting corners in any area of technology, but particularly on support and maintenance, can carry a significantly higher long-term cost for firms.
The hybrid cloud, in many ways, is the happy marriage between these two options – providing more flexibility and access to public cloud features and functionality, as well the support, security and monitoring of the environment by an experienced private cloud provider – at a more reasonable monthly price point.
In the alternative investment industry, personal productivity and storage needs aren’t nearly a sufficient solution. Companies also need the accompanying services, support, maintenance, and security they find in private clouds. Adding those in an incremental fashion alongside a public cloud can create hidden expenses that outweigh initial cost advantages. Be sure to perform a proper TCO analysis as part of your evaluation and decision.
For alternative investment firms, the ultimate strategic IT decision has long revolved around the question of whether to embrace the control and professional management of a private cloud vs. the open, affordable public cloud. However, new hybrid cloud infrastructures mean that firms don’t necessarily have to make an either/or commitment.
By partnering with an experienced, industry service provider, savvy investment firms are increasingly deploying hybrid environments that provide many of the best features of public and private platforms – email and business applications coupled with industry-vertical support, service, availability/uptime, performance, security, regulatory compliance, and better overall control – with an appealing TCO profile that rivals the public cloud.