As companies continue to include the cloud in their overall IT initiatives – taking advantage of elasticity, scalability, interoperability and mobility – concerns around management, governance and control of data are preventing some organizations from fully embracing cloud services.
In fact, according to the recent Ponemon cloud survey, over 30% of IT and compliance respondents claim that concerns about data security have kept their organization from adopting cloud services…. And approximately half place a high priority on security when evaluating cloud providers.
For many, the benefits and the desire to migrate to the cloud in organizations seem to outweigh the security concerns.
That being said, every company’s risk tolerance is different. Some of the variables in play that impact risk tolerance certainly include the type of information being moved and stored in the cloud, the industry (and associated compliance requirements) and of not only the company but also its business partners, as well as the specific security measures provided (or not provided) by cloud providers they are considering.
Not all cloud services are created equal. There are absolutely great differences in the measures different providers have taken to protect information they process and store in the cloud. A few security considerations include authentication and authorization as well as protecting data not only while it’s in transit to the cloud, but also while it remains there.
It’s no secret that more and more companies are turning to the cloud to benefit from all that it has to offer. Subscribing to a cloud service can offer conveniences over deploying software on-premises, including faster deployment, budgeting flexibility, built-in elasticity, near-perfect uptime and it can be significantly less taxing on IT resources.
Managed File Transfer (MFT) is certainly not being left behind in this cloud revolution. According to Gartner, adoption of MFT Cloud Services is growing rapidly and now accounts for approximately 10% of the overall MFT market. While both on-premises and cloud markets will continue to grow about 20% annually, cloud services will become a bigger piece of the MFT pie.
Here’s a nifty graph from the Ponemon Institute’s recently published “The Security of Cloud Infrastructure” report summarizing key cloud drivers from the perspective of both IT/Security and Compliance respondents. Interesting to see that many people believe that cloud services will provide improved security and compliance efforts over doing it themselves on-premises with their resource.
So, how do you feel about cloud security? Are you comfortable with your organization’s data being moved into the cloud?? What cloud security measures would make you feel better???
Over the last few weeks, we’ve been putting the final touches on our next generation of services that will be delivered via the cloud. As with any product or service release, there comes a fair amount of planning including ensuring that one has the best site into competitors, forecast and of course customers. We’ve worked closely with industry analysts, our end-users and prospects and our own internal resources to best understand how and where we should position our cloud services. In presentation after presentation and in conversation after conversation, we were presented market slides showing the enormous growth and opportunity within the overall software as a service (SaaS) markets. The natural reaction is to get excited about all the money we can make in this space; before we did, I issued a strong warning to our team:
“In very much the same way that software is analogous to infrastructure, software as a service is not analogous to infrastructure as a service. That includes integration as a service. The profile of the consumer of SaaS will more than likely expect that things like integration, interoperability, transformation and governance will be part of the service subscription.”
In a nutshell what I was saying was… do not look at forecasts for SaaS and assume that the opportunities for IaaS follow the same trends. If users create content by using services that are delivered via the cloud, they have a reasonable expectation that this content can be shared with other services delivered via the cloud (not necessarily by the same vendor). For example, creating content via salesforce.com and sharing that content with gooddata.com should be as simple as granting the necessary permissions. After all, my Facebook, Twitter and Google+ information is shared by clicking a few buttons. Make no mistake, integration and interoperability are nontrivial, but part of the expectation of using cloud services is that the consumer is shielded from these complexities. As more and more cloud service platforms and providers build in integration and governance technologies the need for a separate IaaS provider will likely diminish.
Don’t get me wrong, I still believe that there is a place for technologies such as managed file transfer and business-to-business integration and collaboration; I definitely believe that Ipswitch will play a significant role in the evolution of those markets. Expect the role of Ipswitch to be evolve as well; not only will we provide the best mechanisms for moving content of any size but we will also govern (or let you govern) that movement and the entire experience around it. This is the centerpiece of Ipswitch’s Cloud strategy.
I’ve been asked at least a dozen times over the last month “What are the benefits of a cloud-based hosted subscription versus an on-premises software deployment?”.
“Though this be madness, yet there is method in’t.” ~ Hamlet
There are many benefits of going SaaS, just like there are benefits of deploying on-premises. It all comes down to the problems you are trying to solve, budgeting preferences, and IT resource availability and expertise. Here are some benefits of going the hosted route.
- Fast and easy deployment: SaaS solutions are often available instantly, providing an amazingly fast time-to-value. You don’t need to install any software/hardware yourself and there are no complicated firewall or security configurations to work through.
- Budgeting flexibility & lower up front cost: Hosted subscriptions are treated as an “operating expense” with no capital investment spent on software/hardware. Pay-as-you-go subscription plans often lead to quicker purchase decisions because there is no need to get CapEx budget sign-off.
- Less taxing on your IT resources: SaaS solutions require significantly less effort to deploy and maintain. There are no ongoing software upgrades, patches or backups for you to worry about, and no complex security/compliance configurations to be responsible for internally. Plus, there is no underlying infrastructure to assemble and maintain.
- Built-in scalability: The elasticity and high bandwidth of SaaS solutions easily handles spikes in usage and grows as organizational needs expand.
- Near perfect uptime: Hosted services are often run in a highly available, load-balanced, automatic failover configuration to ensure even the strictest network and application uptime requirements and SLAs are met.
I’d like to also quickly mention that we’ve had numerous customers initially deploy our MOVEit DMZ Hosted Service as a way to get their Managed File Transfer solution up and running quickly, while they continue to work towards an on-premises deployment.
The growth of SaaS can’t be denied…. The question is, whether ’tis SaaS right for your organization?
The SaaS web-based application delivery model provides corporations with hosted set of business centric applications without a need to purchase, maintain or customize the application to fit their unique needs.
Many organizations have adopted this model for sales, procurement, CRM and human resources applications for example. Unlike the traditional software acquisition model, where a corporation invests in an application and is required to build the infrastructure to support the application, SaaS requires negligible upfront investment beyond user training. Application maintenance, upgrades and development are the SaaS provider’s responsibility. This is a very attractive value model for many companies.
When SaaS web-based applications are being evaluated and purchased by a corporation, the IT and network management functions are usually not included in the planning, evaluation and decision process, as IT is perceived as a roadblock. Most frequently, this effort is driven by the business unit or department accessing the application.
This lack of cooperation can cause problems to IT and network management after the application is brought on-line. IT and network management discover the application is deployed and being accessed after the fact. Usually when users contact IT or network management to complain about application performance as the application is bandwidth intensive or existing network infrastructure is near capacity. Another factor to consider is since all SaaS based applications are connected through the Internet outside of the managed corporate network infrastructure, they are subject to any number of issues including forwarding delays, connection reliability and traffic contention.
Business units evaluating SaaS as an option need to include IT and network management to allow for resource planning and monitoring of end-to-end SaaS specific application traffic to ensure that availability and performance expectations are achieved.