“While with on premise software every customer has a different problem, with cloud all have the same”.
I posted this on Twitter a couple of days ago in the shade of repeated cloud availability or security issues ranging from Cloudflare over Amazon to Microsoft Skype. It depicts one critical aspect about cloud computing – centralization. Of course, cloud in its very core IS a centralized way of providing computing power and storage. Even considering the fact that Microsoft and Amazon might have dozens of data centers around the globe. Because it appears that the dependance on too few key service providers poses a serious threat to cloud availability (think DynDNS).
It’s the availability, stupid!
On the other side we do often here arguments (in relation to our on premise incident alert notification and response solution) like “…so how do we notify people when our site goes down…”. Well, how do you notify people if the “Internet” has a problem? Obviously, it boils down to availability in this case. Many of our enterprise customers, especially in the area of critical infrastructures, tackle this problem with multiple data center sites, private networks and replication. When you go for a cloud solution you lay your fate into the hands of your provider and its ability to build a rock-solid infrastructure or to choose the right provider.
Where are my data?
Another aspect is of course data privacy. There is an enormous effort made by cloud infrastructure providers to reach very high level of data protection and security. Because they know that the lack of appropriate tools and features prevents enterprises to move sensitive data and applications to the cloud. And certainly, cloud providers have surpassed the security level of most private data centers. But where are your data? Microsoft is trying to address this with their “sovereign clouds” but is this working with all cloud solution providers?
There also might be strict regulations preventing enterprises and organizations to fully embrace cloud computing, e.g in healthcare and finance. And for instance with manufacturers, “hot data”, i.e. information about the ongoing manufacturing process, output, etc, are not wanted to make their way into the cloud.
2-way integration is easier with on premise
In relation to our solution there is an additional aspect which is systems integration. When IT or OT monitoring happens on premise, a tight 2-way and thus productive integration with an incident alerting and response solution like Enterprise Alert requires it to be installed on premise, too. Mostly, due to security reasons (DMZ, corporate firewall passing) but also due to data privacy reasons (employee information as an example). Dropping an email to a cloud solution to trigger an alerting process is easy. But bringing back the result, i.e. which user took over the incident handling, to your monitoring tool requires quite some effort if one solution is on premise and the other in the cloud.
Convenience and costs
But not to forget – using a cloud solution IS convenient and reduces the amount of expertise and resources needed in your organization as the solution is maintained and operated by your cloud solution provider. This makes a lot of sense for many applications and solutions.Ready-made solutions that require little customization are perfect for the cloud. Even if cloud computing is more expensive in the mid and long run.
And yes, it is also about scale. Larger organizations with bigger resources can easier work with on premise software. We do have customers who say that public cloud doesn’t make sense to them because it doesn’t scale well and is much more expensive than running their own private “cloud”.
Conclusions
The question if to use a cloud solution for incident alerting and response depends on various factors and is specific to the very nature of your business and operational model. “Born-in-the-cloud” businesses have no reason at all to not go with a cloud solution for critical alerting and incident response. Companies and organizations that are subject to special regulations have all the reasons (or at least one primary) to use an on-premise solution. And for all others it is somewhere in between and depends on factors like data privacy, size of the organization, the question where IT/OT monitoring is happening, the overall ability to ensure IT and network availability and certainly the capabilities and needed effort to maintain and operate an own incident alerting and response solution.
More to read on this topic here
With Enterprise Alert, Derdack provides a highly customizable, platform-like on premise solution with low maintenance requirements.