What is the best way to host your business software and data efficiently, while also building a strong infrastructure for innovation? That may be a loaded question. We have a lot more options today than we did twenty years ago, and all those opportunities sometimes create paralysis by analysis as companies weigh the possibilities.
In addition to the technology capabilities we need today, we also have to consider what we expect our systems to do in the future. We’re only beginning to understand how some of the innovations we’re developing right now will change our workplaces in ten or fifteen (or more) years. So how can you possibly consider all the contingencies that may affect your choice of a hosting service?
We recommend starting with a solid hosting foundation that can support both current and future innovation. That means putting the right data structure in place, keeping your software systems up to date for security and mutual support, and making sure you have the bandwidth available to keep everything running smoothly.
As part of this process, you’ll need to make some decisions about hosting for your business software.
On-Site Vs. Cloud Hosting: Pros and Cons
Cloud hosting has grown in popularity over the past decade, and Gartner predicts that by 2025, 55% of all large enterprises will operate in the cloud. Still, on-premise hosting also offers some key benefits that make it an attractive option for some companies.
Let’s take a look at the pros and cons.
With on-site hosting (also called on-premisis, or on-prem), you purchase and maintain all of the hardware and equipment yourself. You keep all of your data in-house, without storing it on the web, and you operate within a private network. That gives you more control over the security of sensitive information, because no one can get it without someone opening the door.
On-site hosting minimizes security risks, which is especially important for industries like healthcare and finance that have stringent compliance requirements. (More on this later.) Hosting your software on-site also makes it easier to ensure compatibility with other internal systems since you have more control over the environment.
On the negative side, on-site hosting requires a significant resource investment up front. You have to purchase all of the hardware and equipment, hire IT staff to maintain it, and have enough space to house it. You will also need to invest in maintenance over time, which can get expensive, and you will be locked into the technology as of your purchase date, which means you could end up with antiquated hardware at any time. And if a catastrophic event hits your office, it will affect your software and data along with your business.
Pros: Data security, compatibility with internal systems
Cons: Space, large up-front costs, maintenance, antiquated equipment
Cloud hosting services are shared environments that reside online. A third-party provider—Amazon Web Services (AWS) is most popular—offers hosting as a managed service, and that means customers share server space with a number of other clients. The drawback to the shared server model is that your bandwidth may vary during peak usage times. There are a couple of ways around this. Here are two of the most common:
Dedicated Bandwidth: With dedicated bandwidth, you pay for a specific bandwidth that is dedicated to your systems. You never have to worry that you won’t have sufficient resources, because you have paid for the full bandwidth you need to be available at all times. The drawback is that you may pay for more than you need during periods of low activity, and if you ever need more bandwidth, you will have to buy it.
Burstable Bandwidth: Burstable bandwidth means that you pay for a specified minimum bandwidth, with the option to “burst” up to a higher amount as needed. Burstable bandwidth is usually billed per megabit that you use over your stipulated minimum. The drawback is that you may end up paying more than expected if your usage needs are higher than normal. But this is a solid option to deal for businesses that have cyclical bandwidth needs.
Cloud hosting is usually less expensive initially than on-site hosting since you don’t have to purchase the equipment up front. Instead, you’ll pay a monthly service fee that falls under operating expenses, freeing up your capital for other projects. You also benefit from best-of-breed technology capabilities, regular updates, scalability, and ease of access (a benefit that is especially helpful if you have a lot of remote employees).
There are still concerns about the security risks of operating in the cloud, especially for companies that maintain a lot of sensitive data. Regulatory compliance issues may also present hurdles with some cloud-based service providers, so if you choose this option you need to pay special care to follow (and demonstrate) every step of the compliance chain.
Pros: Cost savings, scalability, maintenance, ease of access
Cons: Security concerns, compliance issues
For some companies, a hybrid model that includes both on-site and cloud elements may be the best option, especially if you plan to transition to cloud but need an interim migration period. In some cases you may lease a hybrid server rather than purchasing, and you be able to customize to a greater degree than you could with a strictly cloud-based model.
What You Need to Know Before Choosing a Hosting Service
Before you make a decision about your hosting service, you’ll want to examine the unique needs of your organization as well as any industry-specific challenges that might arise. Here are some key things to consider:
On-site hosting requires a large initial investment, while cloud-based hosting defers payment over time in the form of a monthly service fee. In the end, they often require approximately the same amount of money, as long as the on-site hardware you purchased does not become antiquated. One note: the on-site cost is usually considered a capital expense while the monthly cloud service fee is considered an operating expense.
Security is a top concern for every business, and it’s the reason some still prefer on-site hosting as compared with cloud servers. However, cloud security has made significant strides. Reputable providers invest heavily in risk prevention, security monitoring, and vulnerability management.
Operating in the cloud does carry some inherent risk, but internal security practices are often to blame when it comes to compromised data. For example, companies can vastly reduce their security risks by implementing strong password requirements and training employees about how to operate securely in a cloud environment. No matter how locked off your on-site hosting is, an employee who clicks a phishing link can still put you at risk. So you need to stay vigilant no matter what approach you choose.
Certain industries have rigorous compliance requirements designed to protect sensitive data such as financial or health information. This isn’t just about hosting, so evaluate your current best practices as well as the way employees actually do their jobs. Then, as you evaluate cloud hosting providers, look carefully at their strategies for traceability, managing data protection, and incident response, especially with regard to compliance requirements like the following:
HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) designates strict safeguards for personal information, including technical, physical, and administrative policies. Not all cloud providers meet these requirements, so it’s vital to take a close look at the security protocols within the service itself. You should also consider administrative protections on the part of the provider and within your own usage policies.
PCI: Payment Card Industry (PCI) standards for data security include regulations for firewalls, passwords, data storage, encryption, system security and more. These measures seek to prevent data breaches and protect cardholder data during transactions. You may need to create different policies for data stored in the cloud as compared with on-site storage, even for processes as simple as data entry. It’s also important to evaluate password requirements, data transmission, and storage. But you need policies across the board, and remember that compliant hosting can’t cover up dangerous employee practices.
GDPR: Europe’s General Data Protection Regulation impacts companies that do business in European countries or have customers who live in those countries. Again, make sure you understand how the cloud solution stores and transmits data and be sure it is used only for stated, compliant purposes. Research which apps meet GDPR security standards and be sure you can erase data from the app if you terminate service.
As mentioned above, space is sometimes a concern for companies considering on-site servers. If you have limited space and resources, a cloud solution may offer you the flexibility you need to manage your data without eating up too much physical space or requiring additional storage facilities.
If you maintain your own on-site servers, you will need an extensive disaster recovery plan in the event that the main system goes down. Cloud-based solutions include disaster recovery in your service costs, which is an attractive feature for many companies. If you do choose to maintain on-site servers, consider backing up your data in the cloud to maintain space and cost efficiency.
As you consider your options, keep in mind that meeting technology, security, and compliance standards now will prepare you for ongoing innovation. Hosting is part of the infrastructure you need to put in place as you build a digital innovation framework that will carry your company into the future.