We regularly get asked by our customers, mostly healthcare organizations working with Protected Health Information (PHI), which public cloud platform we would recommend for their business. It's a loaded question that needs a thoughtful and nuanced answer. Let's start with some high level cloud concepts.
Cloud Delivery Models - IaaS, PaaS, SaaS
Infrastructure-as-a-Service (IaaS) - is an instant computing infrastructure, virtual networks combined with virtual machines, provisioned and managed over the Internet. Quickly scale up and down with demand, and pay only for what you use. IaaS is targeted towards technical operations teams. In my opinion, every organization, healthcare or otherwise, should evaluate what parts of their infrastructure would benefit from the flexibility of IaaS. You could start with your development and test environments which can be turned off when not in use, thereby helping reduce cost.
Platform-as-a-Service (PaaS) - is a scalable, redundant, and server-less platform in the cloud, such as a database in the cloud, a message queue in the cloud, an elastic storage in the cloud, etc. PaaS services are meant for software developers and liberate them from having to worry about back-end plumbing. If your organization develops software, whether for internal or external use, you owe it to yourself to look at PaaS services. Be aware, that use of a PaaS service would generally require some bit of redesign of your existing software, but I can't understate the operational benefits of PaaS - think built-in geo-redundancy and a lot more!
Software-as-a-Service (SaaS) - is a software app in the cloud, such as Office365, Salesforce, even Facebook and Twitter. SaaS services are generally used by end-users. If you are a typical healthcare organization, you are probably already using some SaaS solutions. Office365 and Salesforce are fairly ubiquitous.
Cloud Deployment Models - Private vs Public vs Hybrid
In a private cloud, the services and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to your organization. Advantages of a private cloud generally are higher flexibility, improved security, and high scalability. If you run your own data center, or rent a cage in a co-lo facility, consider that as your private cloud -- cloud purists would probably cringe at that suggestion -- but you are not that far off.
In a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. In a public cloud, you generally share hardware, storage, and network devices with other organizations or cloud “tenants”. Advantages of a public cloud include lower costs, no maintenance, near-unlimited scalability, and high reliability. Microsoft Azure and Amazon AWS are the two leading players in the public cloud market. It's important to point out that, public here doesn't mean your data is "public", or that your assets are not segregated and protected from the rest of the tenants sharing the same cloud. The word public in public cloud means that such a cloud is open for anyone who wants to rent resources from it. The cloud provider is responsible for putting security boundaries in place to make sure that the tenants are separated and protected from each other.
Hybrid clouds bridge on-premises infrastructure, or private clouds, with public clouds so organizations can reap the advantages of both. This is a heavily favored model for most of our customers that have an existing private data center infrastructure. The advantages of hybrid deployment models include better control, higher flexibility, cost-effectiveness, and ease of transition. I recommend a carefully considered phased migration plan to move some or all of the assets to a public cloud. This allows for the organizational change (personnel training, reorganization, and cultural change) required to implement a cloud strategy.
That's it for now! Let's continue the conversation in the next post.
- Mrinal Bhasker