Why You Won't Sacrifice Security for Scalability in a Public Cloud

According to Q3 data from Synergy Research Group, Amazon Web Services (AWS), Microsoft, IBM and Google "together account for more than half of worldwide cloud infrastructure service revenues." AWS leads the pack of well-established public cloud providers with over 30% of market share. Clearly, the public cloud approach is becoming increasingly popular with MSPs today. Why are more of your peers pivoting to this newer model? These clouds help IT solutions providers scale and grow their businesses. That's the easy sell, but what about security in a public cloud? Is there a trade off? 

Faster Deployment Speed Helps MSPs Scale Client Demands

One of the central arguments for the public cloud advantage is ultimately that it changes the pricing model to be more flexible and cost-efficient for an MSP's needs. In a public cloud, you receive the manpower and storage capacity of the provider you work with.


First, let's consider the manpower element. In a private cloud, you are solely responsible for ensuring the client data you back up is securely stored and properly maintained. Your own staff has to manage all of your data security, redundancy and retention policies and procedures. Is this the best use of their time? Especially for smaller IT business operations, you may need all of the help you can get to handle the influx of customer requests, while still building strong relationships with clients and having enough staff to support new customers acquired.

Capacity Planning

Your business can't grow and survive without stellar service delivery, but it takes more than having enough labor capital to achieve this. You need to have the resources to guarantee enough storage space for current and future client data. Public clouds offer on-demand data storage, meaning MSPs have the flexibility to add and drop capacity on an as-needed basis. This provides greater elasticity than private clouds, in which you're limited to the space you forecast you'll need when you buy capital upfront. 

Influence on Customer Retention

Having a designated team own capacity planning as storage requirements ebb and flow certainly helps an MSP and staff manage spikes in demand, but what about the customer experience? We want what we want when we want it. Let's say you've just taken on a new client and you're using a private cloud solution. If you didn't properly predict how much storage you'd need to store all of your clients' backed up data because maybe you got hit with an unplanned, huge project from another client, you wouldn't be able to deploy that new client's data until you bought and set up the additional hardware and infrastructure needed to support it. That's not only larger, unpredictable costs and time expenditures you have to account for, but it's slower service delivery for incoming clients. They may churn and switch to one of your competitors who can give them what they need when they need it. You may even fail to close clients with a private cloud because you can't ensure their backed up data will be stored as fast as with alternative solutions.

With public cloud providers, however, you pay only for what you use so if you run out of capacity, you can buy more space and your third party team takes it from there. With private clouds, you never want to reach maximum capacity because it prevents you from scaling future growth. When you leverage a public cloud solution, this isn't a concern. You don't have to worry about investing in more capital or fretting about the time it takes for a new server to ship and for your tech to configure it. Your public cloud provider can just reallocate storage from existing servers in their data center, without any labor on your part. This is why public clouds offer faster, more reliable deployment speed of client data.


The Switch from Capex to Opex is More Manageable


The other way the public cloud model eases the burden for MSPs is by switching capital expenditures (capex) to operational expenditures (opex). In layman's terms, this just means there isn't as steep of an upfront cost for you. You don't have to build and fund an entire data center, for instance. You pay as you go and grow. Applying our earlier scenario of needing more storage space for a new client, you'd simply purchase additional space from your public cloud provider and then pass that cost down to your clients. You'd get the bill for how much that extra storage costs and would charge in a way that would yield higher margins. Because you can adjust capacity at a fixed price as you go along, the public cloud model allows for smoother, more predictable costs.

Less Risky, More Cost-Efficient

Again, what if a client churns or decides they don't want to do business with you, after all? Under the private cloud capex approach, it'd be a lot harder for you to compensate for that loss of revenue since you already would have spent a hefty sum for your data storage environment and hardware all at once. Now, with public clouds, if you lose that client, you can just reallocate their storage space or get rid of it, all together. That's a less risky and much more cost-efficient program since you can break even or gain a profit significantly faster. Cash flow isn't as volatile. 


What about Security in the Public Cloud?

The scalability argument is often the most recited advantage of the public cloud approach, and hopefully the brief explanation above has shown you why it's a compelling pull factor. That being said, it's a gross - and sadly, a popular - misconception that MSPs have to forego data security in the public cloud. We've already blogged about this extensively so I suggest you check out the following recent posts for a deeper dive:

Security Enforcement Squad

Understandably, giving up control of your data storage environment concerns many IT solutions providers. As this ZDnet article points out, however, trusted and established cloud providers like Amazon Web Services (AWS) and IBM Softlayer "seek out the top security experts, will pay them top dollar, and treat them as the most important part of their businesses." In short, your data is in good hands. It's these professionals' jobs to protect it from outside threats and compromises. They act as an extension of your IT staff, a team that may not have the bandwidth or skillset to regularly test backups and refine policies and procedures so as to determine whether your data is safe or not.

Data Redundancy and Access Control

Another security advantage of large public cloud providers is the built-in layer of data redundancy that comes with replicated data being stored in multiple data centers. Yes, public clouds were designed to be multi-tenant, but just because data is more easily available, does not mean it's automatically accessible. Even private clouds become susceptible to attack when the wrong people have access to the right credentials. User privileges can be controlled in public clouds. On top of the strict security standards like external firewalls, denial of service (DOS) detection and protection capabilities that public cloud providers offer, the right backup and disaster recovery (BDR) solution can restrict data access with an encryption key that only the MSP can use.

Compliance Requirements 

Those of you who must remain HIPAA and PCI-compliant should take comfort in the fact that private clouds are no longer mandatory compliance regulations. Public cloud adoption is increasingly becoming more common. In fact, this Logicworks blog post claims that usage of AWS's public cloud by "the largest and most complex healthcare and financial institutions is a indication of the degree to which AWS ensures compliance and security in the cloud." The same can be said for other large and well-known names like IBM Softlayer. 

You should now have a greater appreciation for the benefits of a public cloud backup solution versus its private counterpart. It's pretty universally accepted that the pay-as-you-go model is more scalable to fluctuations in client data demands, but it's long been questioned whether the public cloud can keep clients' highly sensitive data secure. In writing this post, backing it with industry findings and sharing additional content we've created, I hope I've dispelled this fear and presented evidence that in many cases, public cloud resources provide more robust and resilient data redundancy and security, making it the smarter cloud storage option for MSPs.