Cloud vs. On-Premise: How Do You Decide?

Patricia Clay

CIO at Hudson County Community College

Learning Objectives

Unless you have an absolute Cloud-First strategy that is well-funded, you need to make decisions about what applications and services you base in the cloud. When do you look at hybrid or SaaS solutions? During this presentation we will discuss the decision-making process, particularly in Higher Education and Non-profit institutions. What information do you need to make the decision? How are other technology leaders deciding?

Key Takeaways:

  • Cloud and On-prem solutions costs even out over a long time horizon

  • When you need full-control over data and support, you need on-prem or strong contractual arrangements

  • Each organization should have a framework for making these strategic decisions

"Do you know where your data resides? If it's a public cloud, you probably have no idea. "

Patricia Clay

CIO at Hudson County Community College


Hello, I’m Patricia Clay from Hudson County Community College. I’m going to be talking to you today about Cloud versus On-Premise: How do you decide?

Cloud and SAS are both popular options that I’m sure you’ve heard of. They both provide different benefits and challenges. Working in higher education, government, or nonprofit organizations mean that we might have different cloud strategies that you would have in a typical for profit business. There are many points to consider before you make any kind of shift. So, that’s what I’m going to talk to you about today.

First, I’m going to talk about the trends and how you get started to make your decisions. Originally, ERP or Enterprise Resource Planning services were strictly on premise, particularly in higher education. Now, SAS is growing. You may have heard of Workday if you are interested in higher education trends. There are other options, like in the Ellucian world in higher ed, colleagues SAS, and recruit also have SAS offerings. There are many other players in the market.

As you can see from these charts, we’re over 50% of workloads in public clouds today, and the data is just about 50/50. How have we been easing into it all these years? I’m sure we all have some kind of Gmail account, if not, Office 365. We have our iCloud accounts, Google Play, and the ever present YouTube for our Gen Z, kids, friends associates. Do we consider these apps business critical? I betcha your email account you do. But were they when you got started? Probably not. What are the concerns for those business critical apps?

First of all, who owns the data? Is it you or is it that SAS company? Do you have control over your environment? Can you make customizations? Can the end users in your business live without those customizations? Do I think they can live without them? Or will they be able to? Is it secure? Where does the data live? For those of us who work in public education or companies or even nonprofits, where’s the server located? I need to worry about that. Maybe you do too. What if that relationship with the cloud provider goes south? How do I get my data back? Does the vendor support you? Or do you still need to have support in house? That definitely goes into your cost benefit analysis.

So, how do you compare them? Cloud is just somebody else’s server out there, but you’re accessing it via the internet typically. There aren’t installation costs, and you won’t have increased costs for equipment or infrastructure in the future. Probably the vendor handles all those updates and enhancements. Usually, you can access the services on a range of devices from mobile web apps, so you don’t have to be as concerned about the hardware.

On-Premise apps are managed and hosted locally in your own device probably or devices owned by your organization. Typically, there’s a large capital expenditure at the beginning. Usually, you’re locked into some kind of features, because of the hardware that you’ve chosen, and you will be able to access the services only by supported devices. Sometimes that’s a good thing for security, but a bad thing for accessibility. Do you want to get out of the data center business? Is it a clear strategic direction for your school to have a data center? If you’re a nonprofit, do you even care about that? Is the data center a key component of your business? For those of us who have campuses in higher education, we still need to be providing that WiFi. So, maybe we still have to have a data center. Maybe that’s not as big of a consideration.

However, are those resources that go into the data center, something that you could utilize for the key aspects of your business? Are those capital expenses simply killing your bottom line? You can’t afford to spend a half a million dollars on some upgraded servers. Is your CFO telling you that we have to cut back on these monthly expenses? We can’t afford an additional five grand in access to the internet or services. I don’t know. You have to have that conversation with your leadership.

The interesting thing is the cost eventually will converge over time about year 9 on this particular graph. Are you thinking of being in this service for 9 years? Maybe you’re not. There are some considerations. The CTO of New York City’s Department of Transportation said that they could use the scale of cloud providers to do things that they couldn’t do internally. For the CIO of the City of Los Angeles, there are some applications that are too critical to go into the cloud. What if a hacker could cause a release of sewage into ocean water, or turn all the streetlights green at the same time? Well, that’s a nightmare, right?

Greg Collins, the founder of exact ventures said that sticking with on promises, while still continuing to deprecate the servers and equipment, their leadership said, “If it ain’t broke, don’t fix it.” But eventually, you do have to replace those servers. So that’s something that you’re eventually looking at falling off that ledge.

What are the actual benefits? Just lowering service costs are not the biggest benefit. Sometimes you can turn the tools and the operational shifts, and actually gain performance. You can get more out of your skilled workforce. In this case, in Oshkosh Corp, they took their legacy people and retrain them to do real functions that benefit the business.

What about the security? Some cloud providers have more advanced security that you can override in house. If you have one person, or my case, zero people doing the security on a full time basis? That’s a problem. You can go ahead and click the link in this presentation to go out and look at the information with cloud security report. But there’s also that consideration that people have about everybody’s out there trying to hack Amazon or Google, but nobody’s trying to hack little old me and your school. First of all, do you know that? Should you be looking at it? We’re all really under attack.

Then, there’s the part of, do you want to have the bet the risks yourself? Or do you want to be able to say, “Hey, it’s in Amazon’s cloud, and we’ve got the best security that we can possibly afford.” Most of all, how does your board feel about the risk? If you’re not talking to them now, you should be, because everybody needs to understand where the risks lie, and how you’re trying to mitigate them.

There’s a helpful tool out here. This was developed by EDUCAUSE for higher education, but please go ahead and look at this. It’s called the HECVAT Vendor Assessment Tool. There’s a regular and lightweight version. If you follow this link, you can use that. Give it out to your vendors, your SAS vendors, and have them report back to you. You get a grade at the end of this. I can tell you if it’s A, C, D or F, maybe we should look into it a little bit further. But if it’s an A, maybe that tells you everything you need to know about the security.

Then there’s the visibility. Do you know where your data resides? If it’s a public cloud, you probably have no idea. Now, they might tell you this is house in the United States, its house partially in Europe, or what have you, maybe that’s good enough for you. For other arrangements, it should be part of your contract. You should be telling them where you’re comfortable with the data living. Depending on your circumstances, you may be prohibited from housing, certain PII, for example, or financial data outside of your country. So, you need to know.

Then, the accessibility. What is your bandwidth look like? If you’re at the top of that pipe, maybe that’s not good enough for accessing this SAS data. Does the staff faculty, students, or other end users need services from branch campuses, COVID world, or all at home while traveling. Is any of this data going to be completely unavailable for certain areas? If you have faculty, students, or sales people that are in China, and you can get past the great firewall, maybe the accessibility there is no, you have to worry about that.

Will the performance be equal to what you have On-Premise? If you switch to something that’s better, and for your end users, it’s worse performance, that’s not going to cut the mustard. You need to know what that looks like ahead of time. Latency is a big one, especially with big data, and video and audio. Anybody who has dealt with poor bandwidth on a video call, and the chattering can tell you, this is a big deal. Now, if you own a network from end to end, there’s lots of technical things that you can talk to your networking people about doing. But once you go over commodity internet, it’s probably most likely out of your hands. So, you need to talk about those.

Now, the trust. Do you trust the cloud provider? Yes, we can have a steel drum tight contract that we’ve worked with our legal people to make sure it’s the best possible, but even your lawyer will tell you or your legal people that the contract is simply a contingency plan. It means that it’s already failed the service. I strongly recommend that you get as much feedback as you can about this cloud provider, and SAS, in particular. Don’t just take the sales and marketing people’s word for it. That’s not going to help. What organizations and businesses are endorsing this particular SAS or cloud or vendor? Talk to as many people as you can, and try to get work out their real feelings. Is it great now, but it wasn’t so great before? How do they feel about it? Then, deciding.

The right way is looking at the all those risks. What’s the contingency plan? How do we get the data back? Will this method of access work for most of the people that are already using this service? Is your board willing to bear the cloud risk? How about the on premise risk? Maybe they’re not willing to say the ones that we were hacked, and yes, it’s all our fault, because it’s in our data center. The wrong way, I would argue, the only wrong way is when you’re spending more money, and you’re not getting the service that you need. That’s where the real risks reside.

In summary, you need to know your risks, know your pitfalls, know your budget. What’s the capital budget? If there’s no capital budget, you’re going to a cloud or SAS. If the operational budget is very small, maybe you need to leverage that On-Premise hardware that you already have. The big one, number 4, don’t pay more for less service.

Here’s some of my resources. You’ll be able to access those from the presentation. Thank you for sitting with me through this presentation. I look forward to hearing from you. Feel free to reach out to me at my email account. I look forward to having conversation with you in the future.

Get full Q/N Access

Sign up to Q/N with a few details to watch this presentation.

  • Hidden
  • Hidden