by Tim Carmody, Vice President, Global Product Management and Engineering, Network Services

Cloud-based applications have come into the forefront and offer a lot of advantages for flexibility, simplified deployment, upgrade and support. But as new cloud offerings continue to dominate and push further into the capital markets and business-critical systems, customers and the overall market are also beginning to look more closely at risks inherently related to cloud and how to assure quality of service.

For instance, businesses and industry experts are increasingly creating distinctions in cloud, especially between Software-as-a-Service (SaaS) deliveries and the Internet delivery component. Migrating an application to a SaaS model inherently delivers many of the benefits of the cloud.  SaaS provides the flexibility, rapid deployment and simplified full service model over deploying software yourself.

Typically, there is an assumption that connectivity for SaaS is via the public internet. But while the SaaS model inherently provides the majority of cloud’s advantages, the public internet components add most of the risk. Of course, Internet delivery also offers some advantages in terms of cost and flexibility, but exposure to the public Internet also dramatically increases risks, both in terms of security and degraded service. Public Internet is a great option for mobility and home/road workers but may not provide the dedicated bandwidth, hardened security and service guarantees of a private network.

As more of customers’ business-critical applications move to cloud models, customers are looking at ways to harden the delivery while retaining the primary flexibility and value that the cloud offers. Some of these methods include adding more and more overlay security onto the Public Internet delivery (such as increasing levels of encryption, anti-DDoS, distributed firewalling with NFV, etc.), but these measures ultimately increase delivery cost and limit flexibility.

Private networks can help alleviate these problems by removing the risk of having cloud applications exposed to the public Internet directly for customer locations. Customers are looking at hybrid delivery models where an application is still SaaS-based at a Cloud Service Provider (CSP) but where the primary customer locations are connected via a private network to the CSP.  This allows the customer to ensure they have service guarantees and visibility for their primary locations as well as hardened security.  IPC has already seen customers looking for this type of connectivity and has created Connexus Cloud Connect as a way to extend private network delivery to Cloud Service Providers. This gives the customer more control over the user experience, operational visibility and most importantly, a Service Level Assurance (SLA) for uptime, availability, latency and guaranteed bandwidth.

Adopting SaaS with a hybrid approach, where the application resides at a CSP and remains accessible from the internet while the customer locations are connected via a private network, provides the best of both worlds: the flexibility of cloud with increased security and guarantees.

Another benefit of the hybrid approach is that it becomes easier to secure the internet components as well. By moving a large volume of traffic to private network, it becomes easier to harden the internet portion. Intrusion Detection and Prevention (IDS/IPS), Distributed Denial of Service (DDoS) mitigation and encryption costs are all very dependent on bandwidth and add processing overhead. Think of it as limiting the size of the haystack, even if you are still looking for needles.

Services that are mission-critical fundamentally require service level guarantees and BCP survivability. At IPC, we have a lot of services that are sponsored to be delivered to the far end; these can’t be dependent on customer-provided internet that does not (and really cannot) confirm diversity end-to-end.  Nor does the internet model provide any bandwidth guarantees and inevitably there are common points where contention can occur. Even large internet pipes can become clogged with the explosion of internet traffic and devices.

Obviously, the cloud model provides many advantages and is here to stay, but that doesn’t mean that it is a magic bullet. Successful migration to the cloud still requires planning and control.  In many ways, moving an application to SaaS actually increases the need to be aware of bandwidth, control latency, and addressing security concerns. A hybrid approach of private network for business locations and internet for remote working is a great way to achieve a good mixture while still gaining everything the cloud has to offer.