On-premise or In the cloud? Most suitable location for apps in a hybrid environment

With cloud infrastructures expected to outstrip on-premise networks by 2020, many have anticipated that the move to the cloud would become a standardised, linear journey for enterprises.

Organisations would start by migrating specific business applications to the cloud, such as their email, before moving increasing amounts of their network infrastructure into virtualised environments and thus using a hybrid of on-premise and cloud networks.  Eventually, it was envisaged, their entire IT infrastructure would be run in the cloud, boosting efficiency, scalability, agility and flexibility.

On the surface, it may appear that this prediction is being realised; that organisations’ cloud adoption maturity has reached the point where a hybrid environment is no longer necessary, and their entire IT infrastructure can be migrated to the cloud.

>See also: 2017 cloud predictions

However, the reality is starkly different.  Indeed, the evidence shows that the hybrid environment has not disappeared.

For example, while companies such as Dropbox, Groupon and Twitter all made strategic decisions from their inception to utilise only cloud infrastructures, they have ultimately found greater savings and benefits by combining both cloud and on-premise solutions, signalling that the hybrid environment will be here to stay for the foreseeable future.  As such, organisations will need to continue to maintain network security across both their cloud and on-premise infrastructures.

Understanding the best location for each application

So how should organisations approach managing the security of their increasingly hybrid environments?

A fundamental prerequisite to answering this question is to determine from the outset whether the security and compliance requirements for a given business application are better served in the cloud, or in an on-premise environment.  Here are four key pointers to help guide that decision.

Applications that store personal information data

Business applications that hold sensitive data, such as personal identifiable information for customers, are probably more suited for on-premise deployments.  In most instances, for personal information, there are many data privacy laws that govern where data can be stored when the information is collected, processed or communicated.

>See also: The year of the cloud: flexible, agile and scalable

Over 80 countries and independent territories have adopted comprehensive data protection laws, so it is essential to check and verify what data the application processes, and what is allowed from a legal perspective before moving it to a cloud environment.

Applications subject to strict regulation

If the application, or the data it processes, is subject to regulatory oversight under compliance regimes such as HIPAA or PCI, then there is a clear need to understand the security compliance status of that application, and if moving it to the cloud will risk a compliance violation.

For example, HIPAA requires accountability practices on all Local Area Networks, Wide Area Networks, and for users accessing the network remotely through a Virtual Private Network (VPN).

If the application needs to be compliant with PCI, you will need to have a firewall at each Internet connection the application uses, and between any network demilitarised zone and the internal network zone.  Applications under this regulation, and others, are not ideal candidates for migration to the cloud.

Application already exposed to the internet

In contrast, if there are already parts of the application that are exposed to the internet, such as a web server, the application may well be suitable for migration to the cloud.

>See also: How the cloud will shape infrastructure this year

These applications should already have strong security implemented, and when moving the application to the cloud, this will ensure that the security of both the server and internal network is maintained.

Network segmentation as an indicator

Finally, if you manage your network segmentation correctly, the servers and applications that reside in the least segregated zones may be suitable for migration to the cloud.

For instance, the applications and servers that are in a zone with a single firewall are good candidates to be moved.  In contrast, those zones that are highly protected and reside behind multiple firewalls should stay in your own on-premise data centre so they can be robustly secured.

>See also: Unlocking business value via the cloud

With hybrid cloud environments here for the foreseeable future, the complexity of ensuring that security is maintained throughout every application migration will remain challenging.

However, by identifying from the outset which applications are best suited for cloud deployments, and which should remain on-premise, organisations will be able to bring more clarity to their cloud security strategies – and improve their security posture in the process.


Sourced by Asher Benbenisty, director of product marketing at AlgoSec 


The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Hybrid Cloud