Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Yes, Cloud Offerings Can Have an On-Premises Element

by Neil MacDonald  |  May 25, 2012  |  4 Comments

One of the common misconceptions that I run into is that a public cloud services provider can’t have an on-premises element to their offering and that having this footprint somehow “breaks” the cloud model.

The root of this misconception lies in equating cloud to a location. Cloud is a computing style, not a location.

There are already cloud-based services providers that use an on-premises element to their architecture. For example, Qualys provides security as a service (vulnerability management) using an on-premises physical or virtual appliance to launch the local scanning from. Using the on-premises appliance, significant amounts of bandwidth are preserved as well as providing network connectivity into an organization’s internal networks to perform its scanning services.

So, how is this Cloud? Remember cloud is a computing style. The key is how the appliance is managed by the cloud provider and, more importantly, not managed by the enterprise consuming the service. The on-premises element is just a “black box” to the enterprise. In most cases, they shouldn’t have to pay for or provision the appliance footprint, even if it is a physical piece of hardware. The appliance is just a part of the overall service delivery. Further, the enterprise shouldn’t have to install software on it or perform updates. Essentially, it should be a “lights out” footprint — everything should be handled by the cloud services provider.

Why would an on-premises footprint be important? Multiple reasons:

  • To provide network connectivity (e.g. VPN) into protected locations in the enterprise’s internal network, systems and information
  • To reduce bandwidth consumption for scanning related services (vulnerability management, dynamic application security testing, etc)
  • To improve performance and reduce bandwidth requirements through intelligent caching, compression and other bandwidth optimization techniques
  • To keep large datasets local for local processing and analysis – again primarily to save bandwidth costs
  • To keep sensitive data local
  • To keep regulated data local (e.g. geolocation requirements)

The latter two are becoming increasingly important as more critical business information, systems and processes move to the cloud. I’m sure there are more requirements that you could add to the list.  The takeaway is to expect more cloud-services providers to offer on-premises extensions of their architectures to address specific usage requirements.

4 Comments »

Category: Cloud Cloud Security     Tags: ,

4 responses so far ↓

  • 1 Matt   May 28, 2012 at 4:53 pm

    Another example is Trend Micro’s SecureCloud where data in the public cloud (e.g. AWS) is encrypted and the keys are stored either on-premise or with a third-party but not with the cloud provider.

  • 2 Neil MacDonald   May 29, 2012 at 6:07 am

    @Matt, good point and one to add to the list ( a subset of one of the existing list – ie “keep sensitive data local”)

    “* To keep encryption keys used in the cloud local ”

    This has the benefit of keeping the keys out of direct control of cloud administrators

    Neil

  • 3 Andre Christ   May 30, 2012 at 7:39 am

    Interesting thoughts on the further development of cloud computing. I just don’t see how it is practicable for software providers. Offering cloud services combined with an on premise approach will increase the effort for software providers severely without generating direct revenue. Particularly I’m interested how providers will be able to maintain on premise appliances. If I think about how company networks and data centers are secured, it won’t be that simple to let a bunch of providers onto your premise (security, audit, governance etc.). What do you think?

  • 4 Neil MacDonald   May 30, 2012 at 8:17 am

    @Andre –

    True if you think of physical appliances, but 90% of what I am describing will be in the form of virtual appliances – just software that plugs into a VMM. See this

    http://blogs.gartner.com/neil_macdonald/2009/03/09/virtual-appliances-are-real/
    and
    http://blogs.gartner.com/neil_macdonald/2010/03/12/intelligent-hybrid-security-is-the-future/

    Neil