Some time back, the Goliaths of the cloud hosting business (you know who they are) put out the word to small and midsize organizations that they’d be delighted to offer hosting services to the Fortune 10,000. Call it an experiment or a trial balloon, but it was clear to those paying attention that try as they might, enterprise-class providers didn’t really get SMBs.
Now, a certain class of provider is gazing through the other end of the telescope. Suddenly, the new kids on the block in the cloud hosting business are emanating from the bottom-up, not the top-down. This emerging breed of lean and mean services provider is, metaphorically at least, garage-based.
For financial services organizations – especially those that are small or midsize -- the appeal would seem clear: accessibility, the promise of lower overhead, lower costs and rapid response, and all those other nimble things that flow to startups in the so-called “sharing economy.”
But pause and take a step back. Are these really the folks you want hosting applications on which your financial services business depends? Virtualization is a wonderful thing, but cloud service providers shouldn’t be housed in Jeep Grand Cherokees or even Airstreams… figuratively speaking, of course. Maturity and a track record still matter.
Which brings me to a post I found on an IT blog a short while ago. While it goes back a few years, its author proved to be distressingly prescient:
Anyone hosting their site on servers in their garage?
Why more startups aren't doing this?
I'm all done with slow disk on cloud hosts. I have no budget to pay for a colo or a dedicated host. I'm planning on building a server with commodity components and an Intel SSD. I figure I can build a server with a quad core AMD chip, an Intel SSD and extra memory and Disks I have lying around for about $500.
A Comcast Business Broadband package gets me 22 Mbps/5 Mbps for $100 a month. Double that for 50Mbps/10Mbps. I don't need 5 nines of reliability. I'm willing to deal with a couple of hours of down time in an emergency while we're getting off the ground.
Why aren't more startups doing this? I understand that you might want to buy decent "enterprise" hardware at some point if your site takes off. But, hardware is dirt cheap compared to the crap offerings you get on cloud hosts. Am I missing something?
In a word, yes, honorable poster – you’re missing a quite a bit. And so are your clients.
Going downmarket in an era when hacks and DoS attacks are becoming routine is a recipe for precisely the kind of disaster that seasoned Infrastructure as a Service (IaaS) providers live to prevent. Almost by definition, garage shops aren’t secure or protected from power outages, fires, floods, and all the troublesome possibilities that are becoming all too real, all too often – and can be ruinous in the financial services sector. Typically, colocation spaces are neither sufficiently tested nor adequately evolved to do the heavy lifting required in the cloud. Achieving real stability takes years.
This cloud does have a silver lining, however; you can get all the features of the best hosting providers without breaking the bank -- if you know how to shop. For these cloud service providers (CSPs), security protections have become part of their DNA, with technologies such as clustered firewalls and intrusion detection and prevention systems (IDPS). The prospect of enhanced security in the cloud – indeed, that the better cloud deployments now mean that data is safer in the cloud than on a typical unsecured desktop – remains true only if the CSP recognizes that cutting corners is a definite lose-lose proposition.
Thanks to audits of CSP security controls -- especially the SSAE (Standards for Attestation Engagements) No. 16 Type II audit, one of the most rigorous auditing standards for hosting companies – peace of mind is virtually guaranteed. The audit confirms the highest level of service and reliability attainable for a virtual server hosting company. To be SSAE compliant, a hosting provider needs to offer SSL capability, enterprise-level, application level protection, hardware firewall, IP-restricted FTP, managed backups with 14-day retention, advanced monitoring and multi-level intrusion prevention. Not the sort of thing you can accomplish from your neighborhood garage.
Now more than ever, companies in financial services can turn to cloud service providers who recognize a tight connection between managing security and provider accountability. Cloud service providers concerned about safeguarding data and applications are taking steps to mitigate those risks with tight security controls, transparency regarding those controls – and transparency about their own operations.
So when it’s 11 p.m., make sure you know where your servers are.