By Michael A. Velez, Managing Director of Castellan Systems
Let me start by saying that may be this is not the eternal question, but it is a question we get asked very often. Why are all of our Project Management solutions “on-premises” solution rather than cloud based? Many of our competitors’ solutions are cloud based, so why have we gone for the opposite direction? Are we just trying to create a point of difference between us and our competitors?
Well, the answer to the last question is “yes” but not for the reasons that you may think. I guess we need to go to the beginning and define what “cloud” and “on premises” hosted solutions are.
With “On-Premises” solutions, from implementation to running of the solution, everything is done internally; whereby maintenance, safety and updates also need to be taken care of in-house. Once the software is purchased, it is then installed on your servers; requiring additional power servers, database software and operating systems to be purchased. With no third-party involvement, you assume complete ownership.
“Cloud” solutions involve the delivery of on demand computer system resources, requiring no active management and usually includes applications such as storage and processing power. With a Cloud-based subscription model, there is no need to purchase any additional infrastructure or licenses. In exchange for an annual fee, a cloud provider maintains servers, network and software for you. The information hosted by the vendor can be accessed through a web portal. The dedicated private cloud allows customers to use the platform completely, with no shared resources. They can request additional customization, backup controls and upgrades. With a shared cloud, complete privacy of the client’s data is observed, however multiple tenants share the cloud service. It is a more economical option but offers limited customization.
There are companies, including Castellan Systems, that still opt for on-premises solutions as opposed to the cloud. Both approaches bring something unique to the table but only after proper consideration can you determine which type of solution would be a perfect fit for your organisation.
The table below provides some of the key things that you need to consider when choosing between an on-premises and cloud solution:
|On-Premises Advantages||Cloud Advantages||On-Premises Disadvantages||Cloud Disadvantages|
|Lowest total cost of ownership over a period of (3) years or more||Offers the highest level of convenience - no upgrades or hardware; access from anywhere||Requires upfront investment||Highest total cost of ownership over a period of (3) years or more|
|Offers the greatest amount of flexibility and ease of integration; personalization; customizations possible||No software, hardware or upgrades||May require an investment in hardware & software (OS and database licensing)||
May require a pre-payment upfront
Potential integration challenges
Less flexible for customizations (if any allowed)
|Investment can be capitalized and depreciated||Speed to deployment||Potential longer implementation cycle||Limited ability to capitalize the investment|
|Data secured within client’s environment (i.e. behind client firewall)||Cloud provider responsible for hardware and software maintenance, security and SAS70 II certification||On-going it support required (periodic application and server maintenance)||Potential for disruption of service if internet outages occur, vendor M&A activity or goes out of business|
Please Note: Just to be clear, we haven’t put this table together just to support our approach. This table was sourced from research available online and presented unchanged.
Cost tends to be one of the main, if not the main, reasons for choosing a cloud solution, but is cloud computing cheaper than on-premises?
Cloud solutions are cheaper when it comes to setting-up, running, maintenance and overall support costs. On-premises, even though costs more initially but when the investment is spread across the entire lifecycle of the system, it may just amount to the same as Cloud solutions, or as the table about suggests, lower after 3 years of ownership. However, it depends on the services and space required and the plans the vendor has to offer. There isn’t a cut-and-dried answer to this as the cost effectiveness ultimately depends on the needs of individual organisations.
As I mentioned above, cloud solutions are cheaper when it comes to setting-up, running, maintenance and overall support costs. On-premises, even though costs more initially but when the investment is spread across the entire lifecycle of the system, it may just amount to the same as cloud computing; it may even be cheaper. However, it depends on:
- the services and space required and the plans the cloud vendor has to offer,
- the on-premises solution pricing offered by the vendor.
The cloud is a fine place where to place certain systems and data but is it the place for your project management data? We’ve all heard and read those stories where people’s cloud-based data has been hacked. There was that famous case where people’s photos were hacked, include compromising photos of many celebrities. Security has improved, but are the improvements good enough to place sensitive project related data?
Another point I like to make is based on some controversy that has been down the rounds recent due to the current health emergency. The Australian government has released an app to help trace the spread of COVID-19; the controversy is around the security of the data once it’s loaded to the cloud service. The contract to provide this service was awarded to Amazon Web Services (AWS), the American technology giant, although the data will be kept on an Australian based server. So does this make the data save or is it possible that someone, say the American government, can access it? In the opinion of legal experts, the data could be obtainable by U.S. law enforcement via the CLOUD Act. It doesn’t matter that the data is held in Australia, AWS is an American company and therefore subject to the CLOUD Act. The CLOUD Act is a 2018 U.S. law which requires American cloud services to produce, under subpoena, data held by them regardless of where in the world that data is stored. In the Law Council of Australia’s expert opinion, under current arrangements, the appeal avenues under the CLOUD Act “would not have application” in Australia. The appeal avenues are only available under the CLOUD Act if a country is designated as a “qualifying foreign government”, which Australia is not at this stage. So, while your cloud service provider may meet all regulatory requirements and have all process in place to maintain security, there may be legal avenues to get access to the data even if the illegal ones are supposedly closed.
So, bringing the discussion back to our topic, I would rather be in full control of who has, and who hasn’t, got access to my project management data, rather than leave it to the whim of governments. I know, the U.S. government is probably not going to be interested in my project management data. But if that data also holds sensitive and confidential information about my clients and their business, I rather keep it under my tight control within my own firewall. We all have enough problems dealing with our own governments constantly changing legislation, then have to worry about other governments.
How do we stack up?
Our project management solutions not only store project costing and scheduling data, include task lists and assignments, as most of our competitors do, but also store project requirements, designs, testing plans and results, documents, emails, risks, issues, actions, defects and decisions. There is a lot of IP included in that data. What about if your project is for an external client? They may have supplied you with sensitive documents and require you to maintain a high level of confidentiality. In other words, they help our clients manage all dimensions of the “Project Management Triangle”. Do you really want to put that on the cloud?
We needed to take into consideration all of these factors and make a choice; that choice was “op-premises” solutions. Yes, you require Microsoft SQL Server to support our solutions; but they work fine, and have been tested with, the free Express Editions of this product. Yes, they require Microsoft Access to support some internal functionality, but the runtime of this product will do just fine. Yes, some of the facilities require Microsoft Office, including Word, Excel or Project, but if you’re working on projects, wouldn’t you already have this software? So, in the end the only added cost is the costs of our product(s) and we’ve priced them very competitive.
When you put all the data we mentioned above on the cloud, you are no longer in control of its security; you are dependent on you cloud vendor to have all the “right” processes in place. Yes, your vendor may have all of the right certification, including SAS70 II, but will that be enough for your own clients? Can you afford to take that risk?
I have worked for various organisations that had governmental clients; they are very concerned about the security of their data; in some cases that included information about military and national security staff. Financial services organisations tend to be the same. They provide you with data which they expect that you will maintain its confidentiality as strongly as they do.
I worked for an IT company that all staff that were working on government contracts not only had to undertake security checks and were provided with special id cards, but were also housed in a special secured office within the overall office; only people with the right id card could get in. They weren’t even allowed to leave any paper document on their desk whenever they walked away from it. They couldn’t hold meeting in that secure office with outsiders.
I worked for a financial services company that also had government clients; the staff working on those projects had to undergo security checks, were provided with special id cards. Their systems, even during development, could not be installed and operated on servers with other clients’ systems. During testing, any printed sensitive data had to be hidden is some way. I ran the annual statements project for that client one year; validation of the correctness of the data shown in the statements could only be done by staff from the client.
But I guess my all-time favourite example was the time when I was contracted by an IT company that provided various services to its clients, mostly supporting their annual renumeration process. They had a few clients in the financial services industry. Once I travelled with our CEO to one of these clients’ office for a meeting. At the end we needed them to provide some data for us to test the solution that we were building for them. They provided this data on a special USB drive manufactured for them. It came sealed in special packaging, which had to be broken; the data was loaded on to it and the USB drive handed to our CEO. When he asked how they preferred that we returned the USB drive, we were told that once we had plugged it into one of our servers, it was compromised and they didn’t want it back. They could not afford to take the risk, no matter how miniscule, of compromising their systems by plugging this USB drive into one of the PCs once it had been plugged into someone else’s. Can you blame them? How would you feel if your own personal and financial data was compromised if they didn’t take these sorts of measures?
How do you think any of these clients would feel if you placed their data on the cloud? Managed by an organisation that they hadn’t engaged directly themselves? I would hazard to guess that they wouldn’t be too happy and may even be looking for another organisation to run their projects.
The reality is that you can host these critical systems on-premises and still provide the access flexibility that you may want. Make use of VPN clients for you staff to connect to your on-premises hosted systems, and data, when they are offsite. At the IT company that I mentioned in my first example above, we were provided with electronic tokens that generated a random number which changed every minute or so. When we attempted to log on externally, we had to enter this random number; you needed to be fast because it may change on you while you were typing. At the company in the second example above, we were provided with special, customised VPN client software to log in; without the right credentials, you couldn’t log in but once you were, it looked just like my PC at work.
There isn’t a cut-and-dried answer to this as the cost effectiveness ultimately depends on the needs of individual organisations. So, using costs as the sole argument to go for a cloud solution over an on-premises solution is a highly questionable strategy.
Yes, with an on-premises solution your company remains responsible for incurring all the costs, from the initial upfront investment to maintenance and operating expenditure, these costs are normally built into the pricing offered by the cloud vendor anyway. So, operating large systems or data centres which usually reach millions lowers the per unit cost of the maintenance and operation of these cloud systems, it does come at a cost of another kind. The loss of control.
I worked for a large steelworks in Australia for many years; I was in the IT department, which then got merged with the IT departments of other divisions into a separate IT company. Some years later this IT company was sold to a large multi-national IT services organisation basically because it was decided that a vendor operating large systems in data centres which usually reach millions lowered the per unit cost of the maintenance, operations and even enhancement and development of their IT systems. The reality proved to be quite different to the vision. Yes, operating costs for the existing systems were lowered, but it came with the costs that they were moved to these distant data centres which required the beefing up of networks and, therefore, an additional cost. Also, new development costs did not go down as expected. The vendor needed to make a profit and the resourcing costs, mostly people’s salaries, were basically the same. We were getting paid the same as when we worked for the steelworks and now our new owners need to make a profit on our time. They also had to fit with the vendor’s upgrade schedules. Before any hardware updates, with its implied operational downtime, were scheduled around the steelworks operations; now these schedules needed to be a compromise that considered all clients of the vendor. A steelworks is a 24x7 operation; some plants within the steelworks can’t stop or it could take months to get them going again. So, if you didn’t have a production schedule to execute, you just needed to keep making stuff and usually dump it as rubbish. It was like pouring money down the drain. Slowly, but surely over time, the steelworks has taken back in their IT operation.
These types of decisions need to be made from a more holistic perspective. They can’t just be made by considering, what may be termed, tactical considerations. Could you afford that going to the cloud and lowering some of your costs may lead to the loss of existing or potential clients? Where’s the benefit in that? Where’s the cost saving in that?
Let me be clear, neither Castellan Systems or I are anti-cloud; the cloud has its place and it’s a fine solution for certain application and organisations. I just don’t think it’s the solution for our systems that provide the complete, holistic support to project teams. But if you’re not looking for such types of project management solutions and are fine with budget, schedule, status and task management, then a cloud solution my just be the ticket for you.
Castellan Systems’ project management solutions help project teams manage all dimensions of the “Project Management Triangle”; they provide a single, central repository for all project related data, whether it will be financial or time/schedule information, tasks, documents, emails, designs, lists or decisions. By providing this support as on-premises solutions, it provides our clients with the control to ensure the security of their data. We provide very easy upgrade paths to the latest version of these solutions but allow our clients to schedule these upgrades when it best suits their business without having to take any other consideration.
So, whenever I’ll get ask the question “why are all of your Project Management solutions “on premises” solution rather than cloud based?” again, I’ll just point them to this article.
This article was written by Michael A. Velez, Castellan Systems’ Managing Director, who has 40 years’ experience in the IT industry working for several large, multi-national corporations. He has worked as project, programme and portfolio manager and is an accredited MSP Practitioner.