Blog article
See all stories »

Optimising cloud solutions through the use of private networks

Cloud-based applications have come into the forefront and offer a lot of advantages for flexibility, simplified deployment, upgrade and support. But as new cloud offerings continue to dominate and push further into the capital markets and business-critical systems, customers and the overall market are also beginning to look more closely at risks inherently related to cloud and how to assure quality of service.

For instance, businesses and industry experts are increasingly creating distinctions in cloud, especially between Software-as-a-Service (SaaS) deliveries and the internet delivery component. Migrating an application to a SaaS model delivers many of the benefits of the cloud.  SaaS provides the flexibility, rapid deployment and simplified full service model over deploying software yourself. 

Typically, there is an assumption that connectivity for SaaS is via the public internet. But while the SaaS model inherently provides the majority of cloud’s advantages, the public internet components add most of the risk. Of course, internet delivery also offers some advantages in terms of cost and flexibility, but exposure to the public internet also dramatically increases risks, both in terms of security and degraded service. Public internet is a great option for mobility and home/road workers but may not provide the dedicated bandwidth, hardened security and service levels of a private network. 

Protecting applications with private networks

As more business-critical applications move to cloud models, customers are looking at ways to harden the delivery while retaining the primary flexibility and value that the cloud offers. Some of these methods include adding more and more overlay security onto the public internet delivery (such as increasing levels of encryption, anti-DDoS, distributed firewalling with NFV, etc.), but these measures ultimately increase delivery cost and limit flexibility. 

Private networks can help alleviate these problems by removing the risk of having cloud applications exposed to the public internet directly for customer locations. Customers are looking at hybrid delivery models where an application is still SaaS-based at a Cloud Service Provider (CSP) but where the primary customer locations are connected via a private network to the CSP.  This allows the customer to ensure that they have certain service levels and visibility to their primary locations, as well as hardened security. Firms need control over the user experience, operational visibility and most importantly, a Service Level Assurance (SLA) for uptime, availability, latency and bandwidth. 

Taking a hybrid approach

Adopting SaaS with a hybrid approach, where the application resides at a CSP and remains accessible from the internet while the customer locations are connected via a private network, provides the best of both worlds: the flexibility of cloud with increased security and clear and reliable SLAs. 

Another benefit of the hybrid approach is that it also becomes easier to secure the internet components by reducing the overall surface area. By moving a large volume of traffic to a private network, it becomes easier to harden the internet portion. Intrusion Detection and Prevention (IDS/IPS), Distributed Denial of Service (DDoS) mitigation and encryption costs are all very dependent on bandwidth and add processing overhead. Think of it as limiting the size of the haystack, even if you are still looking for needles.

Services that are mission-critical fundamentally require certain level of SLAs and BCP survivability. They need to be delivered to the far end; they cannot be dependent on customer-provided internet that does not (and really cannot) confirm diversity end-to-end. Nor does the internet model provide any bandwidth guarantees and inevitably there are common points where contention can occur. Even large internet pipes can become clogged with the explosion of internet traffic and devices. 

The cloud model provides many advantages and is here to stay, however successful migration requires a lot of planning and control. In many ways, moving an application to SaaS actually increases the need to be aware of bandwidth, control latency, and addressing security concerns. A hybrid approach of private network for business locations and internet for remote working is a great way to achieve a good mixture while still gaining everything the cloud has to offer.


Comments: (0)

Tim Carmody

Tim Carmody

VP Network Services Engineering


Member since

18 Oct 2017


New York

Blog posts


More from Tim

This post is from a series of posts in the group:


Fintech discussions and conversations around the development of fintech.

See all