In this blog, we’ll recap our whitepaper, “When Evaluating Product Development Software Tools, Not All Cloud is Equal” – To download the entire whitepaper, click HERE.
When Evaluating Product Development Software Tools, Not All Cloud is Equal
As product development has become increasingly complex to manage across siloed teams and tools, the need for organizations to cost-effectively adapt and scale is increasingly important. Now that over 60% of corporate data is stored in the cloud. cloud-based tools have become mainstream within the engineering function. But the term “cloud” is used by vendors to describe a broad range of capabilities. Before making any software selection, it is important to understand what each vendor means when they say “cloud” and how to compare them.
The Different Types of Cloud Deployment Models: A Quick Primer
There are three types of cloud deployments: public, private, and hybrid.
Public Cloud: A public cloud infrastructure is managed by a cloud provider, and many companies use the same cloud provider. Public cloud offerings are often multi-tenant, meaning your application(s) is hosted alongside those of other companies; however, data is kept separate and secure. Some applications you might already use that leverage a multi-tenant cloud include Microsoft Outlook and Microsoft 365. Amazon Web Services (AWS) is the market share leader of public cloud providers.
Private Cloud (Outsourced Hosted): A private cloud is outsourced hosting of the application to a 3rd party. The outsource provider hosts and manages the application without the advantages of cloud architecture for scalability, high availability, security, and cost effectiveness. This approach is typically the most expensive and requires the most thorough security assessment. Often, software vendors who do not have the expertise to provide cloud hosting will outsource the hosting to their partners.
Hybrid Cloud: A hybrid cloud is a computing environment using private and public clouds and allowing applications and data to be shared between them.
Non-cloud deployment model:
On Premises (Self-hosted): A company chooses to host and manage the application themselves in their own environment. This approach is more expensive and requires the most internal resources.
RELATED: Carnegie Mellon University Software Engineering Program Teaches Modern Software Engineering U
Single Tenant vs. Multi-tenant Clouds: What’s the Difference?
94% of enterprises use cloud applications and the majority of their data is already in the cloud1. Here are a few important differences when comparing single-tenant with multi-tenant clouds.
With a single-tenant cloud you have a single instance of the software application meant to be used by your business. A single-tenant cloud is like running the application on your IT department’s hardware on-premise, but since it operates in the cloud, you’re using the provider’s infrastructure.
The drawbacks of a single-tenant cloud
Vendors that are unable to offer a multi-tenant cloud often try to scare companies away from multi-tenancy by saying it is not as secure. Of course, the entire modern economy is running on multi-tenant cloud systems from email, collaboration, task management, CRM, banking, and financial transaction systems. The need to physically separate data for security has long been solved by logically separating data and sharing databases. A multi-tenant cloud is actually more secure than a single tenant cloud against any external intrusion since it has two layers of security within the cloud environment instead of just one. Additionally, there are significant costs and risks by refusing the benefits of multi-tenancy:
- Setup is complicated. A single-tenant cloud sets up a deployment stack for every customer. The provider’s burden is multiplied by every customer, making operations inefficient and error-prone since each tenant must be handled individually. The multiplicative effect increases the risks of mistakes, configuration drift, and maintenance burden.
- The cost is high. Operating a single-tenant cloud is more expensive than the multi-tenant alternative since it requires a dedicated deployment stack that must be 100% paid for by the customer even when processing time and storage are not utilized.
- Resources aren’t optimized. With a single-tenant cloud, you aren’t fully utilizing your resources, often leaving computing power — and money — on the table. As a result, you lose the ability to share costs for things like system monitoring, serviceability, and deployment.
- Scaling is not an option. With a single-tenant cloud, you lose the ability to scale up or down resources as you need them.
- More complex backups, restoration, and disaster recovery. Backing up and restoring become a stack-by-stack operation that must be managed and validated individually. In the event of a disaster, there’s no telling where your instance ends up on the priority list since they must be restored one at a time. This option also creates a single point of failure.
RELATED: The Benefits of Jama Connect®: Supercharge Your Systems Development and Engineering Process
Here are the main benefits of a multi-tenant cloud:
- Lowers your costs. A multi-tenant cloud allows the provider to leverage economies of scale. Operations, maintenance, upgrades, and scaling are done across the infrastructure base instead of one at a time. Things like backups, disaster recovery, and upgrades become simple, single operations instead of thousands of checklist-style work items. This reduces the multiplicative risk of individual operations and lowers the overall total cost of ownership (TCO).
- Uses resources more efficiently. A single-tenant cloud often leaves extra resources on the table. And since you’re paying for all of it whether you use it or not, excess computing power is wasted. A multi-tenant cloud allows you to use only what you need and pay less to access it.
- Gets you up and running faster. Getting up and running fast is important whether you’re a large enterprise, a smaller business, or a start-up. A multi-tenant cloud helps you quickly scale up or down to maximize resources.
- Completing updates is easier. A multi-tenant cloud handles all your upgrades and updates, so you are free from disruptions and the additional costs associated with staying current.
- Backups and restoration are simplified. A multi-tenant cloud backs up relevant data and resources, supporting business continuity and resilience planning.
Key Considerations When Choosing a Cloud-Based Engineering Tool Provider
- What is the uptime service level agreement (SLA)?
- Cloud-based software providers should be able to report their uptime at any given time and show the history of the uptime over a year.
- Jama Software® publicly shows our cloud status on a minute-to-minute basis at status.jamasoftware.com
- Does the provider operate in a high availability environment?
- It’s not enough to have your application hosted in a major cloud (AWS, Azure, GC), the provider must design their infrastructure to be fault tolerant and adaptable to different failure scenarios.
- Cloud software providers like Jama Software® provide a cloud architecture diagram that shows fault tolerance and no single point of failure.
- How does the provider protect you in the event of a disaster?
- While cloud services are incredibly robust, things do happen! A fully documented, tested, and validated disaster recovery plan is essential to any cloud software provider’s continuity of service.
- Jama Software has a disaster recovery plan that specifies RPO and RTO objectives and it is tested at least annually in a production environment scenario
- What security guarantees does the cloud software provider make?
- While the underlying cloud infrastructure is incredibly secure, the software provider must take steps to secure their application. Static and dynamic scans, PEN tests, and cloud best practices (OWASP) all play a role in securing the software and your data.
- At Jama Software we take security seriously and protecting our customers’ data is our highest priority. We code with Open Web Application Security Project (OWASP) best practices, host in a secure AWS cloud, perform daily static and dynamic scans, PEN test (third-party) twice a year, and are in the process of our SOC 2 Type 2 audit. Once the audit is complete, we will be the only requirements management platform on the market with a SOC 2 Type 2 certification.