Connecting to Cloud: Which method is best for you? (Guest blog from Cloud Gateway)
Author: Stephen McConnell, CTO, Cloud Gateway
In this blog, we explore two common methods to connect to the cloud; public internet and private dedicated networks. We’ll consider the pros and cons of each, focusing on three key areas - security, cost and performance.
Let's talk security
Exposing business traffic to the internet could make the network susceptible to Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks against routers and links that you don’t control. Traffic can be end-to-end encrypted via Virtual Private Networks (VPN), but these may be limited in terms of bandwidth or packet size, slowing down the network, rendering the internet unsuitable for large volumes of information.
Many applications, especially in the B2C or public sector, simply have to be exposed to the internet in order for their users to access them. If this is the case for you, look into Web Application Firewall services which can help keep you protected from internet-borne threats.
Connecting to the cloud via a direct connection limits the available points of access, because the network is private. This method of connectivity reduces data exposure and opportunity for a security breach while data is in transit. You decide who can be on the network and what they can access. The source, destination and the routes between are all controlled by you or your network provider, per your instructions.
This control can, in some cases, be a barrier to interoperability. Policies generally deny by default which means applications and users may not be able to connect without your intervention. For larger organisations, this means you’ll need dedicated resources for ongoing management, or employ a Managed Service Provider (MSP).
Using the Internet as backbone is one of the cheapest and easiest ways to connect to the cloud. You can use existing links that your business has in place, making setup simple. For low to medium priority traffic, the Internet is often totally sufficient and cost effective.
However, be aware of data egress costs from cloud environments to the internet. Whilst providers will charge you nothing for ingress, egress can cost around $0.08–$0.12 per GB. If you’re sending a lot of data out to the internet, this can stack up!
Direct connections are generally more expensive to initially deploy, after all, you’re getting a private circuit. However, if you’re moving large quantities of data out of the cloud it might be the way to go.
Compared to the internet, cloud providers offer much lower egress charges for dedicated connections like ExpressRoute (Azure), Direct Connect (AWS) and Cloud Interconnect (GCP). Costs depend on region, but could be more like $0.02 per GB, a fraction of the cost.
If you have a mission critical workload generating a ton of traffic - it’s worth simulating some cost comparisons. You might be surprised by the results!
Public internet is a shared network, which can get congested. When this happens, the network will make a ‘best effort’ to use an alternative route from A to B. This might include more hops and increase latency, or cause the connection to be unstable, resulting in lost packets. For non-essential traffic, a couple of milliseconds delay and a spotty connection might not be an issue.
It should be said that there are different variations of internet connectivity. Whilst basic services could throttle your connection, others provide direct internet access or ‘private internet’ services that are very flexible, reliable, and allow you to scale up and down bandwidths relatively easily. It’s worth looking around at the options.
Unlike the internet, private networks come with an SLA and support, guaranteeing a quality of service and availability for the business. Upload and download speeds are often far better than public internet, as everything end-end is within the control of the provider.
Direct links can also work with a wider range of network topologies, supporting cloud to cloud routing, which public internet isn’t suited to. This makes private connectivity more versatile. On the other hand, telco providers can be inflexible. It may be tricky to adjust the bandwidth of a dedicated link once it has been deployed, forcing you to over provision up front.
When assessing your options, think about what other variables might be important to your particular situation. Reliability, scalability, customer support may also factor into your thinking. It doesn’t need to be an either/or decision - a blend of connectivity methods in a single ecosystem is completely feasible and doesn’t have to cost the earth.
Cloud Week 2023
News, views and insights on how cloud computing continues to reshape how we live and work. techUK's annual Cloud Week is an opportunity for the tech community to explore key issues in cloud and highlight new ideas and thought leadership from our members.
techUK's Technology and Innovation newsletter
If you’d like to start receiving information about relevant events, news and initiatives via techUK’s monthly Tech Tracker Newsletter, please subscribe here and join the Technology and Innovation contact preference.