Private, Public, or Hybrid: Where should the workload go?

Members of IDG’s Influencer Network weigh in with key considerations

Cloud technologies have improved time to market, lowered operational and capital expenditures, and provided organizations with the ability to dynamically adjust provisioning to meet changing needs. But it can still be difficult at times to discern how to optimize a cloud solution to meet your business needs. So what are the key aspects of a cloud strategy that IT leaders should consider when determining whether to place a particular workload in a private, public, or hybrid cloud?

That’s the question we posed recently to members of the IDG Influencer Network, a community of industry analysts, IT professionals, and journalists. The short answer? Don’t expect a short answer.

For example, Jason James (@itlinchpin), CIO of Optima Healthcare Solutions, said that regulatory compliance, security, and next-generation technologies are just some of the factors that come into play when determining where to place a particular workload.

“GDPR is driving the cloud strategy for many CIOs, who are adapting their services and processes to comply with the European Union’s new data and privacy requirements,” James observed. “To hit the timeline set forth by the EU, many have chosen to partner with public cloud providers who can help ensure compliance.”

Security is a crucial factor to consider, he continued, “regardless of the hosted methodology chosen.”

“Does your selection provide the best security measures? Do you have the tools and security expertise in place to keep your data safe? In the event of a breach, is your team capable of detecting, correcting, and recovering systems and data?”

As for the new and disruptive technologies that are heavily impacting the enterprise, James said “many CIOs are selecting a hybrid approach that allows newer technologies like Docker, blockchain, and [the Internet of Things] to be integrated into their environments in a manageable way.”


[ How Hybrid Cloud can fuel developer innovation ]


A question that begets further questions

Ethan Pack (LinkedIn), Director of Enterprise Architecture and Solutions Delivery at TDECU, answered the question with questions of his own.

“Which external customers and/or internal users depend on the workload? What is the revenue or cost savings associated with the component? How much does the service currently cost to operate, and how much would it cost to run in the cloud? What are the regulatory, customer, or partner data and security requirements for the solution? What are the internal and external service levels for the workload?”

Pack added that organizations may also want to create a set of scoring criteria for the weight of each of those questions.

Evan Kirstel (@evankirstel), founder of, likewise had questions. “What disaster recovery scenario might be required? What performance requirements are there for the particular application? [What’s] the scale of the application, and is it a local or global deployment?”

Fred McClimans (@fredmcclimans), an analyst at Futurum Research + Analysis, recently completed an IT services research study looking at the issues surrounding cloud vs. on-premises deployment, including the drivers behind workload placement decisions.

“Our findings included a high level of balanced usage between both on- vs. off-premises deployment and public vs. private cloud deployment,” he said. “So what drives decisions on where to place a particular workload? Security and data protection led the list, followed closely by user and data privacy, regulatory and compliance risk, and network and application performance.”

For Tony Flath (@TmanSpeaks), Senior Practice Lead at TELUS Security, the key things to consider include security, service level agreements, and a strategic plan for cloud migration.

“Security is first, and don’t assume cloud means security,” he said. “Numerous cybersecurity breaches are through public cloud. Make sure that cloud vendors’ SLAs clearly define uptime, outages, and support. A cloud migration plan should include considerations for legacy application migration. Containers on the cloud with hybrid control are showing great help here.”

Brian Thomas (@DivergentCIO), CIO of Johnson County, Kansas, said cloud offers TCO that is very attractive, “especially when working in large virtualized environments or working with Big Data.” His top considerations include “true business continuity,” scalability, and security.

‘How much risk are you willing to tolerate?’

“There are four things to consider when determining where to place a particular workload in the cloud: TCO, application performance, control, and security and compliance,” stated Jo Peterson (@digitalcloudgal), VP of Cloud Services at Clarify 360.

Elaborating on that last item, Peterson noted that “more and more data sovereignty rules determine where workloads are best suited to run. Do you understand the regulations associated with the data? Many clients are concerned with cloud security. Understand that moving a workload to the cloud usually requires a different approach to your security footprint. How much risk are you willing to tolerate?”

Steven Dickens (@StevenDickens3), who is with IBM Global Sales, said “the biggest gating factor is security.” He added that “data residency and ensuring data integrity are key for many highly regulated clients.”

According to Scott Schober (@ScottBVS), author of “Hacked Again” and a cybersecurity speaker and commentator, the majority of organizations will gravitate toward multiple public cloud services, followed by private cloud services.

“This combination strategy results in an effective hybrid environment,” he observed. “Hybrid environments have some unique challenges that need to be considered, such as management, government issues, and security.”

Then there’s the matter of ‘data gravity’

Bill Mew (@BillMew), founder and owner of Mew Era Consulting, said one factor that is often overlooked is “data gravity, the way that certain key data sets attract applications, services, and other data.”

“Software, services, and business logic are drawn to data relative to its mass and importance and, as a result, are typically located physically closer to the data,” he continued. “An example of this is UKCloud Health, a specialist cloud provider for the UK healthcare sector. As Genomics England (the largest single health data set in the UK) is hosted by UKCloud Health along with a number of key hospital trusts, this has attracted a growing ecosystem of services providers to the platform, which has in turn attracted further partners, clients, and data sets. Located in close proximity to each other, they all benefit from low-latency connectivity and increased scope for collaboration.”

Craig Mullins (@craigmullins), President and Principal Consultant of Mullins Consulting, offered this straightforward advice: “Do not abdicate your strategic role in terms of your organization’s application infrastructure when moving workloads to the cloud. This means that you should have a cloud architect on staff who is an expert on cloud deployment but also understands your organization’s requirements and cloud providers.”

According to technology writer David Geer (@geercom), “IT leaders should consider cost cutting efforts, security, compliance, control, and flexibility when deciding where to plant cloud workloads.”

That sounded familiar to technology writer Will Kelly (@willkelly), who said that “CIOs need a workload-centric model that takes into account business priorities, budget, application performance requirements, vendor lock-in concerns, available cloud expertise, and of course security and compliance.”

When it comes to optimal workload placement for private, public, and hybrid clouds, Optima Healthcare Solutions’ James spoke for many of the influencers when he said, “There is no one-size-fits-all cloud approach to IT. CIOs must decide on a methodology that provides the most secure, compliant, and cost-appropriate solution to meet the demands of their organization.”

To learn more, go to