Comment by 9dev

Comment by 9dev a day ago

13 replies

View on Hacker News

> So much cheaper to operate and control.

Until you factor in the salaries of the new employees you have to hire now, the cost of that hiring process, the compliance and security implications of operating servers on your premises, the ongoing maintenance of the software and operating systems, the new infrastructure to maintain, including but not limited to backup power supply and overall redundancy, the need to manage the lifecycle of the new hard- and software, the documentation for all of this… I could go on for a while.

It's not like these cloud solutions are just solving laziness.

no_op a day ago

A lot of this could be standardized and packaged into a product, a modern take on the 'server appliance.' Unpack some gear, plug it together according to a nice diagram, connect to a management console that feels familiar to anyone who's deployed to the cloud.

Reply View 2 replies
belorn a day ago

Listened to a story about a fairly large company that switched to cloud and then back to on-premise. When they went cloud they quickly found out that they needed employees to manage the cloud infrastructure. The employee costs were similar for both setup.

Compliance and security testing does not go away just because you use cloud. The steps and questions will be different, but regulations like NIS and GDPR have extensive requirements regardless if you implement it yourself or buy it from an external supplier.

I would also not recommend to go with a single cloud solution with no backup solution and overall redundancy, unless a $5 voucher is good enough compensation for the service being down a whole day. The general recommendation after the latest waves of outages was for cloud users to use multiple cloud providers and multiple backup solution. It is just like how on-premise solutions need off-premise backups.

Reply View 6 replies
  • 9dev a day ago

    > Compliance and security testing does not go away just because you use cloud. The steps and questions will be different, but regulations like NIS and GDPR have extensive requirements regardless if you implement it yourself or buy it from an external supplier.

    That’s a bit disingenuous. If I don’t operate a physical server rack, I also do not need to take care of physical access control, fire suppression policies, camera monitoring, key handling, and a wide range of other measures I would be otherwise obliged to take care of under GDPR. You can absolutely outsource classes of problems. What’s true is that that doesn’t lift the responsibility from you to check your cloud provider fulfils these obligations, but that’s very different from having to fulfil them yourself.

    Reply View 5 replies
    • belorn a day ago

      Go through a security review. It not as simple as just saying "we outsource that so we have no idea what they do or how they manage the data". It is disingenuous to claim that people can just outsource the whole problem and not care.

      This would be part of the responsibility of the cloud managers, which need to be hired, paid and trained, on top of the cost of paying the cloud providers. There is no free lunch.

      Reply View 4 replies
      • 9dev a day ago

        I am responsible for security reviews. I never claimed it was that simple, nor that there was free lunch. I said it is easier to outsource it than to handle it yourself to an equal level of what a cloud provider is able to do, from a legal and operational perspective.

        Reply View 1 reply
        • belorn a day ago

          Easier is a very subjective measurement. Lets compare two solutions with different hires. One hire system administrators that rent space in a serverhall. The other hire cloud managers that rent space in the cloud.

          What can we definitive say about the difference be in salaries, training, and team size? Can we say anything specific about legal and operational perspective?

          Reply View 0 replies
      • pu_pe a day ago

        Sorry but I think it is indeed much easier to have a cloud provider take care of those things. That's partly how we came to the situation we are in: a lot of people outsourced this type of work to Microsoft or AWS, because it was easier.

        I get what you are saying, that responsibility is still yours for making the correct choices, and to know what the cloud providers are doing. In the real world though hardly anybody cares, even though we have threats like the CLOUD act in place. So, yeah, people should care but ultimately they often don't.

        Reply View 1 reply
        • belorn 11 hours ago

          Yes, it is true that no one ever got fired for buying IBM. It is also very common that people just use an AI for reviews and then deal with the fallout if anyone actually calls them on the bluff. Paying fines, if anyone do care, are just part of doing business.

          However in the same way, it doesn't then matter much if you are using the cloud or not. The work needing to copy the output of an AI to fill in the forms takes similar amount of time.

          Reply View 0 replies
Black616Angel a day ago

But you can rent on-prem servers in some datacenter near you where all that is done for you.

Reply View 2 replies
  • 9dev a day ago

    First off, servers on someone else's premises are by definition not on-prem; and second, it still leaves you with a lot of the maintenance, management, and documentation overhead that comes with operating infrastructure equipment.

    Reply View 0 replies
  • hsuduebc2 a day ago

    Do not forget that it is also cheaper. Main difference would be scalability which you do not inherently need. Not for ordinary bau.

    Reply View 0 replies