To Cloud or Not to Cloud (Your HR Help Desk)
As you are evaluating new HR Help Desk solutions (or really any business software system), one primary consideration is always the software and hardware platform. SaaS? Hosted? In-house? “Which is better for my business”?
The choices are actually more varied than you might expect. Some vendors may offer only one option, while others such as LBi offer many choices.
As I have stated in previous blog posts, your system selection process should first evaluate if the system functionality substantially meets your requirements, and the vendor has a proven record of high quality support. Once that has been determined, then platform and architecture should be next in line for consideration. Somewhere in there is price — and we will get to that shortly.
Let’s walk through the most common deployment options, and their perceived pros and cons:
- Inhouse – Software is installed on your servers, maintained by your IT staff. Generally the required server specs are provided by the software vendor. It is up to IT to secure the system with VPN access, firewall, database encryption at rest, and other security measures.
- Pros – You are in 100% control over the performance and reliability of the infrastructure, as well as the level of security.
- Cons – You are in 100% control over the performance and reliability of the infrastructure, as well as the level of security. Can you support it 24/7/365 without burdening IT? Is your IT staff trained on the latest cyber security threats, tools and processes? Do you employ a CISO? What is the FTE cost to support the system 24/7/365? Studies show a typical FTE cost to support one business critical system like HR Help Desk can easily exceed $150,000 annually, not including software and hardware.
- SaaS – True SaaS is defined as software delivered as a service from a shared hardware and software environment. Generally this means application services are shared among all companies using the system. The database may or may not be deployed in single instances for each company, but in any case the physical database hardware and software are shared. I call that a “shared everything” environment.
- Pros – Faster deployment and faster updates and upgrades. The vendor updates the single application server once and it is propagated virtually instantly to every user. Overall infrastructure costs are the lowest vs. other options. Most SaaS vendors provide a high level of security, and most are HIPAA compliant (but not all).
- Cons – You are in a shared environment, shared with who-knows-who. Hackers are one step closer to your confidential data because they are already virtually next door to your database. Think apartment vs. private house. Hackers are in the building and in the hallway, and they just need to get through your front door.
- Public Cloud – Different than SaaS. Your system is deployed in a shared environment, but each installation stands alone. The application is deployed in a single tenant environment and the database is dedicated 100% to your company. Essentially the installation is similar to an in-house deployment, but actually installed on shared hardware, accessed over the Internet.
- Pros – Potentially more secure than SaaS because the database is running standalone relative to other company’s databases, and the application server is not shared. Most Cloud vendors are HIPAA compliant. Relatively low cost option.
- Cons – You are still in a shared environment, but less so than SaaS. Nothing about your application is shared. But countless other users are potentially on the same hardware, running different services and systems. Therefore risks are still there, and in some cases greater than SaaS.
- Private Cloud – Different than Public Cloud. Typically the software vendor deploys their system in a limited cloud environment which they control. The vendor limits sharing strictly to their clients. No anonymous outside users. As with the Public Cloud, your system is deployed in a shared environment, and each installation stands alone. The application is deployed in a single tenant environment and the database is dedicated 100% to your company. Note: SaaS vendors often deploy in a Private Cloud, so SaaS can be almost as secure.
- Pros – More secure than Public Cloud because the shared environment is limited. Relatively low cost option but often higher cost than Public Cloud.
- Cons – You are still in a shared environment, though nothing about your application is shared.
- Dedicated Server Hosting – Though your system is hosted by a third party, it is deployed in a 100% dedicated (shared nothing) environment. Essentially the same deployment as in-house, but the physical server(s) resided with the hosting provider. Only your system is installed on the private server. In the apartment vs. private house analogy, your system is in a private house. Other companies are right next door but hackers have to know which house to break into. Then they must jump over a proverbial electrified fence before facing a high brick wall.
- Pros – Absolutely the highest level of security. Your system enjoys the maximum protection available. It is as hack-proof as humanly possible. When compared to an equal in-house deployment, dedicated server hosting can easily cost 1/3 to 1/2 less.
- Cons – Cost vs. all other hosted options (SaaS and both Cloud options) is higher, sometimes significantly higher.
The image above is a graphical representation of the most common deployment options, comparing their relative cost to security capability. At LBi we offer all options for our HR Help Desk, and work closely with our clients to find the best solution based on their critical business needs. In our experience, larger organizations, particularly government regulated businesses, opt for the Dedicated Server option. Smaller (<2,000 employees) enjoy the significant cost savings and good security of our SaaS cloud editions.
Learn more about the benefits and risks of “cloud computing”, including what a Hybrid Cloud Model is, in our industry brief, Setting Expectations: The Clout – And Caveats – of Cloud-Based HR Technology.