The adoption of Cloud is surely becoming a key driving force for businesses today, as businesses are moving out of on-premises data centers in a bid to innovate, optimize cost, and increase business performance.
Public Cloud has become frontier in our daily lives and integrated so much that we do not even think many of our services are delivered via the Cloud in one form, or another.
IT leadership for service providers are embracing the public Cloud more than ever before. Yet, the choices for CIOs and CTOs alike are confusing, as the demand on IT systems explodes. Through this blog, I will explore how to determine which public Cloud is a better choice for your organization.
Let’s “double-click” the graph below from Gartner to explore the 3 main competitors, and where each of these Cloud Service Providers (CSP) stand.
How to Choose the Right Provider?
Needless to say, that personal preference is often influenced by our perceptions of a certain provider, offered incentives, and whole slew of other factors play into how we favor one CSP over the other.
When it comes to Cloud computing, three biggest giants (Azure, AWS GCP) cater quite differently to earn our business. I will outline some of the main factors to consider while choosing a CSP when it comes to what is best for yours.
AWS and Azure both offer a vast and competing array of services in IaaS, PaaS, and SaaS models. GCP is a late-comer to the Cloud game compared to them when it comes to number of services, but they compete in some of the major areas such as Big Data, Compute resources, Networking, and a leader in the Cognitive (AI/ML) realm.
While AWS touts everything on the Public Cloud, Azure caters to those also needing a Hybrid or Private Cloud, in addition to Public Cloud. Azure can also take advantage of existing Enterprise Agreement (EA) and has a price-competitive advantage, whereas GCP focus has not been on the enterprise at this time but bubbling to surface.
2. Startup Speed
All three CSPs can facilitate a quick start to get you in their environment and start playing. Whether it’s creating applications without infrastructure (PaaS) or setting up a couple of load-balanced VMs receiving hits to the “Hello World!” web page you just created (IaaS), all three providers cater to the newbie and advanced users alike.
Each CSP has its own problems at various times. If we compare the Cloud to a commercial airplane, there are many parts that can fail, yet the plane keeps flying. Same is true for CSPs.
For example, when a seat breaks, it can be changed without bringing the flight down. Even if an engine malfunctions, there is a second engine that can manage that, albeit in a reduced capacity. Cloud providers tout redundancy and offer a variety of architectures to maximize reliability. However, it is often up to the customer to architect the application in a resilient manner.
This word can be deceiving because performance is a matter of perception, and relative to the application architecture and business requirements. Websites needing lighting speed page rendering can be sure that each provider excels in ensuring maximum performance. However, once we go beyond the front page, and require access to the application and database servers, or connectivity to other third-party services, it is up to us to ensure we have architected the best possible solution to maximize performance.
Bottom line: all 3 compete for best in performance!
The location discussion is often used to gain a competitive advantage, but in all reality, it depends on the application, services, and compliance requirements. AWS has an extensive table of locations and services for each service, meaning not all services are available everywhere.
Similarly, Azure has its own table of locations and services for their offerings, and of course GCP is not left behind. Here’s their table of locations and services.
Support models are similar with all 3 providers. While AWS offers 3 types of support (as low as $29/month), Azure offers 5 levels of support, starting with FREE – Premier support. GCP’s plans are 4 levels and also offer FREE – Premium levels.
When it comes to support, costs should not be a determining factor. Afterall, would we really want the cheapest eye surgeon, or would we rather have the surgeon who is more skilled to work on our vision?
AWS and Azure are pumping out services both on IaaS and PaaS neck and neck, appealing to startups and enterprises alike. While it may seem GCP is not keeping up, they are slowly but surely onboarding enterprise customers with the GCP and G-Suite products.
Azure tends to be a popular choice with executives that have long-standing relationships with the existing partners and know that they can consume a great deal of their Cloud computing needs.
The topic of security can be debated between experts for ages, with no clear winner. Security is not a product, service, or a 1-size-fits-all concept. Digging a level deeper, Cloud computing security can be described as a set of policies, procedures, technologies, and products along with appropriate implementation.
These measures combined in varying degrees to protect applications, data, content, reputations, and whatever else an enterprise deems valuable. There are several concepts mentioned above that help establish a security perimeter and lower the attack surface for what we consider of value.
All 3 Cloud providers take security very seriously and pride themselves in their innovations. They provide core features like API gateways, Web Application Firewalls (WAF), DDoS protection, vulnerability assessment tools, advisory tools for security best practices, and Multi-Factor Authentication (MFA) just to name a few.
Additionally, CSPs minimize the number of inbound service connectivity, meaning resources do not have inbound traffic unless it is explicitly allowed, except for standard connections like SSH and RDP. This is in addition to the default disallow rules for inter-network connections to other services, both IaaS and PaaS alike.
AWS focuses on “isolation”, but for with an added cost of management overhead. Its IAM service hinders the users’ ability to manage IAM at scale. AWS also has its Security Hub which has a detailed view of the of security across the services. Overall, AWS is one of the leaders in Cloud security.
Perception around Azure security may have a misguided past, but those perceptions are outdated, and no longer valid. Azure Active Directory is the single source of truth for authentication and authorization. This is a good thing when it comes to enterprises where userbase needs to be managed at scale. Furthermore, Azure Security Center, assess the “security posture” of the subscriber along with a score, letting the enterprise focus efforts on the area’s most important to its business.
GCP is again the underdog when it comes to security. While not overly publicized like the other two competitors, Google’s Security Command Center, provides the same functionality as the other two Cloud providers. The downside for Google is that since its Cloud offering is relatively young, finding experts in the market may not be as easy. Although, security is a state of mind, more so than a collective of tools.
This subject has been a hot topic in the recent years, as information about our credit cards, personal data, health records, and our privacy are at risk. Tripwire, a leading security provider, has a relatively recent article (about 2.5 years old, yet still very relevant) named “The Cloud’s Shared Responsibility Model Explained” which discusses “security in the Cloud” vs. “security of the Cloud” to differentiate between who is responsible for which part of the service that ultimately reaches the end consumer.
Compliance has a large scope when it comes to transactions, region, data classification, government regulations, and a whole set of other requirements when it comes to government contracting which has its own compliance and certifications. Some of the most common regulatory requirements include HIPAA, PCI DSS, and GLBA.
Keep in mind that while Cloud companies have a certain responsibility to protect your infrastructure, applications, and data, it is incumbent upon the enterprise to protect its own and its customers’ data. Afterall, one can keep out all the hackers, but if the database password is “123456”, all the brute-force protections are not going to stop a data breach.
10. Cost vs. Value
Okay, we all knew this was coming! Is cheaper better? Do you need a “Ferrari” service? What makes the most sense for your organization? Does an organization really need a 32-core, 256GB with premium solid-state drives to run a corporate web server, or should they have instances in Australia and China, when most of the traffic is coming from the US?
We get these questions at WinWire several times a month from our potential customers. CSPs make it incredibly easy to spend money, and it is up to the enterprise to contain sprawling, although they do provide some tools to save ourselves from . . well, ourselves!
We will not be comparing a lot of individual SKUs’ costs between providers but will discuss as a general guideline on how to go about using the cost model to help further guide the CSP selection process. Just like all the other services in the Cloud, costs depend on consumption, and really what the Business requires.
Let us examine some of the basic services such as Compute (CPU/RAM) and storage PAYG = Pay as You Go, 1Y = 1 Year Contract, 3Y = 3 Year Contract. Also, need a way to designate 2/8 as 2-CPU, 8GB. Each logo is a link to the respective CSP.
As it is shown in the very basic pricing table, there is no clear winner. Each CSP has its sweet spot for services, but competitive in many areas. As an example, recently Azure started price matching AWS’s S3 storage pricing, while Google offers a very similar rate.
The PAYG model, offers the most flexibility, yet is the most expensive. Reserved Instances are a way for CSPs to forecast a revenue model, and as a prize, the consumer pays less for a longer commitment. Those who can make the most upfront pledge, can benefit the most, but it needs to be balanced with the organization’s fiscal ability.
Although each CSP’s base services may seem similar, costs will vary depending on workload’s size, scale, availability requirements, redundancy, integrations, security, and a host of other variations. Just because one charges less in one area, it just means they are charging less in that area, seriously!
AWS recently shifted to a per-second pricing to distinguish itself, while Azure now offers further discounts with its hybrid pricing. GCP’s low compute rates for certain workloads appeals to a certain group of consumers. Not all consumers will pay MSRP, as price negotiations, incentives, commitments, and BYOL continue to shift the balance in favor of the one who can adapt the most.
However, making a distinctive comparison can be challenging as all three CSPs offer varied pricing models, discounts and make frequent offers. This can be affected by volume discounts and negotiated with and by their sales personnel.
Each CSP’s Pricing Calculator can provide in-depth and detailed information: Microsoft provides its price calculator here, AWS here, and GCP here.
CSP War will Never End
As we have witnessed the classic battles between Michael Jordan, Larry Bird, and Magic Johnson. The sentiment is that everyone wins with competition because services get better, prices get lower, and it becomes easier to use.
AWS has been the king, as they were the pioneers of Cloud computing, and now Azure is inching closer to it, with GCP also not too far in the rear-view mirror.
Despite AWS’s dominance, Microsoft has gained immense ground under the leadership of “Cloud-First” CEO Satya Nadella, building a huge global Cloud network of its own.
Which Cloud is best for your organization? That is a question that can only be answered by evaluating several factors in the organization. These include, but not limited to:
- Existing technologies
- Existing in-house expertise
- Existing software and hardware contracts
- Number of applications
- Legacy application portability
- Future-state requirements for services like AI, ML, Analytics etc
- Integrations with legacy systems (like AS400), or Cloud services (like Salesforce)
- Application availability requirements
- Business continuity plans
- Scale of workloads, current and future
- Budget to run parallel systems for the duration of move to Cloud
- Budget for consulting services to give the best advice on CSP selection
One competitive edge Microsoft offers is the ability to take advantage of the existing Enterprise Agreement and thanks to its combination of Azure, Microsoft 365 and Microsoft Teams, Microsoft is often seen as the safe global bet for customers, but most customers prefer to have two CSPs and leverage them based on their capability.