·  articles

Connecting to Cloud: Which method is best for you?

In this blog, we explore two common methods to connect to the cloud; public internet and private dedicated networks. We’ll consider the pros and cons of each, focusing on three key areas - security, cost and performance.

Knowledge Centre

Let's talk security

Internet

Exposing business traffic to the internet could make the network susceptible to Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks against routers and links that you don’t control. Traffic can be end-to-end encrypted via Virtual Private Networks (VPN), but these may be limited in terms of bandwidth or packet size, slowing down the network, rendering the internet unsuitable for large volumes of information.

Many applications, especially in the B2C or public sector, simply have to be exposed to the internet in order for their users to access them. If this is the case for you, look into Web Application Firewall services which can help keep you protected from internet-borne threats.

Private

Connecting to the cloud via a direct connection limits the available points of access, because the network is private. This method of connectivity reduces data exposure and opportunity for a security breach while data is in transit. You decide who can be on the network and what they can access. The source, destination and the routes between are all controlled by you or your network provider, per your instructions.

This control can, in some cases, be a barrier to interoperability. Policies generally deny by default which means applications and users may not be able to connect without your intervention. For larger organisations, this means you’ll need dedicated resources for ongoing management, or employ a Managed Service Provider (MSP).

Cost considerations

Internet

Using the Internet as backbone is one of the cheapest and easiest ways to connect to the cloud. You can use existing links that your business has in place, making setup simple. For low to medium priority traffic, the Internet is often totally sufficient and cost effective.

However, be aware of data egress costs from cloud environments to the internet. Whilst providers will charge you nothing for ingress, egress can cost around $0.08–$0.12 per GB. If you’re sending a lot of data out to the internet, this can stack up!

Private

Direct connections are generally more expensive to initially deploy, after all, you’re getting a private circuit. However, if you’re moving large quantities of data out of the cloud it might be the way to go. 

Compared to the internet, cloud providers offer much lower egress charges for dedicated connections like ExpressRoute (Azure), Direct Connect (AWS) and Cloud Interconnect (GCP). Costs depend on region, but could be more like $0.02 per GB, a fraction of the cost.

If you have a mission critical workload generating a ton of traffic - it’s worth simulating some cost comparisons. You might be surprised by the results!

Performance

Internet

Public internet is a shared network, which can get congested. When this happens, the network will make a ‘best effort’ to use an alternative route from A to B. This might include more hops and increase latency, or cause the connection to be unstable, resulting in lost packets. For non-essential traffic, a couple of milliseconds delay and a spotty connection might not be an issue.

It should be said that there are different variations of internet connectivity. Whilst basic services could throttle your connection, others provide direct internet access or ‘private internet’ services that are very flexible, reliable, and allow you to scale up and down bandwidths relatively easily. It’s worth looking around at the options.

Private

Unlike the internet, private networks come with an SLA and support, guaranteeing a quality of service and availability for the business. Upload and download speeds are often far better than public internet, as everything end-end is within the control of the provider.

Direct links can also work with a wider range of network topologies, supporting cloud to cloud routing, which public internet isn’t suited to. This makes private connectivity more versatile. On the other hand, telco providers can be inflexible. It may be tricky to adjust the bandwidth of a dedicated link once it has been deployed, forcing you to over provision up front.

Summary

When assessing your options, think about what other variables might be important to your particular situation. Reliability, scalability, customer support may also factor into your thinking. It doesn’t need to be an either/or decision - a blend of connectivity methods in a single ecosystem is completely feasible and doesn’t have to cost the earth.

We do networks differently

Cloud Gateway was founded to deal with the technical and commercial bottlenecks that stifle digital transformation. We are bringing networking and secure connectivity into the digital age through cultural, commercial and technical innovation. 

We work alongside you to design, build and deploy a bespoke solution that meets your needs right now, whilst laying a digital foundation for future transformation plans.

If you’d like to discuss this further with Cloud Gateway, we can be contacted here.

Author

|

Share:


Download our latest A Rough Guide to SASE ebook.

By way of an introduction, we have launched our Rough Guide to SASE ebook showcasing the different component parts of the framework and providing an explanation of the value and benefit they can deliver for your organisation.

Download