Organizations Have Options for Deploying Data in the Cloud, Here's Why In-VPC is the Best Choice

By Special Guest
Jeff Morris, VP Product & Solutions Marketing at Couchbase
  |  February 05, 2021

Technology conveys simplicity. Digging a hole with a shovel is much simpler than with a stick. Well-designed complexity creates the impression of simplicity. That shovel is more complicated than a stick, but it makes the job simpler.

It's dangerous to conflate complexity and simplicity, yet we often do. Psychologists call this the simplicity theory - situations can appear simpler than they are, and that's attractive to us. So, when a company hears that the cloud can save it money and resources by offloading much of the pain of technology ownership - well, that sounds great!

But it's not that...well, simple. Spiralling cloud consumption costs, compliance failures, and security breaches often stem from a company taking its eye off the ball. The cloud is fantastic on all three counts, yet only when managed correctly. If you hand all your autonomy over to a technology vendor, you begin to lose control. And you need to control ownership, policy, compliance, and security - especially around your data. No SLA is so iron-clad that a cloud provider will always accept fault if something terrible happens. Certain bucks always stop at the customer.

Virtual Private Clouds (VPCs) can help address this challenge. A VPC is essentially a private cloud environment defined inside a public cloud service provider. It's a model that helps balance the benefits of the cloud with the responsibilities of customers. 

At the macro level, VPCs cover all the bases. But there are still several trade-offs that companies shouldn't be making, especially when it comes to controlling their data. A classic problem with public-cloud and SaaS (News - Alert) hosting is not knowing where your data physically resides, raising data sovereignty issues. Blindly using a software-as-a-service who abstracts away where your data resides can be an expensive policy failure waiting to happen.  And conversely, an over-reliance on a specific cloud provider may inevitably translate into lock-in, limiting the capacity to change providers or negotiate better hosting agreements. 

The answer is to put the database layer's oversight and control back into the customer's hands but keep the VPC infrastructure environment. We call this In-VPC deployment: a platform service placed inside the virtual private cloud and integrated with peripheral services, but wholly and independently controlled by the customer. An In-VPC approach helps a company keep its data environment under its thumb, and as a result it allows them to better control costs and lower risk. 

Some still hold the view that the cloud should take care of everything. But as adventures in outsourcing have taught many companies, there is no such thing as handing it all over - something noted in Economic Nobel (News - Alert) Laureate Ronald Coase's theory of the firm.. Firms maintain internal environments for reasons of cost efficiency and control. If you could hand all of that off, you literally wouldn't need a company. You also would-be losing differentiators, such as your customer list or patented processes. 

So, nobody gives it all away. And in the age of technology, you really cannot hand off your policy or configuration responsibilities, nor do they effortlessly propagate into hosted environments. This leads to cracks, such as when 23,000 MongoDB databases were breached earlier this year through an automated scripting attack. This attack was possible due to databases being misconfigured to expose sensitive information. Extending your policies into your virtual environments is very important - and In-VPC facilitates that responsibility for the database layer. 

Another view says In-VPC is not suited for smaller companies. But it's a redundant observation: the bigger the company, the larger its requirements for compliance, security, and policy enforcement. So obviously, it would benefit more from a deployment model that facilitates those areas. Yet even smaller companies should consider In-VPC for two reasons: as a platform service, it establishes a separate transparent accounting of resource consumption between data services and infrastructure to manage cost, and growing companies will eventually need this level of abstraction and control over their data assets. 

Why deploy data to the cloud via In-VPC? The inherent risk of the cloud is that you start losing in terms of cost, oversight, and flexibility if you hand over too much control. Unfortunately, the cloud's projected simplicity and background complexity often conflate. 

Fortunately, it's possible and cost-effective to create segmentation between what you need and what you'd prefer to be someone else's responsibility. It is possible to get the best of the cloud and still fully control your data services, storage volumes, locations, access, configuration, encryption, cost negotiation, etc. In-VPC deployment is the answer. 




Edited by Maurice Nagle