These days, security has become essential to modern data management. Every data-centric business is becoming more vulnerable to ever-more-sophisticated cyber attacks. With changes to modern working, security protocols also need to accommodate these new environments; with more companies embracing a distributed workforce across multiple time zones, data needs to be accessible from potentially anywhere in the world.
Many companies are solving these challenges by moving their critical services to cloud computing. There are lots of benefits to cloud storage, but is cloud computing safer than on-premise (or, more correctly, self-managed)?
On-premise computing means keeping all of your servers and data in your office building. The maintenance and management of the servers are managed by your IT team. This has the benefit of your IT team taking control of the situation in the event of a network outage, and fixing the issue straight away. On-premise computing can also be configured exactly to the company’s changing requirements and have the added benefit of being hosted on an on-premise virtual server on a private cloud server. This can also be referred to as self-managed computing.
Of course, there are negatives to self-managed. You will have to fund a secure, temperature-controlled room to store your servers, as well as purchase the servers, and pay staff to maintain those servers. Self-managed servers also complicate disaster-recovery plans; what if your office building flooded, or was destroyed? Any backup kept on-premise could also be lost, losing your valuable data.
In the Cloud
When your data is stored in the cloud, it is stored offsite on third-party servers. The actual servers containing your data are usually in a data center, which can be anywhere in the world. Your IT team does not have access or control over the physical servers, but they do have access to the service and can delegate access as required. In order to store data in the cloud, you’ll have a contract with the cloud provider. This is an extra ongoing cost, but it is less than the cost of maintaining servers on-premise. Using cloud computing also has the added benefit of allowing you to scale up when you need it.
EventStoreDB or Event Store Cloud?
EventStoreDB is self-managed: you can download it free and have it available on your servers. You can keep your download of EventStoreDB safe behind your own firewalls. This doesn’t mean that Event Store Cloud isn’t safe; Event Store Cloud has recently been ISO 27001 certified and received SOC 2 Type 1 attestation confirming that it adheres to secure industry standards.
Event Store Cloud is available with three different providers: AWS, GCP, and Azure. You will benefit from a single-tenant deployment, which means that your servers are used exclusively by you; our cloud experts only have access to maintain the systems while you decide who has access to EventStoreDB, giving you complete control over who can access the platform.
Event Store Cloud servers are encrypted at rest. Provider block level volume encryption is utilized via each cloud provider’s block storage implementation. Each encryption key is unique to each Event Store Cloud organization and is managed within that cloud’s native key manager.
To access your servers you have to establish a peering link between Event Store Cloud network and your own virtual private cloud (VPC). Internal service traffic via GRPC is not encrypted and is sandboxed within a private network zone. External and management traffic is encrypted in transit via TLS 1.3.
All this provides you peace of mind from attacks from the Internet.
Self-managed is as available as your servers are. Keeping them up and running requires that there are no problems on your premise, on the physical servers, on the network, having IT staff available 24x7 to address any problem.
Using Event Store Cloud you get rid of all the physical risks because they’re managed by highly available data centers, with IT staff available at all times, and you can choose to host the servers in multiple geographic zones, making it virtually impossible to shut down.
As with any technology, there are inherent risks, but Event Store Cloud’s availability is virtually unlimited. The Event Store Cloud status checker shows the availability over the last 90 days, with the option for historical uptime. Event Store Cloud has availability of anything from 99.91% to 100%, enabling you to trust the service will always be there for you.
In financial terms, self-managing your systems requires a higher initial expense because you must buy the systems. If we were talking about houses, their purchase is very expensive but their value won’t be significantly reduced in the future, or can even increase. Unfortunately, this is not applicable to computer systems, because what is considered a top performance system today won’t be in a few years. Using cloud computing is like renting a modern house that is always with the latest facilities.
Hosting EventStoreDB on privately-owned server space sounds cheaper if you already have server space available. But how much does it cost to you if you need a server deployed exclusively for EventStoreDB? How much does it cost to have staff who are trained and capable to manage the database? The costs of this are uncertain. With Event Store Cloud, the most you may need is sending developers on training courses (such as this one here.
Event Store Cloud is a managed service. Although there is a monthly cost to access the service, it is managed and always available. With Event Store Cloud there is an event console, giving you the opportunity to manage events as they occur.
The cost to your business for either EventStoreDB or Event Store Cloud will depend on your setup and requirements. You can use the Event Store Cloud pricing calculator to estimate how much it will cost.
So which is best?
If this is a question that is plaguing your business, ask yourself of your business: who is better equipped to manage your most important data? If managing your own private self-managed or privately hosted cloud server is too expensive, consider using a managed service provider who specializes in running the critical service you rely upon.
If you are a large company that needs to control all your data, self-managed may sound a better option. But with the level of control will come the costs associated with that: a well-funded digital infrastructure, private cloud, and full-time staff to manage these. But what if you want to ensure that you are following security best practices? Are you ISO 27001 certified? If not, how much would it cost you? Those are additional elements that you should consider in your cost analysis.
Honestly, this depends on your business setup: do you want something in-house, secure and available, or externally-hosted, secure, and available? Your use case will determine what is best for your business. If you still have concerns, you can contact us for help from our Developer Advocacy or Customer Success teams and they will help you start with EventStoreDB or Event Store Cloud.