On-premises or in the cloud?

This week my partner and I traveled north to visit a client that manufactures medical devices. The client was evaluating an MES system for a new plant under construction, and just as our conversation was wrapping up, the IT manager we were meeting with suddenly exclaimed: "Oh right! This MES also has to run in the cloud — can you do that?"

This is something I've rarely encountered over the past two years of visiting manufacturers and building software for them.

The internet companies and startups I'd worked at were all already in the cloud, or well on their way there. But perhaps because manufacturing has a different cost structure and isn't a digitally native industry, most of these clients — worried about cost and security — tend to favor the approach they already know: have a software vendor procure the hardware and build the system inside the plant, an architecture commonly called on-premises (or on-prem for short).

Concern 1: Cost

On cost, clients intuitively think: "The cost of buying servers, industrial PCs, and networking equipment only covers one or two years of a cloud provider's rent — so surely the on-prem architecture is the better deal, isn't it?"

But all hardware eventually fails. What a business should weigh is not the cost of repairs or new hardware, but the loss from interrupted operations. If a company buys an on-prem ERP system, a hardware failure on the server can disrupt daily operations for hours or even days. In the cloud, all of the underlying hardware maintenance is handled by the cloud provider, and replacing hardware never affects the operation of the software system. What's more, when procuring the hardware for an on-prem system, the vendor estimates demand based on future usage, and you often end up with hardware that far exceeds your near-term needs — yet you still have to buy higher-spec hardware to replace it as the business grows. In the cloud, a company can scale compute, memory, and storage to match its growth.

Hardware cost is relatively minor; what matters more is the cost of talent. As industry structures shift and emerging industries continue to rise, "the worry for businesses isn't that IT talent commands a high salary — it's that they can barely compete for IT talent at all." Small and medium manufacturers have relatively small IT teams, usually just one to four people who each wear many hats, so losing even one person is a heavy blow to capability. On top of that, the paradigm shift in the software industry from on-prem to cloud happened long ago; the new generation of IT talent is more familiar with operating cloud services and less so with hardware and system maintenance than before.

Concern 2: Security

Most clients' security concerns stem from a lack of understanding of how computers and networks work: "If this system goes in the cloud, won't my data be easy to steal?"

Faced with this concern, I suggest clients think about it this way. Data theft can broadly be divided into three categories. First, targeted attacks, which aim at specific companies, industries, or government organizations and use social engineering via email, phone, and other channels to gain access to the internal network. Second, misconfiguration that exposes a service to the public internet, which is highly vulnerable to vulnerability scanning and brute-force attacks. Third, improper permissions and policies, which cause data to leak accidentally through various storage media. All three categories can occur whether the software system is deployed in the cloud or on-prem, and the change should start with staff training and policy-making.

On hearing these risks, clients used to ask: "Then I'll just keep all the software systems on-prem and not expose them to the outside — wouldn't that work?"

But as companies grow more dependent on software systems and must retain the flexibility for remote work, this isolationist approach is no longer viable. Compared with on-prem systems, whose security depends on the architectural skills of IT staff, cloud providers mostly offer secure architecture designs and secure defaults out of the box.

Conclusion

Many owners and managers instinctively approach adopting software systems with the mindset of buying production equipment, thinking in terms of how many years it takes to amortize the cost. But what owners easily overlook is that software systems, like production equipment, need careful and continuous upkeep. In manufacturing, the IT department is often a low-status function with little organizational clout, lacking the resources to hire top talent. Moving toward software systems that can run in the cloud is an approach that delivers greater "people efficiency" — and attracts the new generation of IT talent.