If you’re interested in this topic (agree or disagree), we’d love to have you join the community.
Does “Modern On-prem” mean no cloud computing?
Modern On-prem is not about the location of the servers, but rather about who has logical control of the applications, data, and network. This means that a VPC provided by an IaaS provider and controlled by the enterprise can be an integral part of a Modern On-prem strategy. This provides the same elastic compute, storage, and managed services that most SaaS providers rely on. By using an IaaS provider to create a VPC for Modern On-prem applications, enterprises need to gain security assurance against a single vendor vs hundreds or thousands of SaaS vendors.
Is Modern On-prem actually different from traditional on-prem?
In a presentation about how to start an enterprise software company, Aaron Levie was discussing the rack and stack nature of traditional on-prem software and he made the claim that “the flaw of on-premise computing was that you were repeating so much of this work, you were creating so much redundancy, and it was then slowing down the entire process.” However, Modern On-prem does not suffer this same flaw. The same Kubernetes manifests & images that the vendor is using to operate the application in a SaaS environment can be distributed to customers to deliver to their Kubernetes cluster. More importantly, modern enterprises are already have (or are implementing) a 1st-party deployment pipeline that they can leverage to deploy and operate 3rd-party applications. Each new Modern On-prem application that an enterprise adds is not a net-new process, rather it is an incremental use of an existing process.
Can’t we just encrypt everything, use EKM or FHE?
While the market continues to tout encryption techniques to increase trust with enterprises, encryption is not the solution for fully functional applications and true zero trust. Find out more with SaaS Encryption Isn’t Secure
Is Modern On-prem really more secure?
While consuming applications on-prem does not make the data inherently more secure, Modern On-prem recognizes that as more companies transform into software companies, they are increasingly capable of securing applications on servers they control. Enterprises also shouldn’t have to trust 1,000 different SaaS vendors with their data, but they can get comfortable with a few of the largest as true partners.
Control over where and how data is stored and how it is used is also becoming more necessary as a result of laws like GDPR and industry-specific regulations.
What size organizations should use Modern On-prem?
Eventually organizations of every size should be able to use Modern On-prem applications. Today it is easier to sign up for SaaS applications and start using them straight away. However, as software eats the world, more and more companies have to make software development a core competency. As they do, they’ll be able to adopt a Modern On-prem strategy.
Do I need to use a VPN to secure these applications?
No, several companies who are using Modern On-prem applications are securing them with a BeyondCorp-like architecture.
How is this different than GKE On-prem, AWS Outposts etc?
Initiatives by IaaS providers like GKE On-prem, Azure Stack, AWS Outposts, RDS on-prem w/ VMWare and those by the enterprise PaaS providers Pivotal, Docker Inc, Rancher, OpenShift, OpenStack, VMWare, etc. are definitely related, but the “Modern On-prem” movement is about 3rd-party application automation & portability. These other offerings are really for 1st-party application SDLCs with a focus on “hybrid clouds” that mix IaaS and on-prem datacenters. These initiatives are great because they give large enterprises more access to programmable infrastructure, which is a backbone of Modern On-prem applications.
Can’t we just have the vendor manage the application via remote SSH?
Providing 3rd-party application vendors with remote access to the application they delivered, running in your environment doesn’t reduce the surface area of the data. If someone can remotely access the system and view or collect any data, then they need to be vetted to same level of a SaaS vendor.