In the roughly 15 years since cloud has become a thing, the distinctions between various service delivery models and “as a Service” (aaS) options have done more to confuse than clarify the real differentiators that are pertinent to customers. But the question of whether to go for vendor-managed service versus customer-managed service, and who does what in those models, is an important question for everyone—whether it’s their first time moving to cloud, or if they are longtime cloud users.
Back when cloud was seen as an early stage and risky proposition, IT leaders tended to think that if they could see, touch, and configure their own hardware, it would be safer than what a provider would give them in some far-off and barely understood cloud region. Over time, people realized that a huge cloud vendor with massive economies of scale, and lots of experts working on hardening and governance, could do a better job of securing their data than all the biggest and most sophisticated enterprises could on their own.
The question of who must do what in IT service delivery relationships is often called the shared responsibility model. This defines the vendor’s accountability for the safety of the service, and where the accountability shifts to the customer for the security and integrity of their data and operations. The boundaries of this model make up the major difference between a fully managed service and a customer-managed service.
There’s lots of things that have to happen for a cloud service to be safe and effective. Not doing them poses tremendous risks to data security and company reputation, and can lead to operational issues and the possibility of fines. Customers that take on a service they have to manage often get into trouble, mostly because they underestimate the complexity and importance of these tasks. But when Snowflake customers use our fully managed cloud service, we take care of these things for them as part of that service, including:
- Virtual network management: In a fully managed offering, the service runs in a cloud tenancy provided by the vendor. Customers don’t have to worry about the many pitfalls of misconfiguring their virtual private cloud (VPC) as they would with a PaaS offering that runs in the customer’s network.
- Non-disruptive upgrades: With a fully managed data platform, the vendor deals with software version upgrades and patches, and in the case of Snowflake these upgrades are non-disruptive. We take care of planning, executing, and verifying upgrades, and we do them using a rolling process that allows everybody to get upgraded without any downtime. This also means that all customers run on the same software with the same capabilities. When you read the documentation on PaaS offerings, you’ll often see references to features that are not supported in certain versions of the service, along with outage windows for planned maintenance—none of that is an issue with Snowflake.
- Penetration and vulnerability testing: When a vendor fully manages an enterprise tech platform, it’s the responsibility of the vendor to identify and mitigate gaps that can lead to data breaches or outages. Relatedly, vendors that run a fully managed service for their customers generally have a bigger and more highly experienced staff dedicated to dealing with these issues, and their attack vector is bigger. The vendor sees all the events related to the usage of the entire platform, and can address them for all users, as opposed to an individual user that sees and addresses only events that happen in their usage of the service.
- High availability architecture: You don’t have to choose a fully managed offering to get an architecture that spans availability zones and automates the process of directing traffic to healthy resources, but many customer-managed data platforms on the market don’t offer automatic, built-in high availability, while most cloud-native, vendor-managed options do.
- Instant availability of resources: When a vendor builds out a fully managed service in a cloud region, most of them create a spare pool of resources that helps enable instant scalability. Because these resources run in the vendor VPC, they can be shared across all customers running in that region. With a customer-managed service, customers run compute in their own tenancy, and if they want a spare pool, they have to pay for it, defeating the purpose of cloud-supported elasticity. This means that for most customer-managed platforms, there’s a 5 to 15-minute delay to add more capacity, where the customer has to procure an instance, load software, and join it to the cluster—all things that happen instantly with a fully managed offering and its shared hot pool of resources.
- Near-zero administration effort: With Snowflake’s advanced fully managed offering, there are few knobs to turn—it works well from day one. Ongoing usage requires little in the way of tuning or optimization, and maintenance tasks such as running vacuum commands and other housekeeping tasks happen in the background with no customer effort or impact. This has a significant effect on the total cost of running that solution, helping to reduce the number and expertise of administrators, one of the biggest and least flexible cost factors of any solution.
- Cross-cloud management and consistency: Most self-managed services are specific to one cloud. If it runs in multiple clouds, there’s often differences in pricing, features, performance, and documentation as well as limitations relative to replication features and interaction across regions and clouds. Snowflake runs the same code in each cloud, on similar infrastructure, with as little variation as possible, supports automated replication across clouds that can deliver a one-minute recovery time objective (RTO), and a one-minute recovery point objective (RPO) by failing over to another cloud in the event of a full cloud outage.
- Regulatory compliance advantages: Because Snowflake is a fully managed service, customers are generally able to benefit from the certifications we’ve already achieved. HITRUST and Fedramp are examples of compliance certifications that we’ve received that customers are able to leverage with minimal effort when they use Snowflake. Most self-managed data platforms require the customer to extensively configure their environment and include their entire stack in their certification scope. In addition, Snowflake’s commercial certifications such as HITRUST, SOC1/2, ISO 27001/17/18, PCI, etc., apply consistently across all of our supported regions, irrespective of the underlying IaaS partner. This allows our customers to adopt a true multi-cloud strategy, or move across clouds, without having to do separate work to be compliant on each cloud, or compromise regulatory compliance when moving from one to the other.
- Extensibility to customer-developed apps: Snowflake supports customers building their own data-centric applications on top of the fully managed platform that we run for them. When they do this, they inherit many of the security, compliance, auditability, and observability functions that are included in our core platform. This gives customers a significant head start when they build applications that use data stored in Snowflake, and eliminates a lot of effort as they work to make sure that their applications are safe and effective in managing data.
Many enterprise buyers struggle to choose the right data platform to meet their needs, focusing solely on feature and pricing differences to make their choice. But comparing a fully managed service to a customer-managed one gets complicated when you take into consideration the value of all of the different services we’ve just covered here. With a customer-managed service, you should expect to plan, implement, and manage these things on your own, and so when calculating the total cost of ownership you must factor in the cost of all these functions, your ability to hire for them, and the time it will take to build proficiency in them. In comparison, a fully managed solution generally includes this non-exhaustive list of things, while customers managing their own platforms bear them in addition to the base solution cost itself. Those additional costs often make the total cost of operating customer managed solutions far higher than that of a fully managed solution.
It’s a hard job to build effective enterprise software, but it’s a different and harder job to run that software in the cloud for customers in an environment that’s secure and reliable. Snowflake has had 10 years of experience delivering a fully managed cloud-native data platform, and this has allowed us to refine our processes and learn important lessons along the way. Today, more customers are seeing the benefits of a fully managed enterprise data solution versus managing a solution themselves, and vendors are trying to get up to speed quickly in running such a service. We know that our customers love us for the service we provide, and the fact that with Snowflake they can stop worrying about their data and focus instead on using that data to grow their business.