Cloud computing has not just been signalling a shift in the way enterprises operate in recent years; it has emerged as one of the most transformative trends in the history of information technology.
Essentially, it has touched every single person in the world with access to the internet, and has drastically shaken up markets and changed the requirements for business.
There is no longer any doubt that practically every enterprise across the UK will adopt cloud in some way – the big question is exactly how that will be, to best suit each individual business’s needs.
The answer is, of course, complex, but can be broadly separated into three options: public, private or hybrid.
Small businesses have generally favoured public clouds from the likes of Google and Amazon Web Services so as to benefit from the low capex and quick deployments, while the large organisations that enjoy juicy IT budgets have opted to build their own private clouds.
For many in between, however, a hybrid model has gained popularity. This is not just for cost reasons, but in order to ease security concerns, as businesses can flaunt non-critical data in the public cloud while keeping the more sensitive data safely on-premise.
Picking up speed
As organisations’ network and storage components look to follow servers into the realms of virtualisation, this road to cloud is only set to accelerate. The pressure is on the CIO to deploy the right cloud model at the right time.
There are certain basic principles that organisations are following while adopting hybrid cloud.
For one, they are trying to create a portfolio of cloud resources – composed of public, internal and hosted deployments – linked together with traditional deployments via virtual private cloud.
They are also choosing to focus on the security model and policy with their CSO, along with security and risk management professionals, to understand what precautions must be taken for what types of data, to determine where applications can safely be deployed.
‘Organisations are also opting to reach out to hosting and service providers about their cloud plans,’ says Kalyan Kumar, chief technologist at HCL Technologies. ‘Organisations are trying to determine whether a hosted cloud is a possibility from these vendors, what degree of configurability is available, and whether they can provide virtual private cloud services between their data centre and the provider’s cloud offerings.’
Break it up
Most organisations are looking at their entire application estate and breaking it down into certain categories, such as security requirements, regulatory compliance, performance requirements and application support.
With this segmented information they can then decide which components can be transferred from the corporate data centre into the cloud, according to Len Padilla, VP product strategy at NTT Communications.
‘For example, virtualised x86 or managed services can be moved into the cloud through colocation or managed hosting,’ Padilla says. ‘But there are always going to be several parts of the ICT estate that will remain in the corporate data centre, including mainframes and latency-sensitive services.’
However, not everyone is enthused by the benefits of existing methods to deploy a hybrid cloud infrastructure.
‘In short, they do not deliver the efficiency, agility or scale required by modern enterprise users,’ says Sean Horne, CTO and senior director enterprise and mid-range storage at EMC. ‘The application “stacks” in the hybrid world of old were segregated.’
Such segregation can make it expensive to move or derive insight from data stored in applications across public and private cloud estates without an intelligent layer of orchestration.
With these multiple stacks, some companies have found that the cost savings were lost in trying to manage the process. Organisations could also lose their ability to respond to business changes quickly.
Horne adds, ‘Many of the private cloud applications that have been deployed to date are “second-platform” applications – traditionally coded client server apps that are not optimised to work in a world with an order of magnitude more users, who are all mobile and expect anywhere, anytime secure access.’
Agility is the key driver towards a hybrid cloud model as applications can dynamically move across either the public or private cloud platform depending on their requirements and criticality.
With this in mind, Archie Hendryx, principal vArchitect at VCE, attributes the limitations to date of hybrid cloud to people and process.
‘To achieve this successfully there need to be drastic changes in the traditional IT operational processes where a siloed IT culture focuses on in-house technical expertise,’ he says. ‘Where hybrid clouds have emerged from initial private cloud deployments, the existing, stagnated, siloed processes aren’t suitable for the fully automated, self-service, service-oriented approach of hybrid clouds.’
In the meantime, there is a gradual mind shift in motion around public cloud. While, to many, public cloud has been synonymous with vulnerability and lack of control, many businesses are beginning to toy with the idea of placing data in such environments.
There is no doubt that managing, provisioning and integrating both public and private clouds – coupled with hosting on-premise architecture in a secure and standardised way – can amount to a daunting task.
Various industries have their own individual concerns regarding the sanctity of their data, but that is not to say that these challenges are insurmountable.
‘One third of high performers have already replaced their legacy infrastructure with both private and public cloud components,’ says Matthew Coates, managing director of Accenture Cloud.
‘The fear of losing critical data should not paralyse organisations making the jump to hybrid cloud environments.
‘A clear and well-disseminated plan of data storage and data boundaries still offers the most effective means of mitigating these concerns.’
On top of this, CIOs are also blinded by conflicting information about cloud in what has become an extremely congested market. What they really want to know is how they can decide what data to put where.
Don’t forget on-premise
There is often a tendency to focus too much on just looking for a new financial model – turning capex into opex. It is important to look at all aspects and not forget that cloud computing can also be implemented on-premise.
‘Too often, CIOs only consider the public cloud in order to gain a more agile environment compared with their existing IT estate,’ says Richard Garsthagen, director cloud business development, Oracle EMEA. ‘They forget, or don’t know, that they can also make this transformation internally by implementing on-premise automation, self-service capabilities and chargeback and metering methods, based on highly consolidated and shared platforms.’
Another fundamental consideration is the ability to move data between private and public clouds easily.
Hybrid cloud should represent the dynamic allocation of resources across multiple platforms, and allow users to ensure that service placement is not a one-way street or one-time decision.
Gaining the freedom and flexibility to move workloads between on-site data centres or internal private clouds to a public cloud environment is, therefore, an invaluable business benefit.
‘Being able to move data more fluidly will significantly speed up the launch of new applications, products and services to support the business’s needs and, ultimately, increase productivity and agility while lowering total cost of ownership,’ says Richard Munro, director of vCHS technical services at VMware. ‘Businesses will then be able to free up resources so that they can focus on innovation.’
Brokering the clouds
Determining the most beneficial ways to procure, implement and manage cloud technologies can present complex issues for users. This need to manage the composition of the hybrid cloud has seen IT faced with a new job: cloud service broker (CSB).
The role of the CSB, including aggregating, integrating and customising services, can vary largely according to the wants and needs of each organisation.
‘It’s absolutely a relevant and necessary model and role,’ says Jo Laking, UKI cloud leader at Cisco. ‘The CSB is a third party that can access resources from multiple clouds, and is typically connected to multiple data centres.
‘Sometimes the brokers own their own cloud or clouds, and have their own resources, while in other instances they perform the role of a more literal “broker”, helping facilitate the relationships and agreements necessary on behalf of an organisation.’
With the future of hybrid cloud largely dependent upon the changing mindsets of CIOs, particularly in relation to the public cloud, it’s difficult to predict where the market will go.
According to Gartner, the most common architectures will be ad hoc. Standards that enable portability of workloads across (different or dissimilar) clouds are simply not mature enough for anything else yet.
‘Initially, the required functions will be created for specific situations, if the need or the benefit is big enough to warrant the effort,’ says Gregor Petri, research director at the analyst firm. ‘From that, some best practices will emerge and, based on that, certain standards or standard approaches may emerge.
‘But this is one of the fastest-moving areas of the IT industry, and it is too early to pick winners or label losers.’
>See also: Transforming IT into a cloud service broker
What the experts say
‘Companies should be cautious and have their eyes open when putting any data into the cloud. If they do decide to place some of their business critical data into a cloud service, they should be aware of the downsides. As we now know from reading the front pages, they have spotty records in protecting data. At a minimum, cloud services should support the same kinds of functionality that businesses take for granted with on-premise solutions – two-factor authentication by default, actively monitor accounts for abnormal behaviors, notify subscribers immediately when they suspect a breach, and have clear backup procedures.’
– Simon Crosby, CTO, Bromium
‘Fearing the public cloud when it comes to business critical data is just silly. Most cloud vendors have security that’s significantly more secure than anything an individual organisation could hope to achieve. The level of security required boils down to what your requirements are for business critical data. It’s important you define what your security requirements are and then assess the delivery platform against these requirements. Don’t just assume that public cloud isn’t secure. Do the due diligence.’
– Jon Milward, Operations Director of Integrated Solutions, Northdoor
‘It's about picking the right platforms for the right applications – not trying to force square pegs into round holes. Organisations should be looking towards hybrid IT solutions and tailoring their cloud use to best suit the needs of their business, whether this is done alone or through a managed services technology partner. If the latter, it is essential that any partner is willing to take the necessary time to really understand what the business is trying to achieve and then use their expertise to create – and manage – the environments that offer the best strategic fit.’
– Keith, EVP of EMEA and APAC, Sungard Availability Services
‘All CIOs and enterprises must now consider how they will securely support their teams, and deliver relevant applications, in a mobile world. Solutions need to be accessible from a number of devices, regardless of where an employee is working. The greatest risk is that data is no longer just living on desktops in the actual office buildings of an enterprise. CIOs can minimise any risk of data leakage by deploying solutions for their workers that are easy to use, while keeping data secure and compliant.’
– Paul Steiner, MD, EMEA, Accellion
‘Unfortunately, we will continue to see hybrid cloud models forced on customers who don’t want them. However as SDDCs and SDN technology matures I do think, even within a year, we will see some radical new innovation and utilization. If you look at the definition of a cloud (scalability, elasticity, resiliency, agility, sharing of infrastructure), who wouldn’t want those attributes in their applications and network?’
– Patrick Foxhoven, VP and CTO of emerging technologies, Zscaler
‘Most organisations have adopted a self-build, do-it-yourself approach to building hybrid clouds. This ‘homebrew’ solution involves creating a Version 0, which is then constantly re-engineered to meet the evolving demands of the business. Often mis-aligned and disjointed, this hybrid cloud toolkit has inconsistent formats across the organisation, as well as carrying varying degrees of functionality, reflecting poorly on the capabilities of cloud from a user experience perspective.’
– Mark Keepax, SVP UK and Ireland, ASG Software Solutions
‘Security is still a concern in a cloud and non-cloud enterprise scenario. What is really encouraging today is the willingness of cloud vendors and service providers to invest in technology to protect their clients’ data. Due to this persistent focus on security, the cloud industry has been investing heavily in developing comprehensive security solutions to make cloud, in general, and specifically public cloud more secure. Public clouds are now capable of providing the same level of controls and confidence through a combination of native security and third party controls.’
– Saju Sankaran, associate VP, cloud and infrastructure services, Infosys
‘Enterprises are wrong to be scared of the public cloud. According to our CSR report, the cloud is being attacked at a near equivalent rate as your enterprise data centres. The type of attacks are what differs. If we can learn anything from the Heartbleed Bug earlier this month is that it's a service provider's business to stay ahead of patching environments because they have teams of people dedicated to keeping environments secure. I can’t say the same about all enterprise environments.’
– Stephen Coty, chief security evangelist, Alert Logic
‘I wish it were as easy as saying everything can go in the cloud, even if this is technically feasible and presents no real additional security risk then the psychological barriers can prove insurmountable. My advice would be to create your hybrid cloud that has various properties from security capability through to performance. This will then give the business the options to place workloads and data where it fits naturaly depending on the requirements. Unfortunately there is no one size fits all solution here as every business is different.'
– Chris Leigh-Currill, CEO, Ospero
‘In my view, CIOs should implement a hybrid cloud solution, reserving public cloud for specific, low risk, less critical services and continuing to run other services in-house. This means that they will still need to have and run their own infrastructure, or have a trusted third party run it for them. Once the organisation is familiar and comfortable with cloud concepts and practices, and they have tested public cloud, then they can consider moving more services to public cloud services if it is appropriate for their business to do so.’
– Richard Blanford, managing director, Fordway
‘Hybrid clouds integrate and utilise the qualities of both public and private clouds concurrently, allowing companies to take advantage of both types of clouds and enjoy the benefits of each, such as the cost effectiveness of public cloud and the security of private cloud. Although using the combination of private and public clouds can reap fantastic rewards for organisations, it does come with a new set of considerations and decisions that need to be made to avoid costly errors or outages.’
– Nick Williams, senior product manager EMEA, Brocade
‘Companies that are starting to work with big data are likely to need hybrid infrastructures. Many of these companies are probably using virtualisation at the moment and are very likely to discover that virtualised private clouds offer neither the performance, nor the scalability needed to efficiently process big data. So it’s likely they’ll be looking for a way to connect their existing, virtualised infrastructure with a more high-performance environment for crunching big data.’
– Ioana Hreninciuc, commercial director, Bigstep
‘Most customers have built hybrid environments with an eye towards disaster recovery and business continuity. In other words, it wasn't truly hybrid from an operational perspective. It was hybrid only in the sense the cloud would provide the resources to recover from an on premise disaster. The majority of the organisations’ applications and data have remained on premises in the expectation of “better” security than offered in the cloud.’
– Sean Jennings, SVP, solution architecture, Virtustream
‘The beauty of a managed hybrid cloud is that it gives IT teams more time for development by reducing the need to manage their back-office infrastructure. For many firms it is this prospect of moving the cost of managing IT assets off their balance sheets and being able to access additional scale quickly without upfront investment that wins out.’
– Andy Barrow, technical director, ANS
‘It is highly likely that the private cloud solution will be managed largely by a Service provider with an opex commercial structure. Whether this resides in the customer’s preferred data centre or within the service provider’s data centre is largely immaterial, so long as it compliant to the customer’s data management and security strategy. This will provide for a more flexible and commercially attractive solution to accommodate predicted growth without having to commit to building in headroom in your Capex purchases.’
– Rob Buckton, sales director, managed services, MTI
‘Too much emphasis in the market is placed on driving customers to make a decision between on-premise and cloud services for delivering IT when the reality is both models are important for a multitude of reasons. Pretty much every respected voice in the market today is signalling that hybrid IT is the new norm and likely to remain so. On-premise IT should no longer be considered legacy technology, but rather a critical component in delivering an effective cloud-enabled IT strategy, whilst cloud should not equally be viewed as a security risk.’
Nick East, CEO, Zynstra
‘We’ll mostly see continued use of simple-form public and private architectures, with a one-to-one connection, with very few enterprises setting up multiple connections to cloud service providers. Single vendor solutions will be prominent as CIOs continue to seek that confidence that it all works together correctly. However, we’ll also see increasing maturity in developing multi-cloud hybrids and more service brokers offering to ease the migration and simplify the management of the hybrid cloud model.’
– Alex Watson-Jackson, proposition manager agile DC, Logicalis UK
‘The de facto impression is that cloud can be used to turn capex into an opex model and this may not be the best view when considering a cloud strategy. With review, on premise equipment can be implemented into a hybrid cloud solution or a full migration to a service provide or public cloud can be achieved, in which case further emphasis needs to be placed on connectivity to maintain maximum access to the external cloud platform. Careful planning is required and all aspects must be reviewed in order to meet your business requirements.’
– Lee Novall, CTO, Fusion Media Networks