How secure is the hybrid cloud?

The term hybrid cloud is used loosely, which is probably why so many companies say they're planning to adopt it. If you’re planning a hybrid cloud strategy, the security questions you need to think about may not be the ones you’d expect.

hybrid cloud

Hybrid cloud is IT’s flavor of the year. The C-level executives in Avanade’s global Hybrid Cloud study are particularly optimistic: 75 percent believe it should be the main area of focus for their company this year; 72 percent expect to adopt hybrid cloud by 2018; and 76 percent expect the majority of their applications and services – including some critical systems like data and analytics, office applications and customer-facing services – will be running in a hybrid cloud environment within three years.

Microsoft’s Mike Neil – a corporate vice president in the Enterprise Cloud Group – gives similar figures, saying two-thirds of their enterprise customers are looking at hybrid cloud. He quotes a Garner report where three-quarters of enterprises “see hybrid cloud as delivering business value they want” – a number he says has shifted very rapidly. “We rarely get customers saying ‘I only want to be in the public cloud’ or ‘I only want to be on premise’,” he explains. “The idea of using some services on premise and some from the cloud and some from the cloud is becoming the dominant customer viewpoint.”

In fact, 65 percent of companies in the Avenade study said if they could, they would downsize all their data centers tomorrow in favor of public or hybrid cloud-based solutions. That’s not just obvious cost-cutting; 61 percent believe cloud, especially hybrid cloud, is a more secure way of hosting their company’s applications and data than on-site data centers.

Again, customers are making those same bold pronouncements to Microsoft, says Mark Russinovich, the CTO of Azure. “Most customers are saying ‘we’re shutting down data centers, we’re consolidating data centers, everything that we do now is in the cloud.’ I’ve seen some pretty amazing positions from Fortune 500 companies that are incredibly aggressive, saying they’ve got a plan that in two years’ time they’re not going to have anything on premises.”

The ambition is reasonable, he believes. “There are costs and operational management issues and other considerations that make it completely responsible to say ‘by the end of next year everything will be in the cloud’.”

[Related: 5 things CIOs need to know about hybrid clouds]

But equally, the level of confusion in the Avenade survey suggests some of the optimism isn’t realistic. Over half of those executives didn’t know what distinguishes hybrid cloud from simply using cloud services alongside their on-premise systems – like running virtual machines on IaaS or adding Skype for Business Broadcast meetings to the unified communications you get from your Lync servers.

Taking a few steps back to figure out what you mean when you talk about hybrid cloud, therefore, may not only be smart, it may be necessary to figure how to proceed. 

Understanding hybrid cloud

“We use the term hybrid pretty broadly to mean that part of your business is on premise and part of it is in the cloud,” points out Russinovich.

“Hybrid can even come into play when you're talking about using public cloud services, like the Office 365 support for ExpressRoute,” Russinovich continues. “That’s the ability to put your Office 365 endpoints inside your own network infrastructure so that you're not travelling over the public Internet, you're travelling over your network service provider lines into our cloud. In that case, yes, I'm consuming something that's purely in the cloud but I'm connected in to my on-premises infrastructure.”

The more integration, the closer to hybrid cloud you are, he suggests. “Where we get specific on Azure and what I am focused on, is supporting connecting your enterprise environment with the cloud in a seamless way – networking-wise and also in terms of consistency. We'd like to make it possible for you to deploy applications on premise and in the cloud, written to the same app models – cloud application models – and also manage them the same way.”

Hybrid cloud is also a far easier way to take advantage of services that only work at cloud scale, like machine learning and predictive analytics that you want to apply to systems that aren’t in any cloud.

Microsoft is making something of a specialty of this, with services like Clutter and Delve prioritizing email and documents. Power BI offering historical business intelligence and real-time analysis of data from both cloud services and your own SQL Server apps; Azure Active Directory alerting you to stolen credentials or simultaneous logins to managed devices from physically distant places; or the new Operations Management Suite that analyzes your server setup and warns you about potential attacks.

Instead of buying and running your own large-scale hardware, or even using a public cloud, and setting up and maintaining a complex system like a Hadoop cluster, you buy a cloud service that runs against on-premises systems. “It's a nice balance,” suggests Neil. “You get the value on premise but you're not having to take on that burden of responsibility.”

Make no mistake: hybrid cloud is coming

Whether you’re talking about Russinovich’s ambitious idea of cloud consistency, cloud services that analyze or the more common stretch and burst models that can move your applications or your data into the cloud for extra capacity and performance, it’s the seamless part that’s both very appealing to businesses – and where you need to be thinking about security.

That’s especially true because hybrid cloud assumes that your on-premises system is highly automated and standardized – whether you’re using private cloud systems you build with tools like the Windows Azure Pack and the upcoming Azure Stack and OpenStack designed to give you consistency with public clouds, or “converged infrastructure” like Microsoft’s Cloud Platform System, VCE’s VBlock racks, Cisco’s UCS or pre-built systems from Dell and HP.

Although some VCE customers are looking for a private cloud for data security and privacy, hybrid cloud is what most of them are investing in says VCE’s EMEA (Europe, the Middle East and Africa) CTO Nigle Moulton. “The hybrid model, where you take classifications of data and keep some of them internal to your company, but some you are more relaxed about and are happy for them to sit in more public infrastructures, is the majority of what we see people investing in.”

Increasingly, on-premises systems are designed for hybrid cloud. SQL Server 2016 builds cloud bursting right into the server, and an increasing number of orchestration services make it simple to migrate virtual machines into the cloud when you need more capacity.

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)