What is a “hybrid cloud”?
Is it 1) an environment where applications and processes exist both in the public
and private cloud
and on premise? Or is it 2) a combination public/private cloud
without an on-premise component?
For the sake of this discussion, we’ll concede definition 1.
Clarifying this concept is important because the vast majority of
cloud-adopting organizations — which is to say the vast majority of
organizations,
period — are about to become
hybrid-cloud-adopting organizations, and for good reason: they’re not
ready to simply switch off their existing on-premise systems — legacy
systems that already have significant business and operational value —
and re-invent them in the cloud.
Let’s solidify this hybrid notion with a simple example of a
business process nearly all organizations are familiar with: the HR
onboarding process.
- Onboarding begins. A cloud-based recruiting
system like Taleo is used to identify a candidate. When the candidate is
hired, the business process moves from the cloud-based recruiting
system to the on-premise HR system.
- Onboarding continues. The candidate is given
systems access, login credentials, and an e-mail account. IT is cued to
furnish the candidate with a laptop and other equipment. The office
manager assigns the candidate an office space.
- Onboarding concludes. HR moves the business
process back to the cloud by using a cloud-based performance-management
system like SumTotal, where new-hire details are updated.
Cloud. On-premise. Cloud again.
This isn’t some supposed future scenario. This hybridized process is happening
now,
throughout most organizations, and in many other departments besides
HR. To ensure the success of those departments in a hybrid cloud
environment, organizations should address three key issues: security,
service level agreements (SLAs), and application integration.
Security
The move to the cloud
does mean that security and data
privacy — something that was previously your IT department’s concern —
is now your cloud provider’s concern. Yet it
doesn’t mean your
organization is absolved from ensuring that the cloud provider is doing
its part. You need to demand that the cloud provider is clear about how
they secure and protect your customers’, partners’, and employees’ data —
both when it’s stored in the cloud and when it’s transferred to and
from your on-premise systems.
A cloud-based application in isolation is
reason enough for
insisting on a clear understanding of how your cloud provider stores
your data. Imagine, then, how imperative a clear understanding becomes
when that cloud-based application is no longer
isolated but
integrated
into a hybrid cloud environment. It’s now transferring data out into
the world — perhaps from an Amazon data center in Europe or the Pacific
Northwest to your offices on the other side of the globe. Or perhaps
it’s transferring data to your trading partner’s systems, where you have
much less control over security and protection.
This spawns several questions you should ask your cloud provider:
- Is the data encrypted both when it’s in motion and at rest?
- If cloud-application access is via an application programming
interface (API), is the security token secured and encrypted when it’s
used in the API core?
- What’s the security token’s lifetime? Is it per-session or permanent?
- How easily could this security token be hijacked and reused?
- Is the security token tied to IP addresses?
Getting solid answers to important questions like these will ensure
that the cloud part of your hybrid environment is always serving your
business and never compromising the strength of its security profile.
SLAs
What is your cloud-based application’s availability and reliability?
When an application is hosted on-premise, availability and reliability
is your responsibility, and if it’s critical to business operations, you
put a lot of effort into maintaining it.
Again, with the move to the cloud, this becomes the cloud provider’s
concern, but you still need to keep in mind the application’s role in
the bigger picture. How well would the business tolerate moments of
application unavailability and unreliability?
For example, if a cloud-based HR application wasn’t available for a
day or two, it probably wouldn’t impact a supermarket’s business
process.
However, if a cloud-based supply-chain application wasn’t available for even an hour or two, it would wreak havoc
on a supermarket’s business process. The lack of availability would
mean a lack of deliveries, empty shelves, and loss of revenue.
A thorough SLA will communicate to your cloud provider in no
uncertain terms which applications your business counts on the most, and
what the consequences will be should those applications fail.
Application integration
In order to reap the benefits and realize the full potential of your
new cloud applications, you must embrace the term “hybrid” by fully
integrating them with your existing, on-premise applications and
business processes.
Questions to ask include:
- How are you going to get data into or out of the cloud application and into your on-premise systems?
- Does the cloud application have an API and/or support on-demand exchange of data?
- Does the cloud application have a scheduled exchange (e.g., daily updates instead of on demand)?
- Does the cloud application support standards like Web services, XML, etc.?
Further, how will integrating cloud applications affect your existing business processes?
For example, if you move from an old, back-end integration to an
on-demand, real-time integration, will this have a knock-on effect
(i.e., a secondary effect) with other applications, especially your
on-premise applications? How will the applications accommodate this
effect (particularly in light of the fact that you actually have less
flexibility when integrating applications in the cloud, as you have to
work with the integration points provided by the cloud application
itself, not the on-premise points
you’ve provided)?
By considering the above three key issues and answering the questions
surrounding them, the daunting implications of our initial question,
“What is a ‘hybrid cloud’?” will diminish. Organizations that aren’t
ready to simply switch off their existing on-premise systems and
re-invent them in the cloud can rest assured that they aren’t losing
anything from holding onto a legacy system. Instead, they can benefit
from a new approach — one that draws on the incomparable agility of the
public/private cloud and the time-tested security profile of on-premise
systems — and enjoy enhanced business operations using a hybridized
whole that’s truly greater than the sum of its parts.
(This post was first published at http:blogs.axway.com)