Is it 1) an environment where applications and processes exist both in the public and private cloud and on premise? Or is it 2) a combination public/private cloud without an on-premise component?
For the sake of this discussion, we’ll concede definition 1. Clarifying this concept is important because the vast majority of cloud-adopting organizations — which is to say the vast majority of organizations, period — are about to become hybrid-cloud-adopting organizations, and for good reason: they’re not ready to simply switch off their existing on-premise systems — legacy systems that already have significant business and operational value — and re-invent them in the cloud.
Let’s solidify this hybrid notion with a simple example of a business process nearly all organizations are familiar with: the HR onboarding process.
- Onboarding begins. A cloud-based recruiting system like Taleo is used to identify a candidate. When the candidate is hired, the business process moves from the cloud-based recruiting system to the on-premise HR system.
- Onboarding continues. The candidate is given systems access, login credentials, and an e-mail account. IT is cued to furnish the candidate with a laptop and other equipment. The office manager assigns the candidate an office space.
- Onboarding concludes. HR moves the business process back to the cloud by using a cloud-based performance-management system like SumTotal, where new-hire details are updated.
This isn’t some supposed future scenario. This hybridized process is happening now, throughout most organizations, and in many other departments besides HR. To ensure the success of those departments in a hybrid cloud environment, organizations should address three key issues: security, service level agreements (SLAs), and application integration.
Security
The move to the cloud does mean that security and data privacy — something that was previously your IT department’s concern — is now your cloud provider’s concern. Yet it doesn’t mean your organization is absolved from ensuring that the cloud provider is doing its part. You need to demand that the cloud provider is clear about how they secure and protect your customers’, partners’, and employees’ data — both when it’s stored in the cloud and when it’s transferred to and from your on-premise systems.
A cloud-based application in isolation is reason enough for insisting on a clear understanding of how your cloud provider stores your data. Imagine, then, how imperative a clear understanding becomes when that cloud-based application is no longer isolated but integrated into a hybrid cloud environment. It’s now transferring data out into the world — perhaps from an Amazon data center in Europe or the Pacific Northwest to your offices on the other side of the globe. Or perhaps it’s transferring data to your trading partner’s systems, where you have much less control over security and protection.
This spawns several questions you should ask your cloud provider:
- Is the data encrypted both when it’s in motion and at rest?
- If cloud-application access is via an application programming interface (API), is the security token secured and encrypted when it’s used in the API core?
- What’s the security token’s lifetime? Is it per-session or permanent?
- How easily could this security token be hijacked and reused?
- Is the security token tied to IP addresses?
Getting solid answers to important questions like these will ensure that the cloud part of your hybrid environment is always serving your business and never compromising the strength of its security profile.
SLAs
What is your cloud-based application’s availability and reliability? When an application is hosted on-premise, availability and reliability is your responsibility, and if it’s critical to business operations, you put a lot of effort into maintaining it.
Again, with the move to the cloud, this becomes the cloud provider’s concern, but you still need to keep in mind the application’s role in the bigger picture. How well would the business tolerate moments of application unavailability and unreliability?
For example, if a cloud-based HR application wasn’t available for a day or two, it probably wouldn’t impact a supermarket’s business process.
However, if a cloud-based supply-chain application wasn’t available for even an hour or two, it would wreak havoc on a supermarket’s business process. The lack of availability would mean a lack of deliveries, empty shelves, and loss of revenue.
A thorough SLA will communicate to your cloud provider in no uncertain terms which applications your business counts on the most, and what the consequences will be should those applications fail.
Application integration
In order to reap the benefits and realize the full potential of your new cloud applications, you must embrace the term “hybrid” by fully integrating them with your existing, on-premise applications and business processes.
Questions to ask include:
- How are you going to get data into or out of the cloud application and into your on-premise systems?
- Does the cloud application have an API and/or support on-demand exchange of data?
- Does the cloud application have a scheduled exchange (e.g., daily updates instead of on demand)?
- Does the cloud application support standards like Web services, XML, etc.?
For example, if you move from an old, back-end integration to an on-demand, real-time integration, will this have a knock-on effect (i.e., a secondary effect) with other applications, especially your on-premise applications? How will the applications accommodate this effect (particularly in light of the fact that you actually have less flexibility when integrating applications in the cloud, as you have to work with the integration points provided by the cloud application itself, not the on-premise points you’ve provided)?
By considering the above three key issues and answering the questions surrounding them, the daunting implications of our initial question, “What is a ‘hybrid cloud’?” will diminish. Organizations that aren’t ready to simply switch off their existing on-premise systems and re-invent them in the cloud can rest assured that they aren’t losing anything from holding onto a legacy system. Instead, they can benefit from a new approach — one that draws on the incomparable agility of the public/private cloud and the time-tested security profile of on-premise systems — and enjoy enhanced business operations using a hybridized whole that’s truly greater than the sum of its parts.
(This post was first published at http:blogs.axway.com)
