Cloud adoption continues to increase in enterprise IT as benefits are proven and challenges overcome. But people often get caught in a trap of talking about enterprise cloud adoption in too simplistic terms.
While the popularity of cloud grows, it’s clear to anyone in the industry that organisations are not simply moving all their applications and data into the public cloud. The reality is more complex and is a hybrid of public and private cloud (and existing in-house infrastructure and systems).
The rate of adoption of hybrid cloud varies widely depending on whose statistics you choose to believe. One study by IDG Research claims 83 per cent of CIOs currently use hybrid cloud or plan to do so in the future. Analyst Gartner, however, estimates between 10-15 per cent of enterprises have adopted a hybrid strategy. Gartner also predicts hybrid cloud will hit mainstream adoption within the next two to five years.
The benefits of hybrid cloud are clear for enterprises. It gives organisations the flexibility to use on-premise (or outsourced or off-premise but fully-owned) private cloud where appropriate or switch workloads into the public cloud and scale according to demand. Or do both at the same time. Cloud provisioning can be done at the click of a mouse and investment only needs to commit to weekly or monthly rental.
As ever, the big issue for this new era of hybrid cloud is security. A survey by analyst 451 Researchreveals that 59 per cent of senior IT executives believe maintaining consistent access security and authorisation controls across a hybrid environment is a significant challenge.
At a more strategic level many of the concerns among European organisations relate to the privacy issues around putting company data in the public cloud, particularly with the recent Safe Harbour changes. These fears centre on who might have the authority to access the company data hosted by the public cloud provider. For example, I recently had a conversation with a German public sector organisation that is testing Microsoft’s Office365 and it is these privacy concerns holding it back from going into the cloud with it. It is the same in other countries in Europe too, such as the UK and France.
Clearly this is an issue that has to be overcome if organisations are able to reap the full flexibility and cost benefits of a hybrid cloud environment that allows them to push applications and data into the public cloud in line with business needs.
That is where hybrid security comes in. The key to this is for companies to be able to seamlessly push and enforce their own security policies from on-premise proxy infrastructure to a public infrastructure. For the enterprise this provides the ability, if required, to encrypt corporate data that sits in a public cloud service and offer complete protection for every endpoint. It means the same security policy is applied for the end user regardless of how or where they have connected, whether that’s through a public or private cloud, from a smartphone in Starbucks or a Wi-Fi hotspot at the airport.
Another example of hybrid security in action is where a company is using the infrastructure of a public cloud provider, such as Amazon, but retains control and ownership of the server in that infrastructure. It can be managed by themselves and, using an Amazon API, enables encryption of the whole server within that public cloud environment.
The message here is that while there are clearly security challenges associated with securing company data across a hybrid cloud environment they should not be a barrier to achieving the cost and flexibility benefits of the cloud. Organisations need to start thinking now about a hybrid security strategy that enables them to maximise use of the cloud while retaining the ability to secure and encrypt data where necessary.
This is a topic we will be talking about much more in the coming months, including the trend of cloud access security brokers (CASBs), which is the focus of my next blog.