A CIO's guide to cloud risk management
A comprehensive collection of articles, videos and more, hand-picked by our editors
CIO Link Alander and his IT team at Lone Star College in Houston have reaped many rewards of the hybrid cloud environment, yet the move from on-premises to hybrid cloud has also come with its share of kinks in the process. For one thing, it's an adjustment to have less control over core systems, he said, particularly in the rare instances when the system experiences a service interruption.
"I can't throw all hands on deck and fix the cloud provider's problem," said Alander, who also serves as the college's vice chancellor. "But I also can't step back and not do anything. I have to work with the business owners because it's still one of our services."
Rather than being the sole application provider to the business, IT folks have had to learn to be service brokers, Alander said.
And CIOs say that transition is not always easy, particularly since the management tools -- and rules -- used in a hybrid computing environment often differ from the ones they are accustomed to using.
Still, Alander and many other CIOs say the growing pains are worth it. A hybrid computing environment that manages some applications and systems in-house and relies on external public cloud services for managing other data and infrastructure resources can produce -- among other benefits -- lower costs, increased agility and speedier delivery of IT services.
Indeed, nearly three-fourths of large enterprises expect to have hybrid deployments by 2015, IT consultancy Gartner predicted in a September 2013 report.
"Hybrid cloud computing is where private cloud was three years ago -- very few deployments, but strong aspirations," Gartner author Thomas J. Bittman said in the report.
TechTarget's recent IT Priorities 2014 Survey of more than 200 global technology executives corroborates the serious interest in hybrid environments, showing that about 33% of respondents are planning to hire a hybrid cloud integration provider this year.
'Uneven handshake' for managing apps in the cloud
There's another strong driver for the hybrid computing environment, said Dave Bartoletti, principal analyst at Forrester Research -- the enterprise's rapid shift from on-premises business applications to mobile and Web-enabled apps. Enterprise spending on employee and customer systems of engagement, including mobile and Web applications, is expected to double in the next four years, according to the consultancy's recent forecasts, Bartoletti said, and he believes much of that investment will shift from what have been largely internally controlled systems to a hybrid environment.
"The hybrid cloud is well-suited for many applications, especially Web and mobile applications that try to reach new customers quickly," Bartoletti said.
CIOs, however, should be careful not to minimize the challenges of managing the hybrid cloud environment, beginning with making the all-important assessment of which data can -- and cannot -- live outside of an organization's data center.
"There's a lot of compliance concerns about where data lives," Bartoletti said. "Many companies want to run apps in the cloud, but for compliance reasons, they need to keep data on premises, which is why many companies need a hybrid environment."
The challenge, as Lone Star's Alander has discovered, then comes in figuring out how to manage applications -- an issue Bartoletti called the uneven handshake.
"Who runs the workload when an application is running in the cloud? Do [cloud providers] handle patches and upgrades? Are they going to take operational control?" Bartoletti said. "In many cases, the answer is no. IT teams are still responsible for monitoring the apps."
Bartoletti has heard many CIOs complain that the tools they use for on-premises applications don't work as well in a hybrid environment. "We hear a consistent concern that cloud management tools aren't mature enough and don't give IT the same visibility and control that the on-premises tools gave them in the past."
Better cloud management tools on the horizon
The limited view provided by some cloud tools is one of the enterprise CIO's main complaints, agreed Ed Anderson, research vice president at Gartner.
"IT is used to having deep insight and a lot of control in their app environment all the way down to their servers," said Anderson, whose area of focus is cloud computing. "When there's a failure, they can diagnose the problem and predict recovery. Cloud providers give you their own tools to give you some insight into how things are running, but there's a limit to what you can do."
Jay Wessland, vice president and CTO for the Boston Celtics, has firsthand experience with the management tools used by cloud service providers like Amazon. As it stands now, the tools are vastly different from those that many IT folks are accustomed to using in-house.
"And there's no real training. It's not like you can go to a class somewhere," said Wessland, who uses a hybrid cloud strategy to deliver IT services to the storied franchise. "Sometimes it's unclear how to proceed. I'm not sure I could build you a machine from scratch in my Amazon world, but I could do it in my sleep with my own VMware. The tools [required in the cloud] are very unfamiliar."
Bartoletti said cloud providers are "working feverishly" to address network integration issues, making it simpler for CIOs to extend their networks in a way that gives them visibility and control, especially when they're moving applications between on-site centers and the cloud. Wessland agreed that he sees tool relief on the horizon.
"There is a lot changing out there now -- tools that promise interoperability between my on-premises VMware and Amazon," he said.
Security remains a top concern
Aside from nitty-gritty management issues, security remains one of the top concerns of CIOs considering a hybrid cloud environment. "When we ask people about moving to the public cloud, security still comes up as the No. 1 inhibitor," Gartner's Anderson said.
Wessland said he does struggle with security concerns, so he remains cautious about keeping certain data on premises -- which is why a hybrid solution works better than a pure public cloud solution in many cases. "Security is a hurdle. So, it's nice not to give [third parties] access all the way into our internal network," he said.
But for some CIOs, the security issue is a barrier that has kept them out of the hybrid computing game -- at least for the time being.
John Donohue, associate CIO of technology and infrastructure for the Penn Medicine-University of Pennsylvania Health System, said the healthcare provider has not yet taken the hybrid leap due to the sensitive nature of personal health information. But he expects the technology to mature enough within the next 18 months to address his security concerns to the point of feeling comfortable enough to jump into the hybrid pool.
"Our biggest pause is around security, privacy and control," Donohue said. "We feel right now the risks are too high. But it's only a matter of time before healthcare providers adopt some sort of hybrid cloud."
After all, Donohue said, the benefits of a hybrid environment are too significant to ignore. "The agility and speed to market are major benefits," he said. "Today it takes months for us to secure funding, get equipment installed, tested and ramped up. To be able to do that in hours with a cloud vendor makes it very attractive."
Go to part 2 of this story to read about the questions CIOs need to ask and issue they need to address to reap the benefits of hybrid computing.
About the author: Dina Gerdeman is a Boston-area-based freelance writer and editor covering business news and features.
Hybrid cloud management: Myths and challenges