Hybrid Cloud Emerges as the Front Runner

The simplest way for an organization to have a cloud in which the data is maximally secured is a private cloud, where the servers and data that reside on them are totally contained within the organization’s own enterprise infrastructure, and behind the organization’s firewalls and other security systems. In that way, it has total control over systems and data.

That, however, largely does away with the cost savings and flexibility that can be had with a managed public cloud. So, the hybrid cloud is quickly being adopted as the best-of-both-worlds solution, to provide cost reductions where possible while ensuring the best security for the most sensitive services and data.

A hybrid solution also allows agencies to craft an IT strategy with an evolutionary path to a fully managed cloud as decision makers and users become more comfortable with the idea of the cloud, said John Lind, sales vice president for government markets at Quality Technology Services (QTS).

“This allows agencies to keep some technology they have today in place, while migrating new and improved services into their IT architecture,” he said. “Some users will be reluctant to move from the systems they know, so a hybrid cloud helps keeps those end users comfortable while the agency overall gradually moves to the cloud.”

There are lots of different ways to construct a hybrid cloud. In its Special Publication 800-145, the National Institute of Standards and Technology (NIST) defines a hybrid cloud infrastructure as “a composition of two or more distinct cloud infrastructures (private, community or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.”

That hides a multitude of possible combinations, however. A hybrid cloud infrastructure could, for example, include both onsite private and community clouds as well as their outsourced cousins, where the function is similar to the onsite cloud but managed by a cloud vendor. Then there could be the wholly managed public cloud that needs to co-exist with these. Over time, these elements could change as various kinds of clouds join and leave the hybrid cloud.

Added to the mix are the environments the hybrid cloud serves, such as Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), or Platform-as-a-Service (PaaS), each of which carries its own security, reliability and compliance concerns. IaaS lets users more closely control the configuration of servers and other elements of the cloud, for example, while PaaS provides a more standardized implementation.

For these reasons, there is no such thing as a standard hybrid cloud design. Each cloud is uniquely suited to the requirements of the user, so such things as where the connection between the user datacenter and the public portion of the hybrid cloud is made are important. Who secures the link after the data leaves that private-user cloud is critical, as is where the data is stored in the public cloud, who has ultimate control of it and how users can retrieve it.

Organizations that are still fearful about moving sensitive data to public clouds can opt to keep that data on their own servers and simply use the public portion of the hybrid cloud for additional computational capacity as and when that’s required. However, cost and other resource pressures are likely to force IT organizations to move and store more of their data in the cloud.

Many cloud providers, as a reaction to user concerns, have begun to offer their own managed services to meet the range of security and compliance requirements organizations are demanding in hybrid clouds. Those increasingly involve also managing users’ on-premise security, including such things as vulnerability assessment, network intrusion detection, and continuous monitoring services.

That kind of end-to-end security is likely to become more of a necessity as hybrid cloud becomes the predominant model. Gartner, for example, predicts 2016 will be the point at which users move from private cloud to hybrid, with nearly half of all large enterprises deploying hybrid clouds by the end of 2017.