By BRENDAN PAGET
SPECIAL TO THE NATION
According to the Red Hat Global Customer Tech Outlook 2019, 30 per cent of the organisations surveyed have a hybrid cloud strategy, and 45 per cent of them are already using two or more cloud platforms.
Offering the flexibility and speed needed to address changing business demands effectively, hybrid cloud can help enterprises gain business agility and better compete in the increasingly volatile business environment.
Hybrid cloud provides a mixture of public and private (on-premises or managed/hosted) cloud environments that are connected and managed by a single management strategy.
With hybrid cloud, enterprises can choose the type of cloud that best suits each workload, as well as move workloads across IT environments as necessary. For instance, a retailer can host its e-commerce website on a public cloud but process payments made on the site in a private cloud to better protect customer data and comply with regulations.
Even though hybrid cloud can help organisations to become more agile, some are still hesitant to adopt it. Here are four common myths that hinder hybrid cloud adoption:
Myth 1: Hybrid cloud may cause organisations to lose visibility and control over their IT infrastructure
Since hybrid cloud is made up of more than one IT environment, it may be difficult for enterprises to have complete visibility of their entire IT infrastructure. The lack of visibility can make it challenging for organisations to monitor and control their environment for security and compliance, especially if this is conducted manually.
Organisations can counter this by ensuring that the foundation of their hybrid cloud provides predictive IT analytics capabilities. By using tools that provide ongoing in-depth analysis of the IT infrastructure, they can proactively identify vulnerabilities that could threaten the security, performance and stability of their hybrid cloud so as to stay ahead of them.
Myth 2: Adopting hybrid cloud may lead to a security headache
Traditionally, IT security focuses on fortifying, maintaining and policing the data centre perimeter. However, perimeter security is less effective in securing hybrid cloud. The highly connected multiple cloud environments open more doors to attackers and can bypass traditional perimeter defences. It can also be tedious to manually patch or configure systems from the mixed environments of hybrid cloud.
Another challenge here is that the need for security policies and plans does not end when an application is retired. Coupling this with the increased role that large numbers of short-lived “immutable” application instances play in a hybrid cloud environment, manually monitoring for configuration drift and correcting it as needed is no longer an option.
However, these challenges can be mitigated with the right tools in place, including automation tools to protect IT infrastructure. With automated patching and remediation, critical security risks can be resolved in a controlled manner and without delays.
Myth 3: Organisations that embrace hybrid cloud will be more vulnerable to supply chain risks
Just as in the saying “a chain is only as strong as its weakest link”, an organisation is only as secure as its weakest link. Since the hybrid cloud environment may include cloud platforms from multiple vendors, it can be challenging to ensure that all those solutions were built with security in mind and that the respective vendors will continue to update and patch them.
To address this concern, organisations should ensure that their hybrid cloud comes with a console that allows them to understand the IT risks they are facing, at a glance. It should list the critical issues prioritised by an overall risk assessment rating, and display the probability and potential impact of each issue to help companies focus on the issues that most impact risk reduction. It should also offer tailored resolution steps to help IT teams quickly and confidently address risks to avoid downtime.
Myth 4: Hybrid cloud will make it challenging to comply with regulations
Although most companies today are using cloud technology to a certain degree, those in highly regulated industries are still required to ensure that their distributed environments meet custom or regulatory security baselines for compliance and auditing requirements. Making changes to configurations manually can be a time-consuming, complex and error-prone process.
Those changes may also go undetected, which may prevent the organisation from passing a security audit.
As such, companies should look to enhance their hybrid cloud with tools that can provide centralised visibility across the entire heterogeneous infrastructure. Tools that automatically scan the IT environment for non-compliant configurations and remediate them can help too.
Adopting hybrid cloud may seem like a daunting task as it can introduce additional risks and complexities. However, organisations can overcome those challenges by moving away from being reactive to issues to taking a more proactive and intelligent approach to infrastructure management.
One way of achieving this is by ensuring that the foundation of their hybrid cloud provides them with knowledge about their infrastructure to accurately predict potential issues and pinpoint existing technical risks.
It should also offer tailored remediation steps along with automated resolution so that critical and configuration problems can be resolved quickly and before business operations are affected. With these capabilities, organisations can spend less time keeping the lights on, and instead sustain business success with hybrid cloud by developing and delivering innovation on a flexible and secure platform to meet business goals.
Brendan Paget is director of portfolio management in the APAC Office of Technology, Red Hat