Hybrid cloud’s growing pains – and how to beat them: A guide to raising a good platform, so you can raise a glass later

Don't forget security

Security and compliance are the final two growing pains in hybrid cloud. On security, weaving together all those software, platform or application providers introduces cracks that hackers will want to prize open, resulting in data loss or theft. This, inevitably, brings us back to backup and recovery.

When it comes to transporting data, it ought to be encrypted at rest and in transit. This can call for additional complexity in an organisation’s IT infrastructure, yet it is a question of having the right tools to protect data, and to ensure that data is not being left unencrypted and in public view due to configuration errors, such as those that led to numerous well-known companies being discovered to have potentially sensitive data stored on wide-open unencrypted S3 buckets on AWS.

But what of compliance? You may be running hybrid precisely because your industry’s regulator expects you – not your cloud service provider – to retain your customers’ data within your walls. But now your IT infrastructure comprises a multitude of cloud-service providers, and data can be leaky and evasive.

2018 saw the EU’s General Data Protection Regulation (GDPR) come into effect, granting, among other things, greater power to so-called data subjects to have their data removed from the systems of data processors and controllers. Get it wrong, and you may face some non-trivial penalties, which means you need to know what data you have on a data subject, where that data lives, and how it’s being used. Ultimately, you must also have the power to comprehensively eliminate it from your systems and prove that it’s gone.

This means instituting a comprehensive system of visibility – knowing where data lives – and control – having the power to remove it from systems – and reporting and logging – ensuring it's used only for a specific purpose and being able to demonstrate that has data has been deleted.

Visible control

Hybrid is fast becoming a force in enterprise IT – a pragmatic choice those with existing infrastructure. By its nature, though, hybrid cloud breeds new complexity and challenge.

Echoing Illsley, the obvious trap you can fall into on the road to hybrid is to create silos: data, application, storage, and processing that are not fully integrated. Avoiding, or overcoming, these silos means, to amplify Venkatraman, having to think about transparency and interoperability, and that demands an architecture with centralized management and policies that deliver visibility and control over data. That means being able to view everything, monitoring SLAs, and being able to respond appropriately.

We are in the first flush of hybrid. Just be ready for the growing pains. If you can avoid them entirely, though, even better. ®