Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

Fastcoworks Created for and commissioned by IBM
Fastcoworks Created for and commissioned by IBM
Next-Gen Hybrid Cloud: Agility and Security, Without the Risk

Across countless industries, the race to the cloud is on. Forrester Research recently predicted that the "hypergrowth" cloud market—including applications, platforms, and business services—will reach $191 billion by 2020, an astonishing 20% increase over Forrester's previous prediction, just three years before. For companies of virtually any size, the promise of a dynamically scalable environment, the ability to deliver services at lower cost, and the agility to develop new apps in hours rather than weeks makes game-changing business sense.

But genuine risk lurks within this rapid cloudward migration, especially for enterprises with millions—and even billions—of dollars still invested in existing IT systems. Frank De Gilio, chief cloud architect at IBM, and Caleb Barlow, vice president at IBM Security, recently helped to identify not only the risks of a move to hybrid cloud but the strategies for mitigating them. Their advice, in a nutshell, to companies that have not yet embraced the new paradigm? Do it now. But do it right.

Risk #1: Sticking With Business as Usual

"Five years ago," De Gilio says, "if I asked the large businesses I worked with who their competitors were, they named other large businesses." Today, they're worried about niche providers that have sprung up using cloud technologies, because the new guys are generally more agile, better at connecting with users, and they're siphoning away customers, he says. Think of the little guys as a school of piranha going after the big, slow creature bumbling around in the river. From this perspective, hunkering down and doing nothing is an extremely high-risk strategy. "For companies that have not yet transitioned to the cloud, the window of opportunity is small, and shrinking. Within the next two years," De Gilio predicts, "if you're not exploiting the cloud—that is, if you're not building a hybrid cloud that connects your existing business assets with born-on-the-cloud apps—I think you're going to be largely irrelevant."

Risk #2: Assuming the Public Cloud Isn't as Secure as Your Own Private Infrastructure

The very nature of a hybrid cloud—put simply, a mingling of private and public ecosystems—can lead to a perhaps understandable, but ultimately baseless, assumption: namely, that any public-cloud environment is less secure than an enterprise's on-premise infrastructure. This misconception arises from the unwarranted fear that a public cloud is a breeding ground for hacks, breaches, and other security-related chaos. In this sense, the risk for many enterprises considering a transition to hybrid cloud is an underestimation of the quality of the security available in the public cloud, even as the security within a private ecosystem is so often rock-solid when properly provisioned.

At its core, this particular risk emerges when the transition to hybrid cloud isn't handled in as thoughtful and as thorough a manner as possible. "The most common bad practice we see," Barlow says, "is that the newest element introduced to a system—in this case, the public cloud—receives the bulk of the scrutiny." The private, on-premise half of the equation "rarely gets the same level of attention," he says. Of course, if the private environment is, in fact, demonstrably secure—as it would be with a hybrid-cloud enterprise boasting IBM's latest-generation mainframe, the industry's most securable platform, as its on-premise machine—the risk is not merely mitigated, it hardly arises in the first place.

Risk #3: Maintaining a "Moat and Castle" Approach to Security

Historically, IT security has meant firewalls: the moat-and-castle model. Build the walls high and thick enough, the thinking went, and your enterprise will be secure. In the cloud, that perimeter doesn't exist. "We have to think about security in a completely different light," says Barlow. "In the past we focused our energy on keeping bad guys away from the apps, not keeping the apps themselves secure. In a hybrid environment where a company's private, on-premise resources might work with a public cloud, vulnerabilities that have been around forever are even more exposed." But it’s not all bad news. "When these hybrid environments are properly designed and deployed," says Barlow, "security can be incorporated in a conscientious way. The security infrastructure, in other words, can be deployed at the same time that the server goes online."

In that security fight, a faster, more agile mainframe such as IBM's new z13s—designed to defend against cloud-bred cyberthreats, built to power the deployment of virtual appliances, and capable of instantaneous (2 milliseconds or less) in-transaction analytics—will play a more critical role than high-end machines ever have before.

Again, as with Risk #2 above, the next-generation high-speed cryptography built into the new z13s ensures that data is secure and protected while at rest, in flight, and in use, and that the private portion of a hybrid-cloud model remains, well, private and on a need-to-know basis only.

Risk #4: Confusing "Speed" With "Agility"

From an enterprise perspective, faster is almost always better. Faster sales, faster delivery of goods and services, faster access to critical data—in all of these scenarios, speed matters. But, says De Gilio, some businesses looking to transition to the cloud make the mistake of confusing speed with agility.

"For people who are used to a ‘waterfall’ model of software deployment—design, construction, testing, production, maintenance—it can be hard to embrace ‘agile’ development," he notes. "Now, when I say 'agile,' I mean a specific process for the very rapid development, testing, and deployment of apps and services. And this sort of agility is absolutely critical in the cloud."

The problem, De Gilio points out, "is that when some people hear 'agile' they think, 'We don't have to do process. We just have to get our stuff out fast!' In an environment as competitive as today's enterprise landscape, that sort of thinking can come back to bite you. Hard."

In the end, the hybrid-cloud model offers so many enterprise benefits—virtually unbounded scalability; a low barrier to entry for young and not-so-young businesses alike; the promise afforded by on-premise mainframes fostering innovation in a security-first environment—that, as De Gilio warns, the greatest risk ultimately resides not in the cloud but in letting the cloud pass you by.

Security effectiveness. Response speed. Remediation costs. To explore how your technology platform stacks up against other solutions, click here.

Other Related Topics:

This article was created and commissioned by IBM, and the views expressed are their own.