The concept of a hybrid cloud is an attractive one for many organisations, allowing an organisation with an existing private cloud to partner with a public cloud provider. This can be a valuable resource as it allows companies to keep some of their operation in-house, but benefit from the scalability and on-demand nature of the public cloud. There are, however, a number of issues that organisations must consider before opting for a hybrid cloud set-up.
The single most pressing issue that must be addressed is that, by definition, the hybrid cloud is never ‘yours’ – part of it is owned or operated by a third party, which can lead to security concerns. With a true ‘private cloud’ – hosted entirely on your own premises, then the security concerns for an IT manager are no different to those associated with any other complex distributed system.
Indeed, ‘Cloud computing’ as a term has become very overloaded – it is doubtful whether this type of internal system qualifies as cloud computing at all, as it does not bring the core benefits associated with cloud computing, including taking the pressure off in-house IT resources and providing a quickly scalable “elastic” solution using the new pay-as-you-go business model.
However, when this ‘private cloud’ is hosted by a third party, the security issues facing IT Managers become more complex. Although this cloud is in theory, still private, the fact that it relies on external resources means that IT Managers are no longer in sole control of their data. Security remains a major adoption concern, as many service providers put the burden of cloud security on the customer, leading some to explore costly ideas like third party insurance.
It is a huge risk, as well as impractical, to insure billions of pounds worth of company data – potential losses from losing major trading or logistical applications are enormous. Service providers should offer greater assurance to reduce the idea that insurance is even needed. Another issue that organisations must consider is interoperability – internal and external systems must work together before security issues can be considered.
It could be said, therefore, that a true hybrid cloud is actually quite difficult to achieve, when interoperability and security issues are considered. One solution might be a regulatory framework that would allow cloud subscribers to undergo a risk assessment prior to data migration, helping to make service providers accountable and provide transparency and assurance.
The computer industry should welcome the fact that members of IEEE, the world’s largest technical professional association, are working around the globe on a Cloud Computing Initiative to develop standards, helping enterprises of all sizes address the barriers that can potentially reduce the adoption rates of this game-changing technology.
Concerns with hybrid cloud are indicative of the anxiety that many companies feel when considering cloud computing as a viable business option. We need to see a global consensus on regulation and standards to increase trust in this technology and lower the risks that many organisations feel goes hand-in-hand with entrusting key data or processing capabilities to third parties. Once this hurdle is removed then the true benefits of cloud computing can finally be realised.