Hybrid public-private cloud usage more widespread than you think

Forrester cloud expert says many times IT isn't aware that public cloud resources are accessing information behind the company's firewall, leading to potential security and performance issues

Many times in discussions about cloud computing, the hybrid cloud – meaning a service that combines both off-site public cloud and on-premises private cloud computing resources – is thought of as being some nirvana state that will be the dominant architecture at some point in the future.

James Staten

James Staten

Well, Forrester cloud expert James Staten has news for many IT shops: Hybrid cloud is already here, whether you know it or not.

[MORE FORRESTER: 70% Of clouds aren’t really clouds as all]

Staten lays out the argument in one of his latest blog posts, but it boils down to the point that if enterprises are using some sort of public cloud resource – like an customer relationship management (CRM) app from Salesforce.com, or some on-demand virtual machines from Amazon Web Services – that more likely than not those applications are using information from some on-premises databases or applications hosted behind your company’s firewall. If there is some sort of transfer of data between your on-premises systems and that public cloud resource, then you’ve got a hybrid deployment. “If you are planning for hybrid down the road, I have a wakeup call for you,” Staten says. “Too late, you are already hybrid.”

So what? Staten says this is a big deal because often IT shops aren’t aware of these hybrid connections. Many times public cloud resources have been setup by line of business workers, without consultation from the IT department. And when that happens it’s a recipe for things to go wrong.

Staten’s advice: Do an inventory and figure out what public cloud resources are being used, and what, if any, connections those have with resources behind your firewall. Then, make sure the hybrid deployment doesn’t have any security, compliance or otherwise troubling issues that need to be addressed.

[A LOOK INSIDE AMAZON’S CLOUD: Former Amazon engineer spills to Reddit audience]

Just how big of an issue are these hybrid connections? A recent survey by Forrester showed that 30% of developers were deploying applications to the public cloud. Of those, about one-third said those apps have some sort of integration with resources behind their company’s firewall. An even bigger proportion (70% of developers) say their company uses some sort of software as a service (SaaS) application, and Staten says many of those have connections with databases or ERP programs on the company’s premises.

IT may not necessarily be aware of these public cloud deployments and hybrid cloud connections though. “If IT didn’t set up these connections, then they may not be on their radar screen,” Staten says. Individual business units may have procured cloud resources without telling the IT department. And when there is use of “shadow IT” resources, that’s when there can be problems.

From a security and compliance perspective, for example, the CIO may convey to the CEO that the IT department that all known connections that span outside the company’s firewall are compliant with various regulations the company may have to adhere to. But, there could be dozens of other connections stemming from these public cloud resources that are not known by IT, and therefore cannot be guaranteed to be in compliance. Performance is another potential impact. When developers create connections for public cloud resources to get data from on-premises resources, that can put strain on database systems or other programs or applications.  

For these reasons, Staten says it’s important for IT shops to identify what types of public cloud resources are being used in their environment, which can be done a variety of ways. For one, talk to the business unit heads and ask them what, if any, cloud resources are being used. Audits, both technical and financial, can also be done. Are company credit cards being charged from Amazon Web Services? Various network monitoring tools can sniff out where traffic is flowing within a WAN or LAN as well.

Staten says some IT pros he speaks with have a false sense of what’s actually going on in their environments and what a hybrid deployment is. Many people think a hybrid cloud will just be when on-premises private clouds and off-premise public clouds interact with one another. The challenge that’s front and center is around bridging connections between public cloud resources and behind the firewall applications and systems. “That’s a challenge that’s here today,” Staten says. “But in many cases IT hasn’t recognized it and isn’t doing anything about it.”

Network World senior writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.


Copyright © 2013 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022