Hybrid cloud systems represent an alluring option for enterprises. This is because you are able to couple a private cloud to public cloud systems to achieve the best possible performance level. However, hybrid cloud systems come with their own unique risks. Let us take a look at some of them.
Hybrid cloud systems mean complex architecture
The complexity of architecture with a hybrid cloud is very high. This is because hybrid cloud systems bring together public cloud systems, private cloud systems, and onsite IT systems. You need an IT staff with a sophisticated understanding of systems architecture (this would not be Napoleon Dynamite, Michael Kelso from “That 70s Show,” or “Harry Solomon from 3rd Rock from the Sun” — these are not the sharpest pencils in the box) to be able to run hybrid cloud systems.
Most IT departments do not have staff with the necessary expertise in-house. So, managers need decide whether to hire for such expertise, provide in-house IT departments with training, or contract out for obtaining the necessary skills. Each of these is complex and has certain issues tied to it in their own way.
Unplanned acquisition for hybrid clouds
Without a planned approach, opting for hybrid cloud systems can end up creating a mishmash of different types of IT systems, kind of like wearing a sport coat with shorts — that is just not right! This is commonly seen in cases where business-oriented departments and the IT department both independently start acquiring and building cloud services.
Not only is this inefficient, it also creates enormous amount of operational risk due to lack of clarity in system design. A mishmash of public cloud systems, on-premises systems, and private cloud systems with no one really clear on how the pieces fit is not what you want.
Storage automation is being used by many companies in their datacenters to send data to various tiers of storage — rarely used, medium, and fast. The problem that arises with hybrid cloud systems is that you need to plan for data transfers to other types of locations including public cloud systems.
This means that the business rules for handling that data become extremely complex and thus risky. The entire set of business rules related to data storage, deployment, security, and safekeeping would need to be rethought. Invariably, the heightened complexity of risks leads to elevated risks of data-oriented system crashes.
Privacy and security
The risks in the area of privacy and security are not necessarily because cloud systems are more insecure. Rather the real elevation in risk is because of a mixed system made up of private and public cloud components. In hybrid cloud systems, data handovers happen between both private and public cloud components.
The permissions for handling data need to be setup properly in the private cloud. As far as the public cloud goes, the permissions around data present there need to be in sync with the data permission set for the private cloud components.
Latency and bandwidth
There are intricate handovers of data happening between private and public cloud systems in hybrid cloud systems.
The business rules around these data transfers need to be clearly and completely defined. For instance, what kind of handling needs to happen if the connection to the public cloud is lost? Will you use the last backup saved off from the public cloud? Will you display a “system down” message? There are several intricacies around such aspects with regards to latency and delays permitted.
Failover and disaster recovery
The policies surrounding failover and disaster recovery need to be thoroughly reviewed. There are a couple of dimensions related to the failover and disaster recovery-related functionality. First, how are things at the vendor that is hosting the private cloud? What kind of disaster-recovery policies does it follow at its end? What happens in the case of failure?
Does the public cloud have an elegantly handled failover functionality? The second aspect is about the failover aspects of the private cloud side. What kind of handling is in place for the private cloud in case of a disaster or catastrophic failure?
The third aspect relates how the private cloud will work with the public cloud in case of a disaster. Suppose there is a delay in restoring the private cloud side of things while the public cloud system comes back up quickly, then how would the handling happen? How about the opposite scenario? How will the handling happen if the private cloud comes back up quickly while there is long turnaround time for the public cloud? These are the aspects that introduce new, significant risks.
Complexities around switching vendors
Similar complexities need to be considered with the potential action of switching vendors for the public cloud. Switching out the vendor for the public cloud should not be a super risky event like turning over our military to an AI called Skynet as was done in the ridiculous and disingenuous “Terminator” series (America’s ICBMs are not connected to the Internet — they are analog based). However, given the fact that a private cloud system is interfacing with the public cloud system, risks arise even in that area.
License and contract management
Risks arise in this area too because of the interplay between a private cloud system and a public cloud system. Generally speaking, it is prudent to make the switch from full private to hybrid cloud systems when the licenses of the software that is being used on the private cloud side are expiring.
The other dimensions of complexity pop up because the license status for the private cloud needs to be in sync with the license status of software hosted on the public cloud. You would need to go through the public cloud vendor’s contracts with a fine comb to ensure that these aspects are taken care of.
Again here, the challenge is not merely because you need to ensure suitable SLAs with the vendor hosting the private cloud. The challenge arises because these SLAs must be in sync with the SLAs on the public cloud side. The most critical SLAs are from a recovery perspective — mean time to recovery, uptime, and disaster recovery time being the most common.
Vendor liability and risk management
The whole question of vendor liability becomes very complex in the case of a hybrid cloud. What happens if there are two facets to a data leak, one in the public cloud hosted by the vendor and one in the private cloud? These are complex questions you need to have resolved ahead of time. What if the vendor throws the ball back to your court because the breach happened because of a security hole in your own private cloud?
Something all IT and business leaders need to think about! Public agencies, too!
Photo credit: Pexels