Hybrid IT is the reality in most IT departments today as CIOs have been moving many applications, infrastructure, and IT tools to the cloud while retaining others in a non-cloud mode. Operating and maintaining a hybrid IT environment successfully can be impacted by how well six best practices are adopted.
Hybrid IT allows companies to extract more value from their current assets and provides a foundation for driving business impact with strategic cloud investments. A hybrid IT environment results from the strategy companies are using to selectively move some information technology to the cloud while retaining other technology in a non-cloud environment (see “Hybrid IT- a Smart Strategy”).
Most companies that are moving technology to the cloud must do so over time, and for many companies, it may not ever make sense to move all of IT to the cloud. Both of these situations indicate that hybrid IT is the operating model for the future. Yet, there are important success factors to effectively managing a hybrid environment since each additional IT vendor makes the hybrid IT environment more complex and adds the potential for conflict from variation in service models. These variations can lead to business inefficiencies and rework. For example, each vendor will bring its own break/fix processes, its own testing tools, and its own security protocols.
Standard practices, tools, and protocols for handling duplicate capabilities in the hybrid portfolio will be necessary, along with governance processes and mechanisms for entering/updating data that crosses products. CIOs should rethink how to operate IT in the hybrid era and develop a roadmap to success with hybrid IT that addresses each of the following functional and technical best practices:
Functional best practices / Technical best practices
Application selection should strategically consider business capabilities and delivery models. Leverage the flexibility and agility of the hybrid IT model and don’t let architectural complexity get in the way.
Staff must have the new skills needed to implement and operate a hybrid IT environment. Integration governance, process, and tools should create a seamless solution.
Cross-portfolio support services should address variations and limitations in vendors’ service SLA’s and policies. Security processes and controls must keep the hybrid IT environment safe.
Functional best practices
CIOs have a tremendous opportunity to help their businesses transform using the hybrid IT model, but need to build the hybrid portfolio strategically, looking at when to use the cloud and when to retain non-cloud solutions. Staffing must also be addressed, both for building and operating hybrid IT. Support services must evolve to address the cloud and non-cloud components of the hybrid IT environment.
- Application selection should strategically consider business capabilities and delivery models.
IT teams need to be strategic when deciding whether to use cloud or non-cloud solutions.
To ensure stakeholders understand the strategy, IT leaders may need to explicitly state the enterprise’s position regarding business capabilities that can/should be put in the cloud versus those that should remain non-cloud.
Systems of record, such as ERP, are less likely candidates for the cloud as SaaS since they are typically quite complex, contain some level of customization, and do not rely on internet connectivity or external factors to access software. However, moving licensed ERP applications to the cloud via a lift and shift to IaaS can be a strong move, providing flexibility and agility while giving companies the opportunity to keep extracting value from their application licenses.
Systems of engagement, like CRM or other front-end applications that connect to customers and suppliers, are more likely candidates for SaaS, where a digital presence can create competitive advantage or fuel growth. Systems that are low in complexity and are likely to change frequently in order to remain relevant are also good candidates for SaaS.
Governance will be needed or need to be tighter – as in ‘everyone must follow the rules’ – for making application selection/placing decisions.
For example, a cloud-first strategy may be established for customer-facing applications while a ‘best fit for purpose’ approach may be applied to high volume, tightly integrated, or highly sensitive applications. None of this will matter without a governing mechanism to ensure that the ‘rules’ are followed.
- Application and service placement (cloud versus non-cloud) may be a new discipline for the enterprise. Develop and staff this as needed to cover multiple delivery models.
- Update/create a framework for making application sourcing and placing decisions quickly and efficiently. The framework will be accessed more frequently, with results required more quickly for cloud purchases than most historical purchases of large, complex, non-cloud solutions.
- Staff must possess the new skills required to implement and operate a hybrid IT environment.
For some companies, skills such as platform management and cross-silo engineering will need to be formalized or expanded in order to maintain a hybrid IT environment.
The pool of cloud expertise is smaller than the demand for those skills. Cloud-to-cloud and cloud-to-non-cloud integration skills will be in high demand, but difficult to find. A team that collectively has experience across security, network, solution engineering, and more will be easier to staff than locating a few individuals with a broad range of skills. For example, regarding a Cloud Center of Excellence (CCOE) team, Gartner provides “Such a team should be typically led by a senior cloud architect who has a working understanding of both business and IT operations.”
For companies that have not conducted much outsourcing, experts in areas such as vendor management, service contracting, and service management will need to be acquired or trained. Since business skills are just as difficult to locate, moving to the cloud could be a re-skilling/retraining opportunity. It may take some championing from leaders in order to convince staff to learn something new. Conversely, retraining opportunities may help retention/morale for employees that are seeking greater cloud experience.
- Assess the need for technical skills such as cross-silo engineering, cloud security, platform management and integration.
- Where skills are difficult to locate, consider a teaming approach to achieve the full complement and look for opportunities to retrain internal staff rather than hire new.
- Temper staffing efforts with re-skilling opportunities in order to quell potential fears of staff displacement.
- Weigh the need for functional skills such as vendor management, service management, and strategic sourcing.
- Consider re-skilling or retraining internal staff to fill cloud skill gaps.
- Cross-portfolio support services should address variations and limitations in vendors’ service SLA’s and policies.
Support services can become complicated very quickly as vendors are added into the hybrid IT environment.
Most software vendors only support their own code. They “stop at the border” and don’t typically own or service customizations and integrations. When service is required, or a break/fix incident occurs in a multi-vendor solution, a unified “the buck stops here” approach to coordinating support services can reduce finger pointing, “prove it’s my problem,” and “that’s not my code” responses from cloud and non-cloud vendors, hopefully improving support service times and solution quality.
Having multiple vendors in the hybrid portfolio creates the potential for conflicting (or at least incompatible) SLAs. For example, one vendor’s guaranteed outage response time may be longer than another’s – which can turn into an SLA issue if the second vendor can’t meet its SLA due to waiting on the first to respond.
Processes and governance for every aspect of support – including but not limited to solution design, testing, backups, outage recovery, and coordinating planned down times – must be compatible across multiple vendors’ internal processes and governance.
In a non-cloud environment, the company has almost total control over how support services are delivered, but in a hybrid environment, the vendors are in control of how and when some critical support activities happen. For example, one cloud vendor may only refresh its test environment monthly; another may restrict the number of test runs allowed per month. Either policy can impact an urgent need for a synchronized cross-vendor test – this is only one aspect of support that can be affected in the hybrid model.
Companies need to clearly identify the support services that they own, those that the vendor(s) own(s), and the ones ‘in the middle’ that need to be negotiated or agreed upon. This concept of addressing the middle ground applies to every vendor that is added to the hybrid IT environment.
- Establish ‘who owns what’ RACI for each vendor.
- Consider unifying cloud and non-cloud level 3, break/fix services under a support partner that can orchestrate services across multiple vendors.
- Also consider a managed services model for operating and managing the hybrid IT portfolio of cloud and non-cloud products and services. In this approach, one organization (internally staffed or externally as AMS) is responsible and possesses the operational skills and staff to run and maintain solutions across the portfolio. This minimizes the disruption and accountability issues that can occur when multiple providers are independently responsible for only individual parts of the whole solution.
Technical best practices
One challenge with the hybrid IT model is that the architecture can quickly become very complicated. As more components are added to the hybrid portfolio, integration increases in priority. Likewise, security becomes more challenging with each additional vendor added into the mix.
- Leverage the flexibility and agility of the hybrid IT model and don’t allow architectural complexity to get in the way.
While hybrid IT provides a company flexibility and agility, it also comes with architectural overhead.
An increased number of vendors, options, and choices can create architectural intricacy that leads to a more complex IT environment. For example, how are duplicate capabilities avoided across vendors ((or chosen between them) who offer overlapping features? What if the duplicate features must be configured for both vendors’ offerings to function properly?
Architectural complexity is exacerbated with co-location – where the company owns the servers its applications run on, but a third party owns the facility where the servers are housed. The customer has authority over the hardware and software, but the storage facility has authority over equipment maintenance and security. This can require additional controls when multitenant data centers are involved. Co-location challenges must also be factored in when choosing vendors and products to include in the hybrid portfolio.
Finally, although modern applications are designed to interoperate, a mix of cloud and non-cloud solutions increases architectural complexity at the touch points. Examples of this include data elements (cost center, employee ID, customer number, etc.) that are likely to be included in multiple vendors’ products but not necessarily defined similarly across the products. While the company might be able to adjust its non-cloud systems’ data definitions (no guarantee on that, especially in older solutions), it likely cannot change the definitions in cloud products. Where data, process, and security cross over delivery models and vendors, these variations must be addressed prior to onboarding.
Leverage the flexibility and agility in the hybrid model to adapt quickly as the business evolves.
Change occurs more frequently in a hybrid IT environment. This is a direct result of most cloud components still maturing. It is also a “feature” of cloud capabilities – that they are intended to be swapped out as better solutions come to market. Operational activities such as product version control will be critical to ensuring that the hybrid IT environment can withstand change.
When measuring the adaptability of a hybrid environment, assess the ease of interconnection across disparate vendors and products. This might also be described as the level of interoperability or the amount of effort needed to integrate.
- Retain non-cloud products where it makes sense to utilize them as the foundation on which to deploy cloud solutions around the edges. Good candidates for retaining non-cloud licenses include applications such as ERP where tight integration is necessary¸ existing customizations that have solved unique requirements, and/or when no SaaS solution can provide functional parity.
- Create agility and flexibility in the hybrid environment by moving capabilities to the cloud that don’t require tight integration, that require frequent or rapid change to keep the company competitive, and that can be easily swapped out as better solutions become available.
- Ensure that your hybrid IT architectural design is flexible enough to rapidly onboard, off-board, and retire solutions. Establish ongoing monitoring for bottlenecks or failure points due to multiple vendors, diversity across vendors, and potential cloud/non-cloud friction.
- Integration governance, process, and tools should create a seamless solution.
A key reason for moving to integrated suites is seamless integration. Now that suites are being broken apart and sourced via multiple vendors, integration is among the highest priorities.
New service-oriented architectures, cloud services architectures, and integration frameworks are available to easily enable hybrid IT.
When processes are split across products, there is no built-in assurance that a process is transacted fully and correctly across the products. Process integration must become a discipline as it is not automatically assured (as it would be in a suite).
Data integration, the more familiar form of integration, will increase in priority because data integrity, access and usage rights, ownership, and synchronization can become complex across vendors due to an expanding variety of endpoints.
As the application portfolio grows more diversified and distributed via hybrid IT, take advantage of robust capabilities in newer tools to more easily enable deliver seamless integration.
SaaS and public cloud providers typically use different terminology throughout their IT processes. If not already in place, an integration center of excellence (COE) may be needed to manage the hybrid portfolio. The integration COE can help bridge the “language barriers” between vendors and build common processes when needed.
Existing standards for integration tools can quickly become inadequate as the portfolio expands into a multi-cloud scenario. Modern integration tools from platform as a service (iPaaS) may need to be added to the integration tool kit to address cloud-to-cloud and cloud-to-non-cloud requirements.
Which integration mechanism to use, data and process ownership, and integration integrity are examples of areas where governance will need expanding to accommodate the multi-vendor nature of a hybrid portfolio.
- Build expertise in cross-vendor knowledge. This will prove invaluable when solving integration requirements and constraints that are not addressed by the vendors’ pre-packaged connectors. Earmark integration as a substantial part of application costs.
- Find a balance between internally deployed integration software and integration platform as a service (iPaaS).
- Establish an integration COE to manage the interconnections in your hybrid IT environment.
- Security processes and controls must keep the hybrid IT environment safe.
Infrastructure Security: Blending the non-cloud architecture with the shared architectures of the various cloud vendors in a hybrid IT model increases the number of control points and the types of controls involved.
There will be as many variations of infrastructure security processes and protocols as there are vendors in the hybrid portfolio; some may not be compatible. Additionally, solid security in one component can be offset by porous security in another component. While the cloud vendor’s physical environment security is maintained by the vendor, customers must ensure the cloud infrastructure is secured operationally.
Application Security: Security for SaaS applications and tools is generally acceptable, yet it also has as many variations as vendors involved.
Strong security processes are necessary in order to keep a hybrid portfolio secure. Use of unifying technology such as single sign-on or portals can ease access to applications and tools but may not eliminate conflicts in individual security designs. Some products secure at the data element level, for example, while others secure by record type, which can create a conflict that must be resolved in the enterprise’s master security design.
Securing a hybrid IT environment involves ensuring that cross-vendor controls reduce exposure at each vendor touchpoint.
Each additional vendor in the portfolio increases security exposure that some external force (for example, a disgruntled employee or someone who finds/targets flaws in infrastructure) will use to ‘get in.’ Results from a recent Cowen survey demonstrated that 37 percent of respondents identified Cloud Security as a top spending priority and, pre-Covid pandemic, 90 percent+ of respondents expected to increase security budgets in 2020 (this dropped to 6 percent in post-Covid results, yet security remained the highest expected year-over-year growth post-pandemic). Although CIOs recognize and are planning for it, companies must be willing to accept a certain level of risk when they add cloud products into the hybrid IT portfolio.
Validating security control effectiveness across the hybrid portfolio can be challenging as the customer won’t have a granular level of visibility into the cloud vendors’ security.
At the same time, most cloud vendors are not amenable to testing security of their products or testing security in their environments. Some policy and legal controls can also limit what can be tested in the vendor’s environment.
- Align security processes and controls across the portfolio
- Define ‘who owns what’ in infrastructure and application security services. Pay special attention to defining and assigning ownership of identity and access management controls
- Determine how much the company is willing to trust ‘the cloud’
- Develop security audit and effectiveness measures that accommodate the lack of visibility into cloud services
The benefits of a hybrid IT environment are significant and well worth any additional complexity, but it is important to proactively address critical success factors. Adopting these six best practices can significantly improve overall success with deploying the hybrid IT model and help you navigate the challenges of moving to the cloud.
Pat Phelan, VP, market research, Rimini Street