What the hybrid cloud is not: Myths about the multicloud world

Myth #1: The cloud is not secure

Myth: On-premises and organization-managed clouds are more secure. Perhaps the most prevalent myth — and the most common fear — is that the cloud is not secure. The fact that sensitive data resides on servers over which the owner has no direct control can be unsettling. It feels safer, for many organizations, to keep everything in their own environment with the on-premises security they’ve already put in place. Alternatively, organizations feel as if they have more control when managing their own clouds, using leading platforms.

However, many organizations don’t really know how secure (or insecure) their own infrastructure is. The 2017 Cost of Data Breach Study by the Ponemon Institute shows that security breaches are not detected for an average of 191 days, and then it takes an additional 66 days to contain the breach. The “feeling” that on-premises and in-house security is sufficient may not reflect the reality.

A skills gap in security expertise further exposes small- to midsize companies. According to BizTech Magazine, few midsize companies (and hardly any small businesses) have the internal IT security staff necessary to implement and manage a comprehensive cybersecurity program. Even businesses with outstanding technical talent will need to have their IT professionals spend most of their time managing the network and driving new solutions for the business — not on security, which demands its own set of niche skills.

According to Gartner’s Is the Cloud Secure? article, through 2022, at least 95 percent of cloud security failures will be the customer’s fault. The article continues to explain that the challenge exists not in the security of the cloud itself, but in the policies and technologies for security and control of the technology. In nearly all cases, it is the user — not the cloud provider — that fails to manage the controls used to protect an organization’s data.

Gartner says “CIOs must change their line of questioning from ‘Is the cloud secure?’ to ‘Am I using the cloud securely?’”

Reality: Placing workloads in the cloud does not require a security trade-off. Organizations actually benefit from the security built into the cloud, automation that removes the potential for human error and security experts who provide continuous insight on securing customer data.

Managed cloud and technology providers have expended a great deal of time and effort ensuring that their platforms and support processes meet the security needs of their customers. They have established protocols and tools in place, such as intrusion detection and distributed denial-of-service (DDoS) attack protection, that most organizations do not. They can perform levels of monitoring and analysis that would be far too great a burden for most organizations to undertake. They can apply security deep within the application layers within a platform. And they can wield a bench of security experts for the benefit of their customers. As a result, cloud platforms are well prepared for cyber attacks.

Meanwhile, the pressure is on cloud providers to comply with security standards, such as the payment card industry data security standard (PCI-DSS) and the ISO/IEC 27017 cloud security standard, that ensure they meet significant levels of security.

According to Gartner, “in 2018, the 60 percent of organizations that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.” And “through 2020, public cloud infrastructure as a service (IaaS) workloads will suffer at least 60 percent fewer security incidents than those in traditional data centers.”

Myth #2: Version 2.0 is worth waiting for

Myth: We should wait until the cloud is ready. Years ago, it was common sense to not install any major software or hardware when it was first released.

This legacy way of thinking often influences how enterprises view the cloud. Large-scale adoption of public and hybrid cloud approaches is a relatively recent phenomenon, leading to the idea that only more progressive adopters have really embraced the cloud approach. Many decision makers still think that they need to wait for version 2.0 — something that definitively says that the cloud is ready.

Reality: The cloud is ready now. According to RightScale’s 2018 State of the Cloud report, the cloud is not new — on average, organizations leverage almost five clouds. It has become the primary accepted technology for running many companies’ applications. These aren’t just small businesses either — large international firms from every sector are moving their assets to the cloud even faster than anticipated.

The range of possibilities for cloud-based solutions is ever-increasing as well. The top challenges for those moving workloads to the cloud are security and spend. Choosing the right type of cloud is key to success — especially as public clouds such as Amazon Web Services (AWS) and Microsoft Azure continue to rapidly release new features and controls.

According to RightScale, many more enterprises see public cloud as their top priority, increasing from 29 percent in 2017 to 38 percent in 2018. Hybrid cloud still leads the to-do list but has decreased as the No. 1 priority for enterprises, declining from 50 percent in 2017 to 45 percent in 2018.

Neill-TSP: Ready for cloud

Some companies worry that moving to the cloud means losing control. But DXC Concerto™ has shown that cloud solutions can actually improve their customers’ control over their applications. One of these customers was Neill Corporation and The Salon People (TSP).

Neill-TSP was working to provide better services and support to its salons and beauty training schools to deliver higher value to its educators and students. A corporate merger fueled the initiative to bring all its applications onto a common infrastructure. However, performance and uptime were key concerns, as was how the company could ensure that its operations would continue effectively when it moved from the self-hosted model.

The company decided to partner with DXC Concerto to help ensure that its initiative would work well. “We were getting a partner with built-in best practices that we can leverage. And there’s a level of discipline in the way [it operates] around how to best manage technology and reduce risk,” says Dennis Jones, Neill-TSP Vice President of Operations.

The cloud migration has changed the company’s operations. “We don’t even think about our managed, virtual private cloud because it all just seems to work so well,” Jones said. “It’s ‘out of sight, out of mind.’”

After a year of operating its core applications on DXC Concerto cloud, the impact on operations was clear. “System uptime and availability was a huge issue when we were self-hosting,” said Jones. “It was our desire 2 years ago to get out of the business of IT. DXC Concerto and the managed services team have helped and continue to help as we work towards that goal.”

Myth #3: You can do it on your own

Myth: You can get the benefits of the cloud from your in-house resources. Many companies that provide software-based products and solutions feel that with their in-house expertise, they are able to duplicate everything that’s available to them in the cloud in-house. It’s cheaper and easier when you already have the resources, they think, and besides, they know their own needs and can fine-tune their environment to meet them.

This has led to a number of “accidental hosters.” These are companies whose online business grew quickly, leaving them with constantly expanding and difficult-to-maintain hosting environments, often with under-resourced staff. And they’re hanging onto the old hardware they’ve collected over the years, unwilling to part with it — even though those sunk costs will not be recovered, and the systems cost more and more to operate and maintain.

Many cloud providers present themselves as an easy, seamless solution to these problems. They make it sound simple: Just move everything to the cloud, and all your problems will float away.

Reality: You can’t go it alone. Cloud platforms are designed to provide exceptional performance and availability to a wide range of customers. They have advanced tools for optimizing, managing and monitoring their customers’ software, and their security and fault tolerance are very high. Very few companies are capable of providing anywhere near this kind of advanced environment in-house — and if they were, the cost would be extremely prohibitive.

Take Amazon Web Services for example. According to a February 2018 AWS News article, a total of 497 new features had been added to the platform over the preceding 3 months. These are significant new additions. The total number of such launches in 2017 swelled to 1,430 in total.

It is a challenge for in-house technical resources to be experienced and knowledgeable about cloud technologies in light of their other responsibilities. In addition, finding, developing and retaining cloud and security talent can be exceptionally difficult. The shortage of expertise, especially at critical times, can cause huge problems for companies that are trying to maintain their infrastructure locally.

The cloud is an excellent example of economy of scale, and this economy has even larger software companies moving into it. Building and maintaining an in-house platform is often not worthwhile anymore.

However, the cloud is not the turnkey solution that some providers make it out to be. It is a specialized environment; you need specialists with you to determine your solution’s needs and to guide you in meeting them with the cloud environment. There are often intricate interdependencies that solutions rely upon, which should be mapped and architected prior to migration. For your move to the cloud, a trusted partner can save you a lot of time and money, compared with trying to migrate alone.

Trust Services: Avoiding costly crises

While traveling on a business trip, Randy Cantrell, Chief Executive Officer of Trust Services, got the phone call no CEO wants to receive. The company’s file server had crashed badly. Trust Services did have backups, but because of the massive amount of disk space involved and only one IT person who could work on the problem, it would be 10 days before the system was again available. For a claims processing business whose claimants expect fast responses, that’s far too long. He got on the first available flight, and as he stood in the server room with his IT administrator, he said, “Never again.”

To avoid this type of business disruption from happening again, Trust Services made the move to cloud-based IT services. The company now utilizes cloud-based desktop applications (Office 365), as well as a managed private cloud infrastructure from DXC Concerto.

The main driver for the move to the cloud was risk. “We — like so many other small and medium companies — could only afford to have one person serve as network lead, server administrator and infrastructure support technician,” says Cantrell. “When [that person] wasn’t available or moved on, we were left scrambling.”

Another key factor was cost. “DXC Concerto could host our solutions for about the same price as having everything in-house. With the same IT budget, I wouldn’t have to worry about recruiting, training, backfilling during vacations and turnover,” says Cantrell. “This is a huge relief for any small company.”

Fast forward from 2010, and Cantrell still stands by his decision to move to a cloud-based IT model. “I don’t lose sleep over what might break tomorrow. We have a solution that most companies would love to have. Small- and mid-market companies need the same IT skill sets to run their business as enterprise companies [do], and both cloud and the right provider finally make it attainable and affordable for us.”

Myth #4: One size fits all

Myth: The cloud isn’t that complicated. In some ways, the cloud approach to hosting has been oversold. Many cloud providers and cloud services companies represent the cloud as being extremely simple. Your company can move all the assets you currently host yourself to the public cloud and begin to reap the benefits of availability and performance that the cloud offers.

Reality: It has to be done right. Although the cloud approach certainly does provide those benefits, a successful cloud migration requires careful analysis, consideration and planning. There are a number of different approaches to consider in preparing for a move to the cloud, such as:

• Should all assets be hosted in the public cloud?
• Are there advantages to keeping the assets in the private cloud?
• Can a hybrid solution be used, and if so, where is the line between public and private assets?

The implementation for every cloud solution must be designed carefully to meet the company’s specific needs. The company needs to determine where each digital asset — whether applications, data or anything else — should sit on the cloud.

In making these decisions, companies must often consider how much control they need for their assets. This is also known as the “pets versus cattle” question. Servers with unique requirements are like pets: An organization knows them well, and they cannot be easily switched out for any other generic server. But in other areas of the solution, server needs are much less specific: Like cattle, you don’t name them, you don’t know them individually, and they can be switched in and out as the need arises.

Many public cloud providers are seen in the marketplace as a one-size-fits-all solution. It’s true that they have extensive tools and infrastructure and serve an enormous range of customers. But a public cloud alone doesn’t fit every business scenario.

Better security and portability in the hybrid cloud

Companies sometimes approach the cloud with the one-size-fits-all perspective. When a division of a large multinational automobile manufacturer wanted to move its applications to the cloud, it was almost ready to launch its Microsoft Azure-based plan. Its needs seemed simple: Follow a company directive to move its applications to the platform. That is, until discussing the move with the corporate security officer made it clear: At the time, the Azure solution did not provide the specific security infrastructure required for industry compliance. With such important security concerns raised, DXC Concerto was brought in to assess the transition.

Working with the customer, the team designed a hybrid cloud solution that featured direct data center-level connections to provide appropriate security for the customer's applications and data. The team ensured that all of the data would go through a security infrastructure hosted on DXC Concerto Private Cloud before the data was passed through to the public cloud, satisfying the constraints that the company’s security requirements had set.

Our manufacturer in this story started down a public cloud path, but a holistic view of the security needed for industry compliance led to a different solution from the one the organization had initially thought would be workable. The company’s chief security officer pre-emptively determined that managing the security risks and compliance requirements dictated a solution where security was much more controlled than on the public cloud.

DXC Concerto’s expertise and experience with hybrid cloud solutions helped ensure that the company put the right solution in place — not an off-the-rack solution, but one tailored specifically to fit its needs.

Two years after going hybrid, the new features and controls in Microsoft Azure allowed this automobile parts manufacturer to migrate its workloads from hybrid to a pure Microsoft Azure environment. Utilizing the direct connectors from DXC Concerto Private Cloud, the workloads were ported seamlessly.

Myth #5: We won't have control

Myth: We will lose control when we move to the cloud. Many IT groups express this fear strongly when the question of the cloud arises. In many organizations, the IT departments, infrastructure and policies reflect well-established and mature processes for managing IT.

Moving these assets to the cloud is problematic because many of those processes can no longer be applied. The IT departments cannot control, or possibly even access directly, the servers where their applications run and where essential data is stored. The lack of control brings up all of the other concerns about availability and security on the cloud as well.

Reality: Control remains in your hands — if you have the right visibility, tools or technology providers. Modern cloud platforms actually provide a very high level of control. There are extremely sophisticated analysis and monitoring tools on many platforms, sometimes providing greater power to administrators than they typically have in their own environments.

In fact, the cloud can be a great opportunity for IT organizations, because it can enable them to apply their expertise where it’s needed most. When organizations migrate to the cloud, they outsource the continual work of maintaining server farms and low-level infrastructure. Their personnel can concentrate on higher-value work — research and development and responding to customer needs — instead.

With organizations using an average of five clouds, the key to success is visibility across these environments to properly deploy governance, optimize costs and more. Cloud services providers that offer tools, portals and insight for multi-cloud infrastructure are better poised to deliver value and success to your organization.

Cincom: Cloud-enhanced quality

With an almost 50-year history of providing software solutions, Cincom Systems was looking for reliability, quality and integration capabilities when it researched cloud solutions. Customer demand for cloud-based solutions was growing, and after both managing a cloud in its own data centers and working with other cloud providers, it found a partner in DXC Concerto.

Cincom has been adapting to a growing demand for cloud solutions, but providing excellent experience and support is at the heart of all its efforts.

Randy Saunders, program director for Cincom, explains: “When we first started going to the cloud we tried to be very flexible with what our customers wanted. We don’t just sell a standard product. A lot of times, there’s integration with it, whether that be another cloud application or on-premises. Some customers want to bring their own cloud, and we try to support that.”

Cincom started working with DXC Concerto when a customer wanted to move its CPQ product to the Concerto cloud along with its customer relationship management (CRM) system. Cincom quickly realized that the hybrid cloud and integration capabilities of DXC Concerto were a good fit for the quality it delivers to its customers.

Saunders further states, “The product we work with DXC Concerto on is called CPQ, which is a configure price quote product. It is for customers who have a lot of complexity and variations in their products. They can have integrations with many systems. It can be complex to implement in the cloud. When we started working with DXC Concerto, we realized they understood business applications and were a great fit for us in terms of quality service, integration points and the way we serve our customers.”

With customer relationships that are decades long, it was important that Cincom could present its new cloud-based solution with confidence. Cincom joined the DXC Concerto Partner Program and made the choice to focus on the applications over cloud management.

“We acquired and started working with our first SaaS [software as a service] product in 2004,” says Saunders. “We’ve been in the cloud game since that time. We tried to do everything ourselves. It was a multi-tenant solution; we ran it in our own data center. And we went through all the pains of that. We’ve made the decision now to work with someone else to take care of the cloud things for us, so that we can focus on the applications. Because that’s what we are really best at.”

The one truth about hybrid cloud

It’s a multicloud world. And among the many options, there are some things a hybrid cloud is not. It is not colocation with multiple providers. It is not disparate applications running in multiple public clouds. And it is not cloud infrastructure that cannot interoperate.

Infrastructure passed off as hybrid cloud has fueled some of the persistent myths out there about migrating to the cloud. Many of them are based on legitimate and understandable fears. However, they are also well understood by cloud providers, and cloud providers have been working actively to design and recommend solutions that directly address short- and long-term requirements. There are many ways to take advantage of the cloud while still protecting yourself from the security, cost and other issues that are inevitably considerations for an off-site implementation.

Although cloud solutions are extremely flexible, they are not necessarily simple or straightforward. Moving to the cloud without the right knowledge, planning and expertise can turn a smart business decision into a very costly mistake.

That leads to the one big truth about the cloud: you need to partner with specialists who truly understand the platform, and who know the capabilities and limitations that the various available options provide. The right specialists can identify your needs and design a solution to fit it, as well as create a plan to implement it effectively and successfully. In fact, CIO Magazine recently called lack of expertise the biggest current challenge for the hybrid cloud.

The cloud is a powerful new tool, and many companies are finding ways in which it can provide important advantages for both their technology and their business. By ignoring the myths and addressing the real issues of the cloud, you can determine the true business opportunities it offers for your own business.

Next steps

Consider your options. Have you started looking at your own move to the cloud? Are changes to your cloud platforms necessary to enable modernization initiatives? Are some platforms out of balance in terms of costs or risk?

You can start looking at your solution today by requesting an assessment of your workloads to understand whether public, private or hybrid cloud is for you. We can help you get a handle on your general needs as well as deliver a detailed comparison of cloud options and costs.

Why DXC Concerto?

DXC Concerto, the mid-market cloud offering within DXC Technology, specializes in providing a best-in-class multi-cloud platform that helps organizations accelerate digital transformation and realize their full potential. We make cloud adoption easy with unrivaled uptime and accelerated delivery, worldwide. Our strategic partnerships include Microsoft, NetApp, Cisco and Amazon Web Services. Delivering application expertise, innovation and service excellence in every engagement, we serve as trusted advisors to customers and application partners seeking to better manage risk and reduce operational challenges.