A Forrester Consulting Thought Leadership Paper Commissioned By HP It s A Hybrid Cloud World Are You Managing Your Hybrid State? September 2014
Table Of Contents Executive Summary... 1 You re Already Hybrid... 2 Speed, Scale, And Cost Motivate The Hybrid State... 2 The Management Challenge Is Threefold... 3 Security Is Job One... 3 What Customers Are Doing To Mitigate Hybrid Cloud Challenges... 4 Benefits Achieved From Managing Hybrid Cloud Well... 5 Key Recommendations... 7 Appendix A: Methodology... 8 Appendix B: Endnotes... 8 ABOUT FORRESTER CONSULTING Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting. 2014, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to www.forrester.com. [1-N6OVJV]
1 Executive Summary If your company is using cloud computing services today, it s highly likely you are already in a hybrid cloud configuration. The key question is whether you are actively managing this reality. Whether your company uses software-as-a- service (SaaS) or deploys applications to a cloud platform, there is a high likelihood those services are connecting back to at least one resource in your data center. For example, enterprises using SaaS-based sales force automation software usually connect this application to their on-premises enterprise resource planning (ERP), finance, or ecommerce systems. That integration makes your environment a hybrid cloud, potentially exposing your company to vulnerabilities, increased costs, and operational challenges. Enterprises need to acknowledge this reality and start managing their hybrid state now, rather than viewing hybrid as some mythical future state when public cloud meets private cloud. Too late you re already hybrid. In January 2014, HP commissioned Forrester Consulting to evaluate the state of enterprise hybrid cloud environments and how they are being managed. Forrester developed a hypothesis that tested the assertion that enterprise IT operations teams struggle to recognize and manage this hybrid state a hypothesis that was proven out. Hybrid is not some future state when public cloud meets private cloud. If you re using any cloud service, you re already hybrid. In conducting in-depth interviews with 10 enterprise IT leaders, Forrester found that these companies acknowledged that their cloud deployments were calling back to the data center, but they articulated a variety of management challenges with these integrations. The most prominent issues were data management, identity, and lack of heterogeneous tools and dashboards. KEY FINDINGS Forrester s study yielded four key findings: Cloud use is motived by agility, scale, and cost savings. Nearly every enterprise spoken to either entered into the cloud to quickly address escalating business challenges that were difficult to address with traditional IT or to lower the cost of supporting the business. As such, business leaders played a key role in selecting the cloud service, specifying desired business outcomes, and defining integration needs. The elastic nature and cost model of cloud services were a key value. Security, while a top concern, is quickly addressed through experience. Enterprises that are leveraging cloud services in a hybrid mode and managing them actively reported far less fear about security than the average enterprise. This comfort level came through determining where assets should be placed and how cloud use and on-premises integration can be configured and managed. Positive experience leads to strategic thinking. None of the enterprises interviewed saw cloud as a one-time move. By gaining hands-on experience with hybrid environments, they quickly began identifying the next cloud use cases. Use cases shifted from opportunistic to strategic, thus expanding the use of cloud services. Management tools are needed, but choices are unclear. What didn t come out of this study was a clear picture of how to best manage a hybrid cloud environment. Most interviewees met their management needs in an ad hoc fashion using a mix of cloud-specific and in-house tools. All felt the need for a better answer to this issue.
2 You re Already Hybrid FIGURE 1 SaaS Is Mostly Complementary With Some Replacement According to Forrester s Business Technographics surveys, nearly 70% of enterprises are leveraging at least one public 1 cloud service today. And in nearly all cases, that service is connected to one or more services running in the corporate data center. The moment you have connected a public cloud service to anything else you operate, you have gone hybrid. This integration opens your corporate data center to a public service, a connection over which business processes run, data flows, and identities and intellectual property are accessed. This situation will only get more complex as some of the following key trends evolve: SaaS use is huge and growing quickly. IT decisionmakers have long underestimated the use of SaaS, regarding it as a niche phenomenon occurring at a departmental level. But SaaS is definitely more than that. As our Forrsights Software Survey, Q4 2013 shows, the average enterprise is using 38 SaaS applications today and will more than double this number in the next two years. SaaS complements existing on-premises applications. Our surveys also show, as did the interviews conducted in this study, that SaaS isn t always replacing on-premises software but rather adding new value and capabilities to what you already have in place. In 2012, according to our Forrsights Software Survey, Q4 2013, 63% of SaaS investments were made to complement existing systems. New systems of engagement need to integrate with traditional systems of record. Companies are investing in new applications that engage customers and employees, such as mobile apps and social interaction tools, as a way to innovate and grow. But these systems are not silos; they must reach back to your systems of record like core ERP systems, finance and control systems, and human capital management (HCM) systems to engage users and drive meaningful business interactions. Managing this integration will be critical if companies are to achieve their growth and innovation targets. Scale and speed are best achieved in the cloud. Systems of engagement, media, business intelligence, backup and disaster recovery (DR), and research and development applications can never have enough compute power or storage capacity; their resource needs *Forrester forecast Source: The Public Cloud Market Is Now In Hypergrowth, Forrester Research, Inc., April 24, 2014 vary dramatically based on the business cycle. These needs are precisely what public cloud platforms are designed to address and are their key differentiators from traditional infrastructure environments. Speed, Scale, And Cost Motivate The Hybrid State Enterprises are under growing pressure to move at the speed of their customers, including by scaling in an instant when demand peaks. But hand-in-hand with this are the constant pressures to keep IT costs from escalating. Thus, the appeal of cloud computing services both for the business and IT sides of the enterprise is rising: Autonomy and automation bring cloud value in less than 15 minutes. Cloud services are standardized, automated IT solutions that can be provisioned in an instant. The CIO for a large food production company said this helped him roll out a new SaaS-based solution worldwide in record time: If we had taken on another solution, there s no way we would have been operational in three months not a prayer. Scale is automatic and unlimited in the cloud. We had been looking to leverage [the] cloud by moving parts of our website [there] so we have the capability to burst when there s high traffic, then come back down, said the VP of web operations for a large consumer goods
3 company. We have certain periods when we have peak demands of 10 to 20 times [our normal traffic], but for a short period of time. For example, my storage needs can go from 1 to 2 TB all the way to 22 TB. Lower costs are proving real. While cloud is highly touted in the press as being lower cost, the enterprises interviewed for this study proved that when it s used in a hybrid mode, other benefits come through. A director of software development at a large construction firm said that by putting the right capabilities things with elasticity demands or transient use patterns in the cloud and having fewer infrastructure and operational responsibilities, the savings come through quickly. Our COO and CTO have quantified over 60% in savings, he said. The Management Challenge Is Threefold Most companies have arrived at their current hybrid cloud state deliberately, but not in ad hoc fashion. Rarely did they start with a strategic plan for broad cloud adoption although all said that is now a key initiative. Each started with a specific business case and built a management model that suited that use best. As their use of cloud has expanded, the need for a more concerted approach has arisen. In other words, things only gets worse the more hybrid you become. Our interviewees faced three key areas of challenge: Lack of integration architecture. The essence of hybrid is the integration between a cloud service and onpremises (or non-cloud) resources. And there are few consistent integration approaches. The first approach may not be the right approach long term, said the CIO of a large food production company: I wish we fully understood our reporting requirements upfront. It would have saved us time on going down some integration paths that we ultimately had to reverse. Need for better data governance and management. Integration isn t just a network, it s a conduit through which corporate and customer data flows. This means understanding what data can and cannot traverse this connection or reside in the cloud. The director of IT architecture for a large university faced this when he hybridized its email system with students served from the cloud and faculty and staff staying on-premises: We have clear definitions of what is public and not, but don t have the governance [in place] to go with it. Lack of good hybrid cloud tools. Most of the enterprises interviewed said they manage the cloud and on-premises sides separately due to lack of tools with good fidelity on both sides. It s another thing I have to build, said the CIO of a large publishing company. There are the standard [virtualization] tools and standard [public cloud] dashboards, but those don t help me. Our COO and CTO have quantified over 60% in savings. Director of software development at a large construction firm Security Is Job One As is cited in nearly any study on cloud implementations, security is the No. 1 concern. Integrations with public cloud resources cross through corporate firewalls, expose employee identities to third-party services, and potentially put customer and corporate records at risk. But in nearly all the interviews conducted for this study, enterprises indicated they were actively managing these risks. We re deliberately in a hybrid model for security reasons, said the director of IT engineering at a large publisher. Our interviewees faced challenges that fell into three areas: Data protection. It s one thing to say that you should only put public data in the cloud. It s another when the reality is that you are trying to deliver business value, as is the case for the healthcare company in our study. We had a series of initiatives to get our patient data into a central repository (i.e., the cloud) that would enable easy access for internal and external users, said its senior director of software development. One of the projects... revolves around deploying that securely and with easy access. Our security and legal groups were heavily involved. Their solution involves secure private connections between the cloud service, their internal private cloud, and third parties. A service provider partner ensures Health Insurance Portability and Accountability Act (HIPAA) compliance throughout the implementation, he said. The same interviewee described the struggle his organization still grapples with around actual knowledge of the data being moved. The guy transferring over [to the public
4 cloud] has no idea what s been selected, he noted. It s easy for the dots to become disconnected. FIGURE 2 Hybrid Integration Requires A Multidirectional Model Identity and access management. In a successful hybrid cloud environment, you don t want the employees who use the services to have to maintain separate identities and passwords for in-house and cloud services. Thus, the enterprise clients interviewed brought in single sign-on and identity federation solutions. Yet enterprises should be aware that this isn t always a straightforward answer. Our authentication stack is pretty complicated, said the director of IT architecture for a large university. It s a big mess. Expectations and fear, uncertainty, and doubt (FUD). The third and for many of our interviewees, most vexing security challenge is cultural rather than technical. With all the news reports about intelligence agency backdoors, credit card fraud, and other threats, enterprise IT shops often have to spend more time allaying fears. The concerns were more hysterical than fact-based, said one of our respondents. The university director of IT architecture cited earlier conducted town halls and team meetings to address the security concerns voiced by faculty and staff, then let his employees choose their own degree of risk. We offered an opt-in policy at first so people could opt out if they weren t comfortable, he said. But the takers on this was under 5%. We re deliberately in a hybrid model for security reasons. Director of IT engineering at a large publisher What Customers Are Doing To Mitigate Hybrid Cloud Challenges All enterprise IT leaders interviewed for this study know that from here they are simply going to become more hybrid over time as more cloud services come into the organization and more business cases leverage the cloud. As such, they are actively shifting from their ad hoc hybrid management models to a more strategic, architectural approach. What I m working on is a repair effort for the cloud strategy that I found when I came in, said the CIO of a large publisher. The keys to their approaches were: Source: The Hybrid² Integration Challenge, Forrester Research, Inc., May 1, 2013 Adopting a hybrid cloud integration architecture. A bunch of one-off connections between cloud services and on-premises applications isn t sustainable, so the leading enterprises are taking a more concerted approach that leverages integration solutions, message buses, and (application programming interface) API management tools that concentrate multiple hybrid cloud connections 2 through as few means as necessary (see Figure 2). We used an integration platform behind the scenes, managing the input/output, said the director of IT architecture at a large public utility. The organization combined this with a cloud-native integration solution so it could optimize and standardize the types of connections needed. With few off-the-shelf options for widely varying and highly customized hybrid architectures, customers are considering more flexible integration approaches such as open source integration (OSI) in an effort to cut costs and 3 increase agility (see Figure 3).
5 found, To save costs, we shut down development and QA automatically at certain times of the day and start it back up at different times of the day. FIGURE 3 Cost, Flexibility, And Innovative Features Are The Top OSI Solution Drivers Everything starts internally and we push out for elasticity purposes. I m now in the process of automating pulling things in and out so that we can control our costs. CIO of a large publishing company Base: 70 application development and enterprise architecture personnel considering, piloting, or using open source tools (multiple responses accepted) Source: Q4 2011 Global Integration Online Survey, Forrester Research, Inc. Building a cloud service broker model. In addition to standardizing hybrid connections, efficiencies can also be gained by procuring and provisioning cloud services in a common way, which can be achieved by serving as a central broker for cloud for your company (see Figure 4). A broker approach also lets IT decide which use cases fit best with the cloud versus those that can be more costeffectively handled internally. Understanding the different cost models and architectural fit is key to optimizing hybrid cloud spend for the CIO of the large publishing company we spoke to: I m deploying an internal cloud to create more efficiencies and a broker relationship whoever s cheapest and has what we need processing or speed depending on the circumstances. Everything starts internally and we push out for elasticity purposes, he said. I m now in the process of automating pulling things in and out so that we can control our costs. Exploring hybrid cloud management tools. While few such commercial tools were in use by our interviewees, nearly all acknowledged the need and in more cases than not had built their own. These tools focused on two key values: monitoring and provisioning. Both are valuable for performance, availability, and operational agility, but they can be key to cost savings as well. As the director of software development at a large construction company Benefits Achieved From Managing Hybrid Cloud Well The consensus response from the enterprises interviewed for this study was that operating in a hybrid cloud environment yielded, on average, a 30% cost savings over traditional IT deployments. However, the straight cost of cloud versus in-house spend was a smaller part of the benefits achieved. Nearly all cited that: Operational gains were the biggest wins. Cloud services are standardized and highly automated, which means your use of them needs to move to this model as well. The director of IT applications at a public utility said the biggest benefits have been achieved through standardizing IT processes and forcing people to stick to them. The IT guys aren t too happy about the latter because they no longer have the freedom to develop and use the tools they want. But the cost savings outweigh that. Pay-per-use yields big gains when the apps can take advantage. Those achieving the biggest gains from a hybrid cloud architecture were actively placing the right apps in the cloud and keeping solutions that couldn t activate the cloud s unique economic model on-premises. The VP of web operations for a large consumer goods company was very selective about what he put in the cloud, moving only those applications that had elasticity. Only with these applications could he take advantage of what the cloud was really offering, which is true utility computing. You need to put business rules in place that leverage elasticity. I lose the advantage of cost savings by being inelastic.
6 Valuable staff is freed up to add greater value. With cloud services managing infrastructure, backup and DR, and even full applications in the case of SaaS, valuable full-time IT employees don t have to deal with these operational details and can instead focus more on how the company can best leverage these services. The director of IT architecture at the university said just the support burden alone was reduced 20% to 30% from leveraging the cloud. Additionally, the move to hybrid cloud freed [IT staff] to focus more on refining internal processes to provide better service overall, he said. We re a lot less reactive than we used to be and have more bandwidth to be proactive. FIGURE 4 Be A Hybrid Cloud Services Broker For Your Organization Source: Cloud Broker A New Business Model Paradigm, Forrester Research, Inc., August 10, 2011
7 Key Recommendations So how can you get going on a successful hybrid cloud implementation? It starts with recognizing that cloud services are unique tools to add to your overall portfolio rather than replacements or threats to central IT. You should also have a solid plan to onboard cloud services and integrate them into your existing portfolio and operational model. Forrester s in-depth interviews with IT executives yielded several important recommendations: Get a cloud policy in place. To best embrace cloud services, your organization needs to have a plan for when, why, and how to use cloud services. This starts with a clearly articulated policy statement that lays down the 4 basic rules for their use. It should help articulate what makes cloud services different and how they can best be used to bring benefit to your organization. And the policy should point out who in IT can help the business leverage cloud most effectively. Start hybrid management with unified monitoring. Many respondents said visibility was most needed where true customer experience could be best measured. As the VP of IT engineering for a large publisher put it, I would prefer to have an app-centric (as opposed to network-centric) reporting view that shows the overall relationship between the cloud environment and our own. The director of software development for a large construction company added: We have seen slowness and some customers have complained, but it s very sporadic. We re monitoring this so we can identify it and tackle it if it happens again. Know your data in order to secure your assets. If you re like most companies in our study, you re sending a myriad of sensitive information across connections and into the public realm. Defining your data by giving it identifying traits is a basic and effective way of knowing what is where, thereby enabling you to pinpoint vulnerabilities while still driving crucial business value. Knowing where your data lives, classifying its toxicity, defining clear data use, and handling roles and guidelines are relatively simple yet highly effective steps in 5 achieving hybrid cloud security. Bring in third parties to supplement your staff and knowledge. If your company is just starting down the cloud path or hasn t started moving from ad hoc to strategic use, don t learn the lessons of cloud the hard way. There are many consultancies, managed service providers, professional services firms, and peer groups that have rich expertise in managing hybrid cloud environments. Take advantage of what they know so the benefits you want to achieve will come sooner. This helped the VP of web operations at a large consumer goods company meet his time-to-market objectives and accelerate internal learning: We outsourced support of this application to a third party and said, Put it in [the cloud] because we want to get our feet wet and we don t have time to do it. Help your IT staff see the benefits they will gain from cloud. For many an enterprise, the group resisting cloud the most is often your own IT staff. Their reluctance is often driven by fear that the cloud will make them redundant or that their skills won t translate. Rarely is this the actual case. But you must address these fears and help these important stakeholder see a more valuable career path through the use of cloud services. Our IT staff isn t concerned about moving more to the cloud, said the director of IT architecture at a university. There s plenty [of services and plenty of work for them] staying on campus.
8 Appendix A: Methodology In this study, Forrester interviewed 10 senior-level IT professionals with experience in cloud platform implementation in the United States, Canada, and Germany to evaluate their deployment and consumption of such services. Questions provided to the participants addressed adoption motivation, implementation challenges, management practices, and future plans. Respondents were offered gift cards of $100 as a thank you for time spent on the interview. The study began in January 2014 and was completed in April 2014. Appendix B: Endnotes 1 Source: Forrsights Software Survey, Q4 2013, Forrester Research, Inc. 2 Source: The Hybrid Integration Challenge, Forrester Research, Inc., May 1, 2013. 3 Source: Open Source And Cloud-Based Integration Trends, Forrester Research, Inc., February 6, 2012. 4 Source: Write An Effective Cloud Use Policy, Forrester Research, Inc., August 31, 2012. 5 Source: Twelve Recommendations For Your Security Program In 2014, Forrester Research, Inc., February 5, 2014. 2