In most cases, hybrid clouds offer the best combination of scalability, ease of use, strategic flexibility, and data security—but they may not be the right fit for every company.
Cloud computing has garnered a lot of attention in recent years, and companies are grappling with indecision about implementing cloud technology strategies. A large part of the confusion lies in the difficulty of choosing among three primary cloud architectures: hybrid, multi-, or single cloud. Making the right choice is critical because designing a cloud architecture is complex and expensive and may duplicate some of the effort that companies expend on designing and managing existing data centers and networks. In addition, some companies worry that using the cloud could weaken their compliance and privacy safeguards, particularly in regulated environments.
The hybrid cloud architecture offers flexibility that makes the decision a bit easier. Simply put, hybrid clouds connect at least one public and one private cloud, providing management and program portability. They allow companies to place their applications and data on the cloud or in house, as appropriate, ensuring protection of sensitive information and control over how people who have access to resources use, maintain, and share them. Moreover, hybrid clouds are designed to work with already-purchased private on-premises hardware, while offering the seamless experience, scale, ease, and agility of the cloud platform and cloud management.
In addition, because of their innate dexterity, hybrid clouds will play a major role in increasingly prevalent hyperplexed computing environments. This relatively recent technology trend replaces traditional digital implementations of hardware and software with software-defined, fully virtualized technology infrastructure. In a hyperplexed world, all layers of the technology stack—including apps, programs, devices, and interfaces—are modular, interchangeable, and able to act either autonomously or collaboratively. They may have both a physical presence and a cyber presence, and much of the time they communicate seamlessly over cloud-based systems. In the future, the hyperplexed model will be an essential tool for businesses seeking to operate at high levels of efficiency, remain competitive, provide satisfactory user experiences, and generate optimal results.
One of the most appealing features of the hybrid-cloud architecture is that companies can use the cloud as an efficient way to update and modernize IT applications. For instance, companies can add new artificial intelligence programs without spending enormous amounts of money to tear down and rebuild legacy networks. And the cloud part of the hybrid system is likely to be compatible with any digital direction that the company adopts, as converged and virtualized infrastructures across the technology stack become the norm.
Featured Insights and Perspectives from BCGExplore
Despite the many virtues of hybrid clouds, they may not be the right option for every company. For instance, more centralized businesses, such as media companies, may discover that the public cloud is a better option because much of its data and information content already resides in one place and is relatively easy to upload to a single cloud storage provider. But overall, hybrid clouds seem to be emerging as a favorite choice. In a recent BCG survey of more than 600 global IT decision makers, more than 90% said that they had implemented hybrid clouds in one form or another. More than half said that they had installed a combination of all three cloud types, establishing a truly hybrid model, up from about one-third three years ago. (See Exhibit 1.)
Although companies can overcome internal pockets of resistance to cloud computing, the practical path forward can be challenging. Migrating an enterprise to the cloud is not a simple matter of paying for the system, plugging it in, and turning it on. To be effective and maximize business value, the hybrid cloud must serve as the backbone of the organization’s IT strategy and must provide efficiency and performance improvements across the organization.
To simplify this process and offer a reliable roadmap for hybrid-cloud implementation, we have culled from BCG’s company engagements the primary questions that companies ask and the key obstacles they face in implementing the new system. The most crucial question for a company to address right off the bat is which cloud or private technology architecture is best for its needs. If the hybrid-cloud approach is most appropriate, the next question is how much of the company’s IT activities to transfer to the cloud platform. (See Exhibit 2.)
As a rule of thumb, on-premises systems across the hybrid-cloud stack should house and support localized dependent applications, particularly information and databases that the company must keep onsite to meet low-latency requirements and comply with local or regional data protection regulations. In contrast, the public cloud can envelope the entire enterprise, providing shared applications and data. Taking into account the significant value of scaling software, some companies should consider fully migrating to the cloud. To some degree, regulatory policies will dictate where companies place their data and applications, but both the on-premises and cloud infrastructures must follow the most advanced security guidelines. By viewing the hybrid cloud holistically as two essential components of an overall network, companies will be in a good position to continually reassess their IT portfolios and determine the appropriate protections for specific programs and data. For instance, an auto company might give its product designs the highest level of protection and local server storage, while moving its vehicle airflow simulations—which require large amounts of computing power—to the cloud.
Another thing to consider in setting up a hybrid-cloud network is network efficiency. On-premises systems generally have less inherent latency when communicating with a company’s overall network than does a cloud system, over which files, documents, graphics, raw data, and applications must travel a greater distance and navigate a more complex infrastructure. As a result, the company may find it more efficient and economical to process large volumes of data locally, rather than parking them in the cloud. This is especially true if the company has a far-flung factory footprint with multiple local networks in different regions, as a manufacturing or pharmaceuticals company might.
Companies face four key questions in planning a hybrid-cloud implementation. (See Exhibit 3.)
What type of organizational structure and technical capabilities do I need to manage the hybrid-cloud architecture? Many companies shy away from hybrid-cloud systems because they fear introducing more confusion and complexity into their day-to-day operations. Although this possibility is a risk with any new, large technology effort companies can minimize it by establishing a cloud center of excellence, reporting to the CIO or CTO, to oversee the effectiveness of cloud adoption from the standpoint of both installation and uptake across the organization. The center should focus on defining cloud priorities, applications, and strategies; assessing and obtaining required implementation resources; and reporting on progress, challenges, and key decisions.
In companies with centers of excellence in place, successful cloud implementations tend to have two critical elements in common. The first is a strong technical foundation that includes universal interfaces across the organization for logins and access, automation of the cloud infrastructure, and a secure networking model. The second is a complete set of the cloud implementation’s necessary organizational and process components, including well-developed operational guidelines and operational standards, along with a strategy for adapting traditional corporate IT processes and structures to manage cloud systems. This adaptation involves shifting the organization from Information Technology Infrastructure Library (ITIL) network gatekeeping to more-automated enterprise DevOps, as well as capabilities such as site reliability engineering (SRE) and cloud operations (CloudOps) that prioritize shared cloud and network services and applications.
How do I realize cost savings? Every IT organization wants to save its company money. But the way it manages cost reduction and measures efficiency in a noncloud environment differs greatly from the way it will do so in a hybrid-cloud implementation. In an on-premises network, costs relate primarily to hardware assets. How many servers are installed, and how many people does the IT department need to maintain them? If the company requires additional equipment, what are the expected returns from new applications to cover these costs? In the cloud environment, the questions are quite different. In particular, costs are determined by usage efficiency, which leads to a different set of key questions. How well has the company adopted the cloud network across the organization? How effectively is the organization using shared cloud resources to reduce the IT costs of in-house systems? Is the organization changing workflow schedules to promote optimal use of the cloud and taking advantage of the company’s downtime during nonpeak computing periods?
There are two primary ways for a company to achieve efficiency gains of as much as 60%. One is by leveraging hybrid-cloud architectures to use on-premises networks and applications more productively and (often) less heavily. For instance, the company can flexibly scale dynamic workloads up and down on public clouds while using local cloud systems for static workloads. The other way to improve efficiency is by lowering the costs of maintenance and systems updates, since the company can instantly spread a single IT fix on the cloud across the entire organization. Less direct but equally important cost improvements from the hybrid-cloud approach take the form of a shorter time to market for products and services and accelerated innovation, thanks to increased internal agility and collaboration from technology sharing and enhanced productivity. (See “How the Hybrid Cloud Pays Off.”)
To realize these gains, cloud implementation teams must embed high levels of automation not only in the interfaces between the cloud and users but also in testing and reliability protocols designed to maintain seamless and steady cloud performance. This effort is often referred to as “infrastructure as code”—a term that means using fully automated programs and configuration files to design, configure, and maintain cloud systems. Hybrid-cloud efficiency also depends on having IT leaders embrace the age of “software-defined anything,” allowing management of virtually everything in the company’s private and public networks without manual input. This approach is necessary not only for cloud components but also for the IT infrastructure itself. In a software-defined environment, on-premises equipment mimics the public cloud systems, resulting in similar software specs and automated interfaces that permit automation across the stack and improve operational efficiencies.
The final aspect of cloud cost containment involves metrics and transparency. Alerts and reports built into the networks should tell teams that are consuming the cloud when they have surpassed certain levels of resource usage. Users should have access to these alerts and to strategies for optimizing cloud performance and minimizing costs.
How can I ensure data security and regulatory compliance? When they consider storing a large amount of critical data on the cloud, many companies worry that safeguarding this information and maintaining data security protocols required by regulators may be difficult. As cloud networks have matured, however, these concerns have become less salient. Virtually every major cloud vendor has adopted platform architectures that combine enterprise security with cloud-supported data and applications safeguards.
Still, companies must resist the temptation to use improvements in cloud provider security as a rationale for ignoring data protection in a hybrid-cloud system. Instead, they should address data security as a priority early in the development cycle, giving them an opportunity to set their own data privacy and protection rules and metrics for the cloud network. Zero-trust security procedures—including robust identity authentication and authorization protocols—should be in place for the entire hybrid cloud, whether the interaction is machine to machine or machine to human and whether it is on the cloud or off. Similarly, data encryption rules should be implemented across the system. Fortunately, companies can manage all of these security processes through software virtualization and automation, and cloud-security vendors have developed new tools that make it much easier for companies to adopt multicloud and hybrid-cloud security policies.
Companies can grant individuals access to hybrid-cloud data on a need-to-know basis related to completing essential tasks—which may be a moving target—rather than granting access more broadly on the basis of business function. For instance, warehouse executives may not typically have access to raw sales data from an e-commerce activity. But as streamlining inventory controls and supply chains becomes an increasingly important source of competitive advantage, warehouse managers may need to download this information from the hybrid cloud to better forecast inventory size, storage locations, and upcoming orders.
Security guidelines should also address loss of control over data in the cloud when law enforcement, government, or—in a worst-case scenario—hackers seek access to such information. This increasingly thorny issue has gained urgency recently as governments have given legal authorities more leeway to retrieve data from company clouds when enforcing subpoenas for information that resides in on-premises company servers. Many businesses worry that this opens the door for expanded data searches outside their purview, and that they will have to depend on cloud providers to ensure that the data retrieval does not exceed what the subpoena or warrant permits. But if companies properly implement zero-trust and encryption protocols across the board, they will by default always be in a position to monitor the activities of outside parties authorized to access their data, because the companies—not the cloud providers—will hold the keys to this information.
In managing regulatory compliance, as in other aspects of hybrid-cloud management, members of the IT team must have the right skill sets. Meeting this need may entail recruiting people with new types of capabilities and upskilling existing staff to take advantage of their experience and institutional knowledge. For instance, recent technical university graduates are good choices to design and manage cloud systems because their up-to-date education is likely to have prepared them well for these roles; on the other hand, they probably have little understanding of how to oversee a compliance audit. Conversely, existing IT staffers typically have dealt with numerous compliance issues involving in-house systems, but not with ones involving the cloud. Although developing an IT team with both sets of skills—either through hiring or through training—may be difficult, it is worth pursuing.
How do I choose vendors for the hybrid-cloud architecture? The selection of cloud vendors and partners is critical to successfully transitioning to a hybrid-cloud architecture. In noncloud environments, IT teams usually have little trouble managing vendors. If a server supplier doesn’t adequately support its equipment, or if the hardware is unreliable, the team can simply replace the equipment with devices from a new manufacturer. But until recently, moving to a new vendor in a full-fledged hybrid-cloud system was not a viable option in many cases. Cloud platforms lacked sufficient standardization, which meant that transferring data, programs, applications, and interfaces often amounted to starting over from scratch.
That isn’t the case anymore. Changing cloud vendors is far simpler than it used to be, thanks to containerization (in which software and apps are boxed off, separate from the operating system, and hence able to run on virtually any platform), infrastructure as code, and increasingly standardized deployment and operating procedures. Today, choosing a cloud vendor to partner with is often a strategic decision. Economic factors such as price and coverage in service-level agreements are still important, but opportunities flowing from long-term partnerships—as well as ways in which the vendor’s cloud can further the business’s strategic plans—have taken on greater significance. From that perspective, determining which vendor technology options are most suitable becomes a critical consideration. These options may include installing the vendor’s hardware, its software components, or both. And when it comes to software, a company needs to decide whether to adopt cloud-native proprietary solutions or open-source ones.
These choices, in turn, have significant implications that require careful assessment. For instance, opting to install the hybrid-cloud vendor’s entire hardware and software solution will lock the company into that relationship. But this choice has advantages, too, including the possibility that the vendor could become a development partner in advancing the efficiency and productivity of the company’s hybrid-cloud system, which might give the company a leg up on its competition. In addition, aligning with one vendor could reduce the upfront costs of installing the system. Of course, the downside of this approach is that if the hybrid-cloud vendor relationship fails to produce the anticipated returns, starting over with a new vendor can be expensive, time-consuming, and disruptive, despite improvements in vendor standardization.
In our experience, the process of choosing and adopting a hybrid-cloud architecture involves navigating three critical stages. (See Exhibit 4.)
First, the company needs to decide whether a hybrid-cloud approach is likely to be more or less advantageous than alternative possibilities (pure cloud, multicloud, or no cloud). If the answer is yes, the second stage is to segment workloads and data assets prior to moving them to the cloud or keeping them on premises. The third stage is to determine which hybrid-cloud technology strategy the company should implement.
At the strategy or decision stage, it is important to recognize that not all companies are good candidates for the hybrid-cloud architecture. For instance, to maximize cost efficiency in an environment in which workloads fluctuate across the organization in response to changes in real-time customer activity by time of day or season, many retailers may do better to opt for the dynamic scaling capabilities of a pure cloud architecture. On the other hand, companies with extended global operations and factory footprints—for example, automakers and other large industrial businesses—that require onsite data centers at their remote facilities may benefit most from a hybrid-cloud approach.
In some highly regulated environments, such as the pharmaceuticals sector, operational efficiency is crucial. In these environments, the ability to develop and shift workloads quickly to meet marketplace and innovation demands, while minimizing the operational overhead linked to hardware and software usage, is especially valuable—and a hybrid-cloud architecture is an optimal way to achieve this ability. As noted earlier, however, these systems must incorporate the highest levels of security to satisfy regulatory and governance requirements.
Numerous approaches are possible at the design stage. Many companies use the cloud for extensive number crunching and for software that requires high-end computing power, such as artificial intelligence or machine learning programs. Others use the cloud as a massive data archive, while maintaining hot, current, and proprietary data on premises. Ensuring the safety of sensitive and private data plays a big role in segmentation choices as well.
When a company operates a lot of its own hardware, another possibility is to view the cloud layer in a hybrid system as essentially an abstract appendage to the on-premises network. In practice, this means automatically steering users to the appropriate hybrid-cloud subsystem on the basis of their needs, their anticipated efficiency gains, and the company’s priorities.
Another way to facilitate design and to decide which services to place on the public cloud and which to keep on premises is to use a cloud propensity model, which assesses the company’s entire business and sub-business process environment. By offering a holistic view of a company’s business processes, this model provides a framework for determining the best places to locate different parts of the IT ecosystem.
In cases where moving to the cloud involves undertaking a greenfield setup, it is advisable for the company to use a reference architecture. By offering a library of best practices, integration challenges, use cases, and technology tooling advice, reference architectures can simplify the process for establishing new nodes in a hybrid cloud. Indeed, even in brownfield applications, a reference architecture can provide valuable guidance.
Regardless of how the segmentation stage proceeds, the hybrid-cloud deployment itself does not vary significantly. Procedures for implementation, maintenance, and upgrades should be automated, software-defined, and agile, following continuous integration and design principles.
Companies have essentially three options to choose from at the technology strategy stage:
The first of these options usually yields the fastest implementation, because the system is pre-integrated and ready for on-premises use from day one. Of course, companies that take this route are locking themselves into a tight relationship with a single vendor.
Companies that choose the second option gain greater hardware flexibility and reduce their dependence on an individual vendor. In addition, they can upgrade dedicated hardware for various unique processing tasks, such as AI workloads, separately from other systems.
The third option gives companies full flexibility, but they must be willing to invest in and develop a team of technology professionals that can adapt open-source hybrid-cloud systems at scale. This approach works best for technology companies with a strong IT DNA.
For many companies today, digitization and the use of advanced technology are crucial to being competitive and navigating future disruptions—and cloud architecture will be a key enabler of these two elements as their importance continues to grow. It is therefore essential that companies make thoughtful, well-informed decisions about the structure, depth, and extent of their cloud networks. In most instances, hybrid-cloud architecture provides the greatest flexibility, data protection, productivity gains, cost savings, and potential innovation.
Although the hybrid cloud is often an excellent option, especially as hyperplexed and software-convergent environments come to the fore, it presents implementation challenges that companies cannot afford to neglect. The hybrid cloud is not a pure technology consideration for upgrading a network, but rather an operating model that focuses on goals and strategic results.
For many companies, that is a new way of thinking. Consequently, adopting a hybrid-cloud system often requires upskilling and an organizational and operational transformation that entails viewing the hybrid cloud as an enabler for achieving specific performance aims. Despite these challenges, hybrid clouds offer significant promise both for forward-looking companies adopting a hybrid-cloud architecture and for software companies developing the system’s backbone and components. But while hybrid clouds present a great opportunity, companies that fail to implement hybrid clouds in an organized, careful, and strategic manner are likely to be disappointed by the results.