CIOs are learning to adapt to a new reality in their IT landscape. IT departments today are moving many applications, infrastructure, and IT tools to the cloud. But they cannot move everything at the same time, and there are some assets it may never make sense to move to the cloud. The result is that hybrid IT has become the default operating model for the future.
Hybrid IT allows companies to extract more value from their current assets and provides a foundation for driving business impact with strategic cloud investments (see "Hybrid IT- a Smart Strategy"). Yet, there are important success factors to effectively managing a hybrid environment. Each additional IT vendor makes the hybrid IT environment more complex and adds the potential for conflict from variation in service models. For example, each vendor will bring its own break/fix processes, its own testing tools, and its own security protocols. These variations can lead to business inefficiencies and rework.
Making a success of operating and maintaining a hybrid IT environment therefore requires careful planning. Here we outline our six guidelines for success, a mix of functional and technical best practices to help develop a roadmap for your journey to a hybrid IT model.
Functional best practices
Three of our guidelines concern functional areas. CIOs need to build the hybrid portfolio strategically, looking at when to use the cloud and when to retain non-cloud solutions. They must address staffing, both for building and operating hybrid IT. Finally, support services must evolve to address the cloud and non-cloud components of the hybrid IT environment. Recommendations for each of these three priorities are as follows.
1. Select applications based on business capabilities and delivery models
IT teams need to take a strategic view on whichbusiness capabilities should be put in the cloud versus those that should remain non-cloud.For example, a cloud-first strategy may be established for customer-facing applications while a ‘best fit for purpose' approach may be applied to high volume, tightly integrated, or highly sensitive applications.
Bear in mind that application and service placement (cloud versus non-cloud) may be a new discipline for the enterprise. It's important to develop and staff appropriately to cover multiple delivery models.
A framework for making application sourcing and placing decisions quickly and efficiently will be needed. Decisions on adopting cloud purchases are typically made on a much faster timescale than most historical purchases of large, complex, non-cloud solutions.
2. Give staff the skills to implement and operate hybrid IT
The pool of cloud expertise is smaller than the demand for those skills. In addition, skills such as platform management and cross-silo engineering will need to be formalized or expanded in order to maintain a hybrid IT environment.Assess the need for technical skills such as cross-silo engineering, cloud security, platform management and integration.
Where skills are difficult to locate, consider a teaming approach to achieve the full complement. Consider retraining internal staff to fill cloud skill gaps rather than hiring new. If you are able to temper staffing efforts with re-skilling opportunities, it will quell potential fears of staff displacement.
It's often necessary to add functional skills in areas that become more important when managing relationships with cloud-based suppliers, such as vendor management, service management, and strategic sourcing.
3. Cross-portfolio support services should account for vendor SLAs and policies
In a non-cloud environment, the company has almost total control over how support services are delivered, but in a hybrid environment, the vendors are in control of how and when some critical support activities happen.
Having multiple vendors in the hybrid portfolio creates the potential for conflicting (or at least incompatible) SLAs. For example, one vendor's guaranteed outage response time may be longer than another's - which can turn into an SLA issue if the second vendor can't meet its SLA due to waiting on the first to respond.
Processes and governance for every aspect of support - including but not limited to solution design, testing, backups, outage recovery, and coordinating planned down times - must be compatible across multiple vendors' internal processes and governance.
Be clear about where responsibilities are assigned. Establish ‘who owns what' RACI (responsible, accountable, consulted, and informed) for each vendor. It's worth considering a managed services model for operating and managing the hybrid IT portfolio of cloud and non-cloud products and services. In this approach, one organization is responsible and possesses the operational skills and staff to run and maintain solutions across the portfolio. This minimizes the disruption and accountability issues that can occur when multiple providers are independently responsible for only individual parts of the whole solution.
Technical best practices
The second set of three guidelines focuses on technology issues, such as architecture, integration and security. In a hybrid IT model, the architecture becomes more challenging with each additional vendor added into the mix.
1. Don't allow architectural complexity to get in the way
An increased number of vendors, options, and choices can create architectural intricacy that leads to a more complex IT environment. A mix of cloud and non-cloud solutions increases architectural complexity at the touch points. Where data, process, and security cross over delivery models and vendors, these variations must be addressed prior to onboarding.
Change occurs more frequently in a hybrid IT environment - cloud capabilities are intended to be swapped out as better solutions come to market. Operational activities such as product version control will be critical to ensuring that the hybrid IT environment can withstand change. Also assess the ease of interconnection across disparate vendors and products.
Retain non-cloud products where it makes sense to utilize them as the foundation on which to deploy cloud solutions around the edges. Good candidates for retaining non-cloud licenses include applications such as ERP where tight integration is necessary¸ existing customizations that have solved unique requirements, and/or when no SaaS solution can provide functional parity.
Conversely, create agility and flexibility in the hybrid environment by moving capabilities to the cloud that don't require tight integration. Such products often require frequent or rapid change to keep the company competitive, and can be easily swapped out as better solutions become available.
Ensure that your hybrid IT architectural design is flexible enough to rapidly onboard, off-board, and retire solutions. Establish ongoing monitoring for bottlenecks or failure points due to multiple vendors, diversity across vendors, and potential cloud/non-cloud friction.
2. Governance, process, and tools for integration should create a seamless solution
Integration is among the highest priorities in a hybrid IT model. Process integration must become a discipline as it is not automatically assured (as it would be in a suite). Data integration will increase in priority because data integrity, access and usage rights, ownership, and synchronization can become complex across vendors due to an expanding variety of endpoints.
An integration center of excellence (COE) may be needed to manage the hybrid portfolio. The integration COE can help bridge the "language barriers" between vendors and build common processes when needed. Modern integration tools from platform as a service (iPaaS) may need to be added to the integration tool kit to address cloud-to-cloud and cloud-to-non-cloud requirements. Which integration mechanism to use, data and process ownership, and integration integrity are examples of areas where governance will need expanding to accommodate the multi-vendor nature of a hybrid portfolio.
It's advisable to build expertise in cross-vendor knowledge. This will prove invaluable when solving integration requirements and constraints that are not addressed by the vendors' pre-packaged connectors. Earmark integration as a substantial part of application costs.
3. Security processes and controls must keep the hybrid IT environment safe
There will be as many variations of infrastructure security processes and protocols as there are vendors in the hybrid portfolio; some may not be compatible. At the application layer, use of unifying technology such as single sign-on or portals can ease access to applications and tools but may not eliminate conflicts in individual security designs. Validating security control effectiveness across the hybrid portfolio can be challenging as the customer won't have a granular level of visibility into the cloud vendors' security.
It's therefore important to align security processes and controls across the portfolio. Take particular care to define ‘who owns what' in infrastructure and application security services. Pay special attention to defining and assigning ownership of identity and access management controls.
It's up to you to determine how much the company is willing to trust ‘the cloud' - but remember to verify. Develop security audit and effectiveness measures that accommodate any lack of visibility into cloud services.
The benefits of a hybrid IT environment are significant and well worth any additional complexity, but it is important to proactively address critical success factors. Moving to the cloud is a lengthy and often tortuous journey. The guidelines outlined here will help you navigate the challenges and find success in deploying the hybrid IT model.