Hybrid IT — the combination of internal and external cloud-based services — is transforming IT architectures and the role of IT.
Hybrid IT is the result of combining internal and external services, usually from a combination of internal and public clouds, in support of various business outcomes. Interest from large enterprises in the public cloud has been tempered by adoption risks, leading to architectures that connect internal core services and critical data to external, commoditized services. Hybrid IT relies on new technologies to connect clouds, sophisticated approaches to data classification and identity, and service-oriented architecture. Because of this new IT delivery model, the role of IT and its practitioners is undergoing significant change.
Cloud computing is real: It has moved from buzz to business, and has changed the nature of IT delivery. Many Gartner clients have now passed the definitional stage and are testing cloud architectures inside and outside the enterprise. Over time, the cloud will simply become one of the ways that we "do" computing, and workloads will move around in hybrid internal/external IT environments.
The IT professional will be responsible for brokering solutions from available service providers, including themselves. This collection of external and internal service providers will create a "market of functions" — functions that can be used to fulfill service contracts and can be easily swapped in and out based on policy variables (e.g., cost-effectiveness, geography and provider viability). In this scenario, IT evolves into a complex, heterogeneous supply chain governed by brokerage contracts.
Clearly, this model of service delivery challenges many longstanding IT practices and the business models of traditional IT vendors. We expect that most organizations will maintain a core set of primary service providers (cloud and noncloud) extended by an ecosystem of edge providers that fulfill specific solution requirements.
Cloud computing's business model — the ability to rapidly provision IT services without large capital expenditures — is appealing to budget-minded executives. CEOs and CIOs are pressuring IT organizations to lower their overhead by offloading services to cloud providers. But when IT organizations investigate potential cloud services, the market's volatility reveals that not all cloud services are created equal. Some cloud providers offer simple turnkey services that can replace internal software. Other cloud providers offer a vast array of services with varying degrees of security, availability, price and scalability that may or may not meet the application's technical requirements, IT compliance guidelines or the company's risk tolerance. Not surprisingly, IT organizations are taking an "adopt and go" strategy to satisfy internal customer IT consumerization and democratization requirements. For example, many IT organizations are adopting public cloud computing for noncritical IT services such as development and test applications, or for turnkey software as a service (SaaS) applications like Web analytics and CRM that can holistically replace internal applications and enable access for a mobile workforce.
For critical applications and data, IT organizations have not adopted public cloud computing as quickly. Many IT organizations discover that public cloud services providers (CSPs) cannot meet the security requirements, integrate with enterprise management or guarantee the availability necessary to host critical applications. Thus, organizations continue to own and operate internal IT services that house critical applications and data.
However, the public cloud has affected internal customers. Due to the pervasive growth of public clouds, many business units and internal customers have used and grown accustomed to IT as a service, and have built business processes and budget plans with cloud computing in mind. Now, these internal customers demand that IT organizations build internal private clouds that not only house critical applications, but also provide a self-service, quickly provisioned, show-back-based IT consumption model.
IT organizations that do not match the request for IT as a service run the risk of internal customers bypassing the IT organization and consuming IT services from the external cloud, thereby placing the company at greater risk. IT organizations realize that they not only need to compete with the public cloud consumption model, but must also serve as the intermediary between their internal customers and all IT services (whether internal or external). IT organizations are becoming the broker for a set of IT services that is hosted partially internally and partially externally — a hybrid IT architecture (see Figure 1). By being the intermediary for IT services, IT organizations can offer internal customers the price, capacity and speed of provisioning of the external cloud, while maintaining the security and governance the company requires and reducing IT service costs.
Source: Gartner (February 2012)
Let's examine the hybrid IT scenario from various perspectives:
Users, applications and data
Security and identity
Hybrid IT is likely to rely on hybrid clouds. Hybrid clouds are a connection or integration between two clouds — usually between an internal private cloud and an external public cloud. Hybrid clouds are constructed by using software or hardware appliances that enable applications and data to more easily migrate among connected clouds. For example, many applications are dependent on identity management systems to authenticate users or to consume terabytes of data, or they have deterministic input/output (I/O) latency requirements. These dependencies often prevent applications from migrating to the external cloud. Hybrid cloud solutions solve each of these dependencies in unique ways.
Essentially, two types of hybrid clouds exist:
Service interface-based: The service interface-based hybrid cloud utilizes an appliance to present a list of cloud services to the end user (i.e., the cloud consumer). When the user selects a cloud service, the appliance redirects the user to an internal or external cloud service based on the consumer's identity.
Infrastructure-based: The infrastructure-based hybrid cloud is essentially a software or appliance bridge designed to augment internal IT resources and integrate two clouds by connecting the back-end infrastructure of an internal cloud to one or more external cloud services.
Users are a driving force behind the move to cloud services, whether they realize it or not. To accommodate employees' and consumers' desired pace of change, legacy systems must give way to more agile IT that sources functions from a variety of suppliers. However, because information workers often access sensitive data and core systems, a significant portion of their experience is fed by internal IT services. The blend of internal and external services is successful when the experience of the user is seamless, and the risk to the enterprise is contained.
The externalization of IT is the movement of IT resources from direct enterprise control and ownership to one or more external service providers. One reason to externalize IT is to reduce expenses through improved value delivery and transition to variable costs. Another motive is to refocus efforts on core capabilities while examining alternatives for noncore capabilities. Core capabilities provide competitive differentiation to the business. Noncore capabilities, or context capabilities, typically have an indirect contribution or no contribution to differentiation: They are commodities. Another motive is to focus efforts on activities that the organization can do well (core functions), or at least better than capabilities that can be easily sourced elsewhere. A fourth motive is to respond to changing business conditions more quickly and efficiently, building a strategic, value-based partnership with the business.
As economic pressures increase, organizations have expressed an overwhelming interest in cloud computing, outsourcing and other options that externalize IT. Ultimately, organizations that desire to optimize business value and solution delivery will broker and integrate a mix of internally and externally provided services. This optimization will not be easy. Most IT environments require significant refactoring while introducing new challenges of cross-functional and cross-supplier integration. However, this refactoring will have the long-term benefit of clearly decoupling core and context functions so that they can be more effectively and dynamically redistributed.
With applications and users comes data. Lots of it. To make hybrid IT scenarios most effective, reinforced data management disciplines and new architectures for business analytics are required. Organizations must establish data governance, or face the ire of frustrated users or the risk of data leakage. Data governance defines decision-making responsibilities and decision makers' authorities for managing and using a business's data assets. Those assets are spreading throughout the hybrid IT ecosystem.
Most security analysts recommend that organizations be cautious about exposing their sensitive data in the public cloud, but many organizations and their users push the boundaries. Internal clouds have virtualization security issues similar to those of public clouds, but other protection characteristics are more similar to traditional IT. Trust boundaries change as applications move from internal networks and data centers to untrusted zones in the public cloud. Sensitive data may be encrypted before it is stored in the public cloud, or it may be masked to protect confidentiality.
The security of sensitive data in the cloud is the No. 1 issue for cloud adoption. Public CSPs are improving security practices and features, but the market ecosystem remains immature. Internal clouds may help enterprises gain IT cost and agility benefits without losing control of sensitive data. Securing the internal cloud requires advanced virtual security infrastructure and attention to securing the cloud OS orchestrator function.
New work models and more complex data structures complicate data security. Various classes of tools such as data loss prevention (DLP) are maturing in the market, but many enterprises lack well-managed information classification programs. Use virtual desktop infrastructure (VDI) and enterprise content management (ECM) to constrain information sprawl, but allow authorized information flows. Use data masking, tokenization and/or encryption solutions where confidentiality is required. Improve information classification with a review of top-down policies and processes, and use tools to monitor and discover sensitive data from the bottom up. Engage with data management groups on complementary master data management and other information analytics initiatives.
As organizational boundaries continue to erode under the pressure of federation and outsourcing, and as enterprise control over IT continues to weaken through increased adoption of mobile devices and cloud services, identity will become more important than ever — and more problematic. On the one hand, identity is the main point of control that organizations still have over information in a world where users own the clients, and outsourcers own the servers. On the other hand, establishing identity in such a diverse and heterogeneous environment is more and more difficult, and the identity information is becoming increasingly problematic as a source of privacy breaches. New technologies, services and architectures are emerging in response to these pressures, but plenty of work still must be done before the industry produces a comprehensive and dependable identity architecture for the modern world.
IT as a department is shrinking. IT as a knowledge set that is important to most enterprises is increasing in importance and is spreading in an internal and external diaspora. The role of IT is to encourage both these trends, and to be at the center of a strong force of individual empowerment through social software and new forms of communication. Over the long term, the shifting nature of IT will result in management and organizational process changes that catch up to the increasing power of individuals.
IT's dominance of a specific knowledge area (IT) has been eroding, and now that dominance is limited to highly specialized skills and expertise that often get outsourced to third-party suppliers and is easily accessible to the enterprise's business practitioners, as well as IT practitioners. The result is hybrid IT, where solutions are partially conceived, developed and managed in-house, but include external solutions from consultants, partners, suppliers, the cloud or wherever the solution for the business need is: thus, multiplicity. The role of IT, once "Dr. No," has changed to one of enabler, collaborator and orchestrator, particularly in the innovation arena.
IT practitioners have choices: Specialize and work for third-party specialists (or vie for the limited specialist jobs with enterprises), or become more business-focused and broaden their knowledge and skills to become versatilists. This trend is arising not only from changes in interpersonal communication, social software and anytime-anywhere computing, but also due to the complexity and integration of the computing fabric through virtualization in private and public infrastructures. Solving system issues — and creating new system opportunities — require a knowledge set that spans technology domains (network, processor, storage, system software, applications software and user interface design).
One thing is certain: The traditional role of the IT professional in an enterprise is changing and becoming multifaceted. A hybrid IT model requires internal and external IT professionals to support the business capabilities of the enterprise.
Hybrid IT is the new IT, and it is here to stay. While the cloud market matures, IT organizations must adopt a hybrid IT strategy that not only builds internal clouds to house critical IT services and compete with public CSPs, but also utilizes the external cloud to house noncritical IT services and data, augments internal capacity and increases IT agility. Hybrid IT creates symmetry between internal and external IT services that will force an IT and business paradigm shift for years to come.
Some documents may not be available as part of your current Gartner subscription.