HIPAA Compliant hybrid cloud is one of the most flexible solutions for Healthcare organizations looking to move to the cloud. But in order to ensure successful implementation, there are some key things to consider, including security and risks, SLAs and costs.
Organizations looking at moving to the cloud initially faced the choice of a public or private cloud. Moving to a public cloud brought up several concerns that ranged from regulatory and compliance issues to business availability questions. Several initial outages from public cloud providers such as Microsoft Azure or Google did little to reassure companies about the cloud. While the outages have lessened, customers also started to adjust how they moved to the cloud. Netflix, for example, created a Chaos Monkey program designed to simulate and adjust for failures within the AWS cloud. Out-of-the-box thinking with programs such as this have helped customers move to the cloud with guarded optimism. However, the public cloud has not seen the overall consumption that was predicted. Continual issues, such as Amazon’s partial reboot of AWS to address a XEN security bug, have dampened some of the cloud excitement. This has also reinforced the reality that while the public cloud has a lot of benefits, it also means a loss of control for your data and services, and this scares folks.
The counter to the concerns with the public cloud was the internal private cloud. Bringing the cloud benefits in-house is an ideal way to address regulatory and compliance concerns, because now the data was under your control. However, the issue with doing this was the cloud benefits themselves. While you can bring self-service and metered resources in-house, very few organizations can provide the elasticity needed. This is due simply to the capital costs of large amounts of hardware needed to be able to scale up and down on demand. The alternative to an internal private cloud was the external private cloud. An externally hosted private solution that addresses many of the internal concerns about elasticity of that provider does sound like an ideal solution. However, Cloud as a Service (CaaS) that is private may not actually be private unless it contains full hardware separation (compute, networking, storage). Very few providers, if any, can do this, so it becomes a software separation that is still at its root a multi-tenant environment.
MORE: TOP 5 Private Cloud Considerations
Answers at two opposite ends opened up a middle ground solution that the industry had been looking for: the hybrid cloud. Unlike the fixed nature of the private or public cloud, the hybrid cloud comes with flexibility that can support an organization’s needs without requiring the business to fit into a predefined category. The hybrid cloud comes at a time when IT budgets are under fire and IT talent is in short supply. The hybrid cloud is not a total business solution; it is a business enabler. It can help an organization move at the speed of business without requiring as much capital as a new business or giving up data control.
Let’s take a look at a few key categories to consider when moving to the hybrid cloud model.
1. Security And Risk
The elastic resources of an (internal or external) private cloud allow for an organization to quickly try a new application or concept without spending or waiting for (on-premises) resources to come online. While the private cloud and its infrastructure have the security benefits, it is often not an elastic resource. However, with a hybrid-cloud approach, the additional elasticity can be used from the external cloud provider. Wiht a hybrid cloud scenario the sensitive applications and data can be hosted internally, while nonconfidential components and information can be hosted externally. The ability to dictate where the data resides is a critical benefit to the hybrid-cloud for organizations that have to address security or compliance.
2. Vendor Selection
While many hybrid-cloud providers can support multiple hypervisors and workloads, that doesn’t mean you will always get the additional features offered for each platform or the best performance when you’re crossing vendor lines. Utilizing Microsoft Hyper-V and extending it to the Cisco hybrid-cloud over Microsoft’s own Azure is supported; however, crossing between vendors can create additional support challenges. IT personnel may find themselves in the vendor blame game; the only difference now is that part of the technical problem is no longer on site, and the support issue can be a lot more extensive.
Does this mean if you’re a Hyper-V shop you should automatically go with Azure? Sticking to a single vendor is not a foolproof answer, but in this case, sticking with Microsoft should be one of your top three options. Besides the support concerns, there are ease of deployment and possible licensing cost incentives that can also influence the decision to stay within a single vendor ecosystem.
The vendor question will not be as much as an issue with hybrid-cloud vendors that are more cloud-vendor neutral. This includes Rackspace, which does not have a hypervisor of its own. These hypervisor-agnostic vendors are also ideal for organizations with multi-hypervisor environments.
3. Service Level Agreements (SLAs)
A common trend today is many of the top data center vendors getting into the hybrid cloud business. Well-established companies such as HP, Cisco and IBM are now offering hybrid cloud services. These hybrid clouds can help extend many of the tools or infrastructure the vendors offer to combine a partial onsite installation with some of the backend of the tools and services running in the third-party clouds. This can enable customers to use additional features that would otherwise be unavailable, unless they have a much larger onsite installation.
While many of these cloud offerings are built on established technologies, uninterrupted performance or reliability cannot be guaranteed. Many users of Microsoft’s Azure cloud service found this out in 2014 with an outage that lasted several hours, leaving some organizations with few options. Though other hybrid-cloud providers could run into the same problem, you do have to be aware that the concept of the hybrid cloud is still new for many of these vendors. They may not be as invested in the technology as others who solely focus on hybrid cloud services or their solutions might not be as mature as other options.
With so many new vendors coming to the hybrid cloud market, reviewing and understanding the SLAs (service level agreements) is critical. An SLA is not simply about what level of uptime is guaranteed; it also has to reference penalties for systems being offline. For both established and new hybrid cloud providers, this can be a touchy subject; however, it is a critical one because SLAs are not always clear.
While you may have an SLA for your hybrid cloud, it might not cover all of the cloud components. What does this mean? If your 99.99 percent (up to 52 minutes of outage) hybrid cloud goes offline due to a network issue, that outage is counted against the network availability. On the other hand, if your compute goes offline, that outage is not cumulative with the network outage; they are in separate counters. The same goes for storage or WAN. This means you could have separate outages, each lasting up to 51 minutes, and as long as one category does not go over 52 minutes, you still have a 99.99 percent uptime rating.
The second piece to this is the penalty aspect. The loss to your business during an outage can be devastating, and yet in most cases a cloud provider will offer you discounts on your hosting fees using a monetary penalty. While it is doubtful you can negotiate with your provider to cover your losses during an outage, you do have the ability to shop around and at least ask about modifying the penalty clause.
An additional point to keep in mind is how flexible the cloud provider is if you want to move a workload from that vendor’s hybrid cloud to a different cloud provider. While many of the larger cloud providers may not shutter their doors and go out of business, it is possible their cloud division might get spun off or sold. Ensuring your hybrid cloud provider has some type of migration or exit strategy is a preventative move that hopefully you’ll never need. But it’s worth asking about a migration path; it may even help to keep pricing conversations a bit more honest.
4. Hybrid Cloud Costs
All cloud technologies come with a cost. Often the private cloud is a capital investment, while a public cloud is a continuous operational cost. The hybrid cloud has a bit of a different cost structure. The pricing model won’t necessarily be zero when it’s not actively in use. You still have to pay for the connection and the ability to move workloads. When you do need that additional resource, it will most likely cost more than what it would in the public cloud. However, on the flip side, when it’s not in use, the cost is lower than with the public cloud. This lower and higher cost flip-flop will not necessarily result in savings; it’s more likely to be closer to cost neutral when compared to the public cloud. The real benefit is a soft cost in reduced turnaround time and increased flexibility while still keeping the desired security.
For today’s business, being able to react to a new market or need is critical. The elastic nature of cloud computing enables that ability in record time. For the hybrid cloud user, the option to balance security and deploy large numbers of compute resources can make the difference in getting a product to market faster. Leveraging your internal resources with what the hybrid cloud gives you makes for a perfect balance of flexibility and elasticity.
The hybrid cloud doesn’t require the commitment of the private or public cloud in terms of capital, operational or administrative costs. Compatibility with your existing infrastructure is just one of many things when considering a cloud solution. And if you are going to cross vendor lines, ensure you have support clearly defined so you do not run into issues when systems are down and timing is critical. The hybrid cloud can be the right solution for many organizations as long as it’s implemented and used properly.