Hybrid IT With a Purpose

Hybrid IT organizations need an intentional hybrid strategy.

To get the most ROI out of hybrid IT, your environment needs to be orchestrated like a symphony. The intentional hybrid enterprise aligns technology choices with business goals and has a strategy to get there. This white paper explores the benefits of becoming an intentional hybrid enterprise and the challenges facing organizations running mixed environments without a hybrid IT strategy.

The most innovative organizations in the world today have leveraged technology to transform their businesses. From banking to media to manufacturing, these market leaders view IT as the business, enabling the transformations of their organizations into full-blown technology companies that happen to do banking, media, and manufacturing.

What separates these organizations from others is that their operating environments are intentionally designed. Technology investments are propelling business goals, and processes and procedures are in place to allow technology to reach its full potential in their respective markets.

For hybrid organizations that have owned and operated data centers, colos, PaaS, SaaS, and IaaS, it can be a challenge to manage all the disparate elements. They are not hybrid by design but are "accidental" hybrid environments. To become an intentional hybrid enterprise, organizations need a coherent strategy capable of responding to changing business needs while optimizing IT assets and managing costs.

Shadow IT

Dissatisfied with the performance or responsiveness of the IT organization, application owners and lines of business often take matters into their own hands, procuring the software and services they are not getting from IT. From procuring cloud services to purchasing unapproved software, shadow IT is a key indicator that the business organization and the IT organization are not in sync. With new cost centers cropping up with each shadow addition, it becomes difficult, if not impossible, for IT to be responsible financial stewards for the business.

For some organizations, the shadow IT budget is larger than the IT budget. Adding to the financial ramifications is the security ramifications of shadow IT. In 2016, Gartner predicted that by 2020, one-third of successful security breaches would be on shadow IT resources.¹ While business users often get the blame for shadow IT, IT departments are also guilty of engaging in this behavior, including procuring unapproved apps and cloud services. This also makes disaster recovery more challenging: if you do not have a detailed view of your IT landscape, it is impossible to know how to recover all your systems in the event of a disruption. Combatting shadow IT comes down to business and IT alignment.

App Sprawl

In a 2016 survey by F5 Networks, 23 percent of organizations said they manage between 201 and 500 applications, and 15 percent manage a staggering 501-1,000 applications.² Application sprawl is common in legacy enterprises that manage dozens and sometimes hundreds of applications. Over time, applications outlive their usefulness, but rather than redesign, refactor, or retire them, the applications remain on the infrastructure, using precious resources but serving no strategic purpose. Application sprawl costs time, money, and resources that could be spent on innovation. To resolve application sprawl, enterprises need to take a strategic approach to application workload placement. 

Cloud Sprawl

The popularity of public cloud has led to uncontrolled workloads and the proliferation of public cloud resources, leading to enormous waste and a sprawling attack vector. With its pay-as you-go model, cloud resources have the potential to offer considerable savings when procured in a controlled manner. But when cloud workloads are provisioned, unmonitored, and sometimes abandoned after testing and development, exorbitant costs add up, not to mention the security exposure of abandoned but functioning virtual fingerprints that can be exploited by outside forces. Cloud sprawl manifests, and security risks increase. According to RightScale’s 2017 State of the Cloud Report, the amount of wasted cloud spend is between 30 and 45 percent, making the pay-as-you-go model a financial detriment for organizations with cloud sprawl.³

Server Sprawl

For organizations that have numerous data centers, whether owned and operated or colo-based, server sprawl is commonplace. Rackspace reports that up to 30 percent of servers in the US are comatose, consuming electricity but not delivering computing resources for six months or more.⁴ There are 3.6 million comatose servers in the US alone. Worldwide, more than 10 million comatose servers consume energy equivalent to eight power plants and 3.6 million households. Storage and the associated memory also adds to the cost of server sprawl. Cooling costs and the physical imprint it leaves also inflates costs. While virtualization is seen as a common antidote to server sprawl, virtual servers, which are easy to create, can become just as unmanageable as comatose servers. They proliferate in enterprises in the same way as bare metal servers.

Workload Redundancies

When the business organization and the IT organization are unaligned, workload redundancies erupt. This could be a result of attrition over time, from mergers and acquisitions to workloads not properly maintained, reviewed, or strategically considered. Workload redundancies can cost time and money that could be better spent on value-driven initiatives. For example, both IT and the business use cloud services, and often, both groups will employ their own in-house resources to manage the cloud. These workload redundancies spread when business and IT have different priorities. Operating with their own budgets, each requisitions human resources, regardless of what the other group is doing. This further compounds the misalignment and redundancies. It also utilizes resources even beyond their respective departments.

Security Breaches

Unapproved IT resources lead to security breaches. With no standards and procedures in place to secure them, those unknown resources are left vulnerable. A 2017 report by Accenture and Ponemon revealed that the average enterprise experiences 130 security breaches annually, an increase over 2016. US companies suffered the greatest loss with a total average cost of $21.22 million.

Recovery time has also increased from 2016, with ransomware attacks averaging a 23-day recovery time and malicious insider breaches averaging 50 days. Industries hit the hardest are finance, healthcare, and government that have strict regulatory requirements to ensure data security.⁵ These requirements cannot be met when workloads are surreptitiously moved to the cloud.

This puts the business at risk financially, and also opens it up to a countless number of risks to the overall health of the organization. From reputation damage to customer churn, security breaches can and do destroy companies. Often, news of a breach and the public backlash that ensues causes more damage than the release of the data itself. When cloud sprawl and unapproved deployments are the norm, there is no way for organizations to remain in compliance.

Unreliable Service

Unreliable IT service is a hallmark of organizations managing too much infrastructure without a strategy for keeping the environment in check. Uncontrolled deployments of applications and infrastructure lead to tech sprawl and make services both unreliable and unpredictable, leading directly to shadow IT. Users are not content to wait weeks or even months for critical resources. Often, when IT does deliver those resources, they do not meet the needs of the business. Meanwhile, IT is busy managing an expanding IT landscape comprising hundreds, possibly thousands, of servers and applications, watching over systems, fixing issues, and responding to errors that could lead to outages. The result is that IT is unable to respond to business needs in the way the business expects or needs to remain competitive.

Poor Data Security Controls

The complexity of housing data in different locations and using both public and private cloud adds a level of complexity that can often lead to poor data security controls. Good data security control depends on the type of storage protocol in use, ranging from IP (least secured and most attacked) to fiber channel protocol (one of the most secured protocols related to storage). While cloud providers may provide security tools designed to protect customers, it is up to IT to properly configure cloud environments and back up critical data. In some cases, all data is stored in the cloud, and enterprises rely completely on third-party providers for data protection.

Without a coherent strategy for all data protocols, data is sometimes impacted. In some cases, data is not backed up at all, including site-to-site replication backups. For some organizations, only key critical data is backed up. This exposes the organization to increased risks for security breaches in violation of security regulations and IT industry best practices. If your application data is in the cloud, it does not mean it is safe or backed up.

The Benefits of Being an Intentional Hybrid Enterprise

With an intentional approach to running a hybrid enterprise, businesses are equipped to respond to disruptive market changes and innovate at a faster speed. Additionally, organizations are better positioned to take advantage of the agility cloud has to offer without risking cloud waste, or unnecessary spending on unused cloud resources. The hybrid enterprise gets cloud right.

Here are some of the advantages of being an intentional hybrid enterprise:

Agility: The intentional hybrid enterprise has company-wide processes and procedures in place to deliver products or services to market faster. The agile organization responds to change with business users and IT departments working together. Process precedes technology.

Elasticity: The intentional hybrid enterprise can dynamically respond to market changes on demand. It can provision systems and environments as demand increases and scale back when the environment is no longer needed or the business climate demands a reduction in operational costs. The business leverages technology as a partner in driving revenue and controlling costs. This will overall improve the ROI associated with the implementation of new technologies, products, custom applications, and back-office solutions.

Reliability: If the hybrid environment is intentionally and intelligently designed, it will result in more robust and reliable systems, applications, and infrastructure. The intentional hybrid enterprise relies on a variety of systems and approaches to deliver business value. It is more “fault tolerant,” with redundancies in place to mitigate failure on a single application or component. Systems and applications are more loosely coupled, allowing for more autonomy. Workloads are strategically placed in environments that deliver the highest level of reliability with the lowest potential of risk.

Increased Innovation: For companies to compete, they must constantly innovate. The intentional hybrid enterprise has streamlined processes, procedures, technology, and development environments that incubate and nurture innovation while managing change across the organization so that it is not operationally disruptive. It is an organization where the speed of innovation is culturally indoctrinated and embraced from the top down and the bottom up. Agility enables it to respond to market pressures. Automation eliminates superfluous, manual processes that slow innovation and reduce market penetration and growth.

Risk Tolerant: The intentional hybrid enterprise knows where their apps and data reside and has a strategy for managing, placing, and securing all those assets.  IT governance is in place to ensure compliance without limiting agility and innovation. Security is enforced where it is needed and appropriately scaled back where it is not critical.

Speed to Market: With the hybrid enterprise, IT provisioning happens not in hours or days but in minutes. With a more software-defined data center, IT can shift their focus from maintenance to innovation.