The tripwire on the way to your Hybrid Cloud

Organisations that have successfully implemented standalone enterprise cloud software systems soon come up against some of the realities of integration these standalone systems to their other enterprise systems, cloud or otherwise. It soon becomes apparent that the challenges of managing the increasingly complex ecosystem are not trivial. Cloud, being one of the recent emerging technology entrants in the race to the future,  requires careful consideration in enterprise implementations.

Gartner in it’s 2012 predictions, states: “Cloud consumers should budget for additional integration costs which can range from 10% to 30% — and sometimes as high as 50%  — of the total cost of cloud IT projects.“. The message is clear:  Know your cloud strategy, roadmap and future cost exposures.

The promise of simplification in the cloud

The paradox in implementing cloud is that on the one hand, it simplifies enterprise IT by masking all the underlying complexity from the users, whilst on the other hand, once integration with other systems, cloud or otherwise, is added into the mix, has the potential to turn simplicity to complexity.

The hybrid cloud ecosystem soon becomes a complex set of moving parts which require meticulous design, implementation and operation, all of which are typically abstracted away from the users – leading to the impression of simplification.

Essentially, managing this mix of technologies, platforms and solutions becomes harder, not easier.  Whilst individual Cloud instances may be built on a scalable, robust and resilient security model, the hybrid cloud environment may be less than robust due to its complexity.  That’s the paradox.

The shift from IT technical risk to systemic risk

Conventional IT risk assessment methodologies are often built on the inventorying of individual risks, based on the logic of risk = (Impact x Probability of that event occurring) + some sort of risk adjustment. Often categorised into functional areas, or other groupings that are relevant to the organisation, this process is often at the heart of conventional risk certification frameworks such as ISO 27001. Does this conventional approach to an emerging technology such as Cloud need refinement?

Most importantly, focusing on the diverse range of individual risks does not necessarily account for the interaction between risks, and it is these interactions that often manifest themselves as systemic risks.   Systemic risks are typically the greatest threat to organisations, and the hardest to identify

If you are heading towards a hybrid cloud (and most organisations will), the systemic risks of the overall cloud ecosystem needs careful consideration, and not glossed over.

It’s something that most IT consulting forms will not be well placed to assist you with… unless, of course they understand your business and organisation better than you do.