Real public cloud is at its nature not compliance friendly. This isn’t to say that it can’t get there, but for the security requirements that compliance protocols demand, it will often not make the grade.
So where does that leave an organization seeking to access the cheap, fast, and accessible benefits of the public cloud? There are many examples of groups within a company seeking out public cloud resources for a number of purposes – R&D, web development, application testing, etc. – and using the platform to great benefit. However, many of these companies are beholden to major compliance restrictions and the use of the public cloud resources doesn’t necessarily adhere to the compliance parameters.
The public cloud resources being accessed in an unstructured manner (see Shadow IT) will never have 100% of the right security services and configurations in order to support compliant usage. Compare this to internal IT, which is geared towards compliance as part of its mandate, and a real issue comes to light: how can the Line of Business groups within a company access the cloud tools they need in a manner that is consistent with the compliance strictures that govern how the organization runs?
Hybrid cloud is can be a valuable solution to this problem. Whether it’s the NIST compliance definition of cloud computing, PCI compliant hosting, HIPAA rules, FISMA standards, or SSAE-16 compliant hosting, using hybrid clouds can deliver the best of both worlds to an organization.
Hybrid cloud has many definitions: a combination of public and dedicated resources, or syncing an internal data center with burstable public resources to assist with scalability and redundancy requirements, or even bare metal combined with virtualized resources through an orchestration layer.
For the parts of a company’s data and infrastructure that needs to remain compliant, there are many options available: you could choose an Oracle rack that provides a high degree of performance and reportability for your data while supporting application requirements on a VMware backed cloud platform, for instance.
In this example, you know that the data that needs to be secure is and is not in the cloud. Meanwhile you have cloud resources for the parts of your application that don’t need to be or aren’t compliant, allowing for spill over when demand is high as well as a place for different groups to easily spin up resources for development purposes.
Hybrid cloud computing is a smart path to ensuring that the benefits of cloud are accessible while compliance is maintained.
Thoughts? Agree/disagree? Let us know on Twitter @CloudGathering.
By Jake Gardner