All White Papers

White Paper

Hybrid Cloud: The Case for an App-Centric Strategy

Updated August 03, 2015

Introduction

Your CIO sees the cloud as a key business enabler. The promises of agility and operational efficiency truly have the potential to transform business. However, as your organization deploys or migrates applications to the cloud, you might think you need to sacrifice control to reap the cloud’s benefits.

An app-centric strategy allows you to maintain control over your cloud applications—providing the same availability, performance, and security services across your hybrid environment. You’ll have the confidence of knowing that the policies governing your applications in the data center will extend to the cloud. With the app-centric approach, you can protect your applications while maintaining the agility and efficiency that the cloud provides.

The Data Center Evolution

Organizations are increasingly deploying and migrating applications to public and private clouds. According to the recent Right Scale 2015 State of the Cloud Report, 82 percent of enterprises have a hybrid cloud strategy, up from 74 percent in 2014.1 Many of these enterprises are looking to the cloud primarily to drive agility and cost savings. However, they must avoid trading off control in order to gain these benefits.

For organizations building a private cloud, transitional challenges will arise depending on the cloud platform architecture or infrastructure chosen. And if the organization is implementing software-defined technologies such as SDN, the issue of interoperability and integration of services must be addressed.

Meanwhile, the global mobile workforce continues to grow. As a result, traditional data center perimeters are dissolving, as users access applications from a multitude of environments (including on-premises, private and public clouds, and SaaS apps) on a variety of corporate and personal devices.

Figure 1: Application delivery is rapidly becoming decentralized.
Figure 1: Application delivery is rapidly becoming decentralized.

Rise in Security Risks

The transition to the cloud has increased security risks for organizations. Cloud providers offer a services-centric model to deliver the infrastructure building blocks that they are responsible for—including storage, network, and database, along with a set of disparate tools to support deployments. The availability and security service level agreements (SLAs) offered by cloud providers are restricted to the infrastructure and individual services; not the applications. Plus, most cloud IaaS providers have a shared responsibility model, where they only handle the security of the infrastructure up to the hypervisor layer. Securing the OS and applications is the responsibility of the customer.

As a result, corporate security practices play an even more important role as the basic security services offered by cloud providers may be insufficient. Cloud providers do not protect applications against all threats. By relying on a cloud vendor to protect your applications, you risk downtime and expose your organization to security vulnerabilities. In addition, using the cloud provider’s services for cloud apps and another set for on-premises apps can lead to inconsistent policies, which further adds to management overhead and risks.

Need for Greater Agility

The move to the cloud has also created a need for greater agility to boost efficiency, drive innovation, and improve productivity with DevOps. As cloud application deployments have grown, DevOps adoption in enterprises has increased as well—reaching 71 percent in 2015.2 DevOps adoption has also expanded the set of available tools, with IT Ops and application development teams leveraging automated configuration management tools such as Chef, Puppet, Salt, and Ansible. DevOps is now prompting the need for orchestration and management of the full application stack, including network and security services. Application delivery solutions therefore must be optimized for cloud-based workloads. These solutions should include a rich set of programmability tools to streamline orchestration and automation, and customize traffic flows for each application.

To realize the promise of the cloud and achieve business agility, organizations must optimize deployments by taking advantage of flexible software and licensing options. Virtualized or software-based application delivery controllers enable application services to be deployed wherever applications reside.

On-demand cloud licensing options include utility billing, bring your own license (BYOL), and volume licensing subscriptions to meet fluctuating demands, speed deployment, and minimize cost. Utility billing offers hourly, daily, or monthly cloud provider options—ideal for dev and test, temporary workloads, and DR needs. BYOL provides the freedom to move a license from public or private cloud environments, which brings a greater level of flexibility and agility. And volume licensing subscriptions reduce costs significantly when moving a large number of applications to private and public clouds.

The App-centric Strategy

An app-centric strategy provides the critical services to make your apps available, protect them, and deliver them seamlessly across your hybrid environment. You’ll mitigate risks by meeting security requirements both on-premises and in the cloud. According to the Cloud Security Spotlight Report, 50 percent of survey respondents identified the ability to set and enforce consistent cloud security policies as the most popular method to close the cloud security gap.3

Figure 2: Provide the critical performance, security and availability services your apps need no matter where they live.
Figure 1: Provide the critical performance, security and availability services your apps need no matter where they live.

Hybrid Cloud Confidence

Your cloud strategy should be an extension of your data center strategy: app-centric. Driving an app-centric strategy enables you to confidently provide the critical delivery services for your applications regardless of where they are deployed or what cloud platform is used. Interoperability between legacy environments and software-defined architectures is seamless and transparent. It removes the complexities of managing disparate multi-cloud environments and allows you to focus on providing the application availability and performance your users expect.

Security Anywhere

An app-centric cloud strategy strengthens your security posture by meeting various security requirements across hybrid environments. You can build a comprehensive application security strategy by focusing on the risks and threats to your applications. By leveraging deep application intelligence and visibility, you can ensure secure user access to your apps and protect them from today’s sophisticated attacks.

Business Agility

Your CIO is looking to the cloud to gain agility and transform the business. In order to meet these goals, it is critical to choose an application delivery solution provider that offers cloud-optimized solutions, flexible licensing options, and built-in support. Your solutions must provide a rich set of programmability tools that leverage your organization’s DevOps skills. You should also work with a vendor that has an active community ecosystem of peers and partners for information sharing and to leverage solution expertise.

Conclusion

As more organizations move their apps to the cloud, the critical services that reduce security risks, increase performance, and minimize complexities must move with them. Whether you’re planning to architect a private cloud, deploy or re-architect your apps, or migrate to SaaS, an app-centric strategy will help you achieve these goals.

1 RightScale 2015 State of the Cloud Report, RightScale, February 2015 -
http://www.rightscale.com/press-releases/rightscale-releases-2015-state-of-the-cloud-report

2 RightScale 2015 State of the Cloud Report, RightScale, February 2015 -
http://www.rightscale.com/press-releases/rightscale-releases-2015-state-of-the-cloud-report

3 Cloud Security Spotlight Report, Information Security LinkedIn Group, 2015 -
http://media.scmagazine.com/documents/114/cloud-security-spotlight-repor_28381.pdf