Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.
Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.
Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm a lead advisor and senior analyst with KuppingerCole Analysts. My guest today again is Mike Small and we continue our series of episodes around hybrid IT, the challenges of hybridity, the future of hybridity and how to do hybrid IT properly. And for the first two episodes of this series, we looked into what hybrid IT is and what it encompasses and what the challenges are that come with using hybrid it, which I guess almost any organization is doing today.
So today we want to get rid of some of the complexity by replacing it with a proper approach towards maintaining, managing, and governing hybrid IT. So, uh, Mike, as you laid out all the challenges that we have been looking at, how can an organization properly, um, get to a, a way of, of governing and running these hybrid it systems for their own business needs and for their own benefit. Okay.
Uh, thank you Matthias and thank you for inviting me to give these webcasts. So to kind of recap, we talked in the earlier chapters about how organizations are now, depending upon, uh, it services that are delivered in multiple ways. Some of them are in the cloud. Some of them are on premises. Some of them are at the edge in branch offices and so forth.
And, uh, we have even more added complexities coming from the modern way in which applications are developed using containers. And the, the problems that this brings are to do with the fact that each of these systems has its own way of being managed its own tools and so forth. And so what you need to do as an organization that is trying to, uh, get business value out of this is to find a common way of dealing with this.
And that commonality comes out a layer above management, that law is called governance because, um, you can, you have to ensure that you do what your responsibility is correctly, but you have Asher what the service providers say they are providing to you meet what their claims are. So you have this challenge of balancing how you insure versus how you are sure. Servicing.
And, uh, th the majority of it professionals have been trained in how to ensure, but not in how to assure things. So assuring things means you have to have a set of clear objectives and a way of monitoring whether or not a service is delivering on those objectives. And that means that you need to have a structured approach, which is above and transcends how the services are delivered. So what matters to a particular service may vary with that service?
It may be that what is really of concern is in fact, related to compliance, or it may be to do with, um, uh, some something to do with responsiveness or, um, th the, uh, all kinds of other technical issues. And you have to define those, those requirements in a way that can be measured.
Uh, and there is the knob, and ideally those things should be measured, uh, in a continuous fashion. So if we look at, um, what this, uh, th this really comes down to, it's interesting, again, um, that, uh, th th th many organizations get totally confused that they demand of third parties, what they don't demand internally.
Uh, so for example, you, you, you, you know, if, if you have a system that was being delivered on premises and you needed it to be certified to a particular security standard, then surely that's what you ought to have for what is delivered externally and vice versa. So what helps you with this is, first of all, you have to have a way of setting out the objectives and that many people find difficult. What are the business objectives of this? What really matters, how available has it got to be? And when you've got that far, you then have to decompose that into what does it depend upon.
And many CIS have, uh, a view that they know that that is something which the business depends upon. There is an application or a service that the business depends upon, but when you say to them, can you decompose that to show that the service level agreements from all of the components, uh, add up in a way which confirms that they may say, well, I'm not really sure. And so this is not to be underestimated, but that's, what's actually needed.
So if you have a service that has to be delivered with 99.9, 9% availability, and where you depend upon not losing, uh, for example, longer than five minutes in any, in any hour, which is a, you know, you know, many e-commerce sites, if you can't buy it from the place that you went to to start with, you will actually go to some other, some other vendor now. So, so this is a complicated structure that you have to get control over, and you have to know what the objectives are and how you're going to measure them.
So it's easy when it is on premises, because you can say, I've got to have a meter for this, but when you getting a cloud service, that's delivered from multiple sources, you have to understand what the claims that are being made by the different vendors of those services are how well you can measure them, how frequently you can measure them. And by the way, don't forget the network because many cloud service providers will actually say, well, yeah, we will guarantee availability at our edge.
Um, well, that's not actually very helpful to you if what you need is at your end. So you've got a network in between, and does that network satisfy, uh, the overall requirements that you need? And since these systems are now in this hybrid world, intercommunicating then all that into communication has got to work together. So the actual mapping of the requirements is complex. The metering of the requirements. You need to have a way of saying for whatever it is that you really need, you have to have a way of measuring it and a way of measuring it, which is sufficiently clear.
Now I've talked about the functional requirements and although the functional requirements are important, they are not sufficient. There are all these functional requirements, which are, for example, related to security. So how do you define whether a service is secure?
You know, what does that mean to you? And what standard are you going to judge it against? And this is where, uh, most of the providers will not allow you to look at that service yourself in detail. They can't afford to have all of that thousands of customers crawling over their service, trying to perform an audit on it. So here's where standards become absolutely critical.
So standards that throughout history have been the thing that has made, um, the distribution of how you deliver a service, more effective and cheaper, you know, back from the 19th century when defining, um, a screw thread allowed, uh, governments to build battleships much cheaper in the 21st century standards are allowing people to deliver, uh, it services more effectively and more distributed. And so the standards like, um, HTTPS and TCP IP and so forth have revolutionized the way in which the systems are delivered. And those same kinds of standards apply to, uh, to the non-functional things.
And in particular, the standards that you can get certification and attestation to, like, for example, the ISO 27,000 series, the payment card industry, data security standard, and the service organization controls defined by, um, the American, uh, certified public accountants, uh, um, uh, societies, uh, such as assets, uh, a, uh, 16 and 18.
So requiring that, those things that you don't deliver yourself and indeed ending date, also those things that you do deliver yourself have independent certification and the capability of independent measurement of the things that matter, both the functional and the non-functional things are important. Now, in terms of your management of the service, again, standards are the critical thing.
And, um, uh, back in, in the 1990s, when people moved from mainframes to distributed systems, there was an enormous market in, in cross platform management systems. Like for example, those that can remember union center and Tivoli. And we don't really see at the moment the same kind of thing happening in, in the, uh, hybrid world. Although there are some developments, for example, there are some common environments such as VMware, and if you like VMware and you exploit VMware everywhere, then whether it's in the cloud or not in the cloud, then you can manage it in a consistent way.
From the open source community. You have open stack, which is, uh, very popular with open source community. And it gives you a way of delivering services wherever on premises and in the cloud. And some cloud providers will support that kind of thing.
Then when you look at containers systems like Kubernetes, and more recently, unforced are systems that are attempting to solve that at that level, but there isn't anything that really sort of, uh, gives this complete cross platform management, uh, that is, uh, vendor and service neutral, or even the cloud service providers are trying to move into that space. Uh, but none of them have, have yet succeeded.
So, uh, in, in my advice very simply is make sure you understand the objectives, make sure those cover both functional and non-functional and, uh, make the most of independent certification and make sure you have measurement involved in them. If you are already a user of one of the various, uh, frameworks and environments that I've described, then using that and standardizing on that is going to make things, uh, much easier from a point of view of overall management. So with that, uh, I've covered the, uh, management and governance of your hybrid it world. Perfect. Thank you very much, Mike.
I know that you do lots of research in that area and that you have published quite, uh, some, some substantial documents covering the individual aspects that you've talked about right now. So from security cloud security hybrid security towards the proper governance, um, are there any recommendations if some of our audience are interested in reading even more on top of the rich information that you provided in this episode, what, which documents should they look at when they move over to KuppingerCole dot com?
What would be the research that you provide that you could recommend as a first primer or first reading? Yes.
Well, so th th as, as you say, there's an awful lot of, uh, documents and, and sort of build upon each other, uh, starting off with, uh, remember we, as KuppingerCole tend to focus on the non-functional aspects, for example, security. So understanding cloud security is the kind of foundation. Then on top of that, there is a document talking about, uh, how you can, uh, organize and manage and govern, uh, security in your hybrid world.
Um, then clearly there, there are, um, uh, leadership and market campuses on various areas of this. And only recently we published a market compass on infrastructure as a service. And indeed my colleagues KuppingerCole have been publishing market conferences on many aspects of services that have been, are being delivered through the cloud.
And there is another recent document which focuses on, uh, one of the often forgotten things, which is the responsibilities that you have when you are using a cloud service, which is how you are going to implement the controls, the tow, your responsibility to do with the cloud. So there's half a dozen things that you should think about. Perfect, thank you very much.
And I think these are good starting points, as you've mentioned, building upon each other, but to get the full picture of how to manage and govern a hybrid it environment, uh, properly, uh, and there is documentation available from keeping a core. So, again, for today, um, this is the second blast episode of the series talking about hybrid it as at least as it's planned as of now.
Um, thank you very much, Mike, again for me, for being my guest today and for sharing your deep insights into that topic. Okay. Thank you. Thank you for inviting me. Thank you very much. Bye-bye