Hybrid is a growing trend among highly regulated industries, such as financial services, healthcare, and government, and for good reason – it allows these industries to get the best of all worlds while maintained strict compliance. It’s not a plug-and-play solution though and requires strategic planning to get it right. Like any generalization there are many details I can’t begin to address here and this serves only as my rudimentary view of how companies are planning to use or are using hybrid.
As we look at hybrid the thing that almost always gets lost in the initial analysis is that there is a push and pull between forces internal to a company. Regardless of the rhetoric the reality for any company is that a hybrid solution must create a value for the company. This means either saving money, making money, easing a process, or making them more competitive. Why I say the push and pull is lost is often the cool factor of the technology becomes a major driver for the technical team and the final presentation is rejected or questioned hard by senior management and financial buyers trying to understand the actual value. As we begin this analysis we must remember that like any choice in a business the path to hybridization must meet with a company’s goals or it is doomed to fail?
Keeping that in mind let’s look at what are most commonly cited as the reasons why companies are moving towards hybrid. We can then explore what strategy makes the most sense:
- We are well past due on our equipment refresh date. We need to do something before our hardware fails us and we risk falling out of compliance.
- We are a relatively small business and and want to be more competitive. We need enterprise software but I can’t afford a full-blown solution.
- We are growing quickly and are not sure where we are going to land so we are hesitant to make heavy investment in hardware until we have a clear direction, but we need something now.
There are of course many more reasons why companies can and do make a move towards a hybrid environment, but we’ll focus on these specific points and extrapolate from there.
In today’s blog I will be specifically discussing regulated industries. We always must begin by understanding where the pain points are for these industries. The collapse of the economy in 2008 as well as the move towards online access for medical records, and an Obama administration push for a cloud strategy has forced many, many companies that service these areas to adhere to much tighter regulations. These regulations include PCI, HIPAA and FISMA/FedRAMP compliance. While the financial services, healthcare, and government markets have similarities in terms of increased security requirements, each has its own unique intricacies and requires very pricey and ongoing audit processes.
This increase in regulation creates an intrinsic caution for any company servicing these areas, making them even more risk averse then they would be under even normal circumstances. Because of this, there is a lower than the mean adoption of hybrid. The reasons are clear. Hybrid is very diverse and until recently specialization in specific regulatory areas was limited and in many cases continues to be. This has led to companies continuing to operate from very old equipment and assuming a lot of the cost on their own as public cloud infrastructure remains to be not a viable option. Security and compliance is paramount for highly regulated industries and there is always a tendency to trust yourself over others in protecting your data. Whether this assumption is right or wrong we will discuss in future blogs but the net result is that this has been a slow move comparatively to the rest of the market.
As a result of this slow move into the cloud, regulated industries with aging infrastructure are seeing a dramatic uptick in maintenance costs, potential security risks from vulnerabilities on unsupported software, and risk potential for falling out of compliance. The strategy for these industries has now shifted to become much more aggressively in favor of a hybrid approach. A hybrid strategy begins with the need to find providers for the proprietary and custom software packages, which can prove troublesome.
Many of the available providers require very specific configurations or they have their own “cloud” product which can be purchased. While that seems like an appealing option it often comes with the sacrifice of software customizations the end-user has made and/or paid for to be unique to their industry. This almost kills the move to a hybrid approach and forces companies to effectively split the baby by leaving their proprietary software in their environment while moving other parts of their infrastructure to the cloud.
Interoperability and latency challenges inherent to poorly connected cloud environments can affect the way people work or systems operate. It also may create additional costs if external agents must have to access multiple locations. This last point can become much more difficult as companies deal with having to deliver secure service across larger and larger geographical areas, especially as telework becomes a major component of the modern work force.
The challenges of supporting multiple locations are further compounded by the need for security consistent with the requirements of each industry’s regulations. These are designed to protect the consumer, and as a veteran of many audits I can tell you they are taken very seriously. I have seen audits where in the notes recommendations are made for the sweeping of roofs due to an uncomfortable amount of debris and several loose screws. While this is reassuring to me as a consumer, it does make finding the right partners for a hybrid environment daunting.
Developing Your Hybrid Strategy
What is a company to do? Staying in place is not an option. Like all things the point of diminishing returns becomes a very steep slide for companies and they can go from being risk averse to outdated quickly. Conversely moving too quickly can mean missing the mark and being subject to penalties for lack of compliance as well as poor performance or client attrition. These are all clearly unacceptable.
Hiring a Consultant…or Two
The bottom line is that regulatory industries require a very steady approach to making the right decisions and it starts with the right strategy. This requires a very competent and non-biased consultant with a good reputation in your industry. I also highly recommend getting as many as two consultants to help shape your strategy, but not more than that as you can start to get disagreement and cost overruns which are also not helpful. Consultants should help to lead you through an audit of your systems, business needs, and regulatory obligations. This exercise will inform what applications and data is stored where and with what availability. In an IT market where regulatory and cloud knowledge is lacking and when your own internal resourced may be biased against change, outside perspective here is a must.
A word of additional caution: Often there can be disagreement about the avenues that even consultants recommend. When examining the solutions recommended by any and all consultants, be sure to require very specific use cases for other organizations that closely resemble yours. Remember you should not be the guinea pig. If you are doing something extremely unique you need some consensus before proceeding. GO INTO ANY ENGAGEMENT WITH CLEAR BUSINESS GOALS AS DEFINED BY YOUR TEAM! This will force any stakeholders or contractors to provide solutions in line with what you need. Not what they like. If you choose your contractor and consultant well you may get both.
Prepare for Internal Struggle
In working with clients, I also always warn of internal land disputes with interested parties protecting their fiefdoms. This can be counter to the eventual goal and cause paralysis or infighting. The best way to avoid these conflicts is to make them a major part of the decision but ultimately making it clear that a new direction is forthcoming. This may lead to attrition of your technical staff, but going back to an earlier point, if you become less competitive and are unable to service your clients, your attrition will near 100%, which is much worse.
Keep Bias at Bay
I also never recommend hiring a consultant you plan to hire permanently. This muddies the water. Even if this is your strategy, play it cool. You need to make sure they are kept unbiased and make recommendations that help you and not feather their nest for the future. If someone is freed from the risk of failure they are free to make recommendations that will benefit you. Often people think the opposite is true but that is how you end up with people making the easier decisions to ensure their employment is secured. This is not what the exercise is about. This is about getting the best recommendations on paper for a company to make decisions with all the info. Take bias out.
In developing a hybrid strategy for a highly-regulated business, you must consider what is unique not only about your industry, but also your organization before proceeding. Leveraging an outside consultant to help identify your pain points, your strengths, and weaknesses, will help to ensure that performance and compliance are not impacted. If you have questions about hybrid cloud or just need a kick start, sign up for our hybrid assessment to speak to one of our experts about how best to develop your business’s strategy.