Hybrid clouds over Hong Kong

Hybrid cloud adoption has become the norm in Hong Kong (Image MF3d/iStockPhoto)

Cloud computing has evolved from a novelty not so long ago to the premier enterprise technology used today. It has made enterprise best practices—like offsite backup—more scalable and far simpler.

But as it’s evolved, cloud has become more complicated. The concepts of public cloud and private cloud are clear, but implementation is another matter. And nowadays we have additional cloud-concepts, including hybrid cloud.

“Hybrid cloud is a unified IT infrastructure with integration between public and private clouds or even multiple public clouds,” says Tom Chan, managing director, Commercial Group, HKT. “Digital transformation is the trend for achieving greater agility to ever-changing business requirements, while cloud lays the foundation for digital transformation. Our local research shows that 58% of HK enterprises are beginning to transform digitally—55% of them are working with more than two cloud services providers.”

“Hybrid cloud adoption has become a norm for global markets, including Hong Kong,” says Charlie Dai, principal analyst, Forrester.  

Charlie Dai of Forrester

“Enterprise customers in Hong Kong use diverse combinations of cloud offerings across public and private cloud scenarios, to achieve business agility, improve disaster recovery and avoid vendor lock-in.”“

There are two big trends for hybrid cloud adoption in Hong Kong,” says Dai, “1) increasingly managing cloud-native environments, [and] 2) moving up the stack to manage platform and development services like AI, IoT and big data.”

“Cloud is the foundation for digital business, and hybrid cloud models are increasingly being adopted by organizations,” says Sid Nag, senior director, Gartner. “The ‘managed service provider (MSP) gold rush’ is unstoppable, and this opportunity will peak by 2020.”

“By 2020, 75% of organizations will have deployed a multi-cloud or hybrid cloud model,” says the Gartner director. “This will require add-on capabilities around aggregation, integration, customization and governance to manage these disparate cloud assets and properties [which] presents a follow-on opportunity for providers.”

“One of the trends increasingly emerging among organizations is that of multi-cloud adoption,” says Nag. “Most customers we at Gartner talk to want best-in-class cloud componentry for their workloads. They go to one provider for IaaS, another for database-as-a-service, a third for cloud native, and so forth.”

Hybrid cloud benefits

What advantages might Hong Kong enterprises expect from hybrid cloud adoption? HKT’s Chan has some answers.

“Hybrid cloud is a progressive way for enterprise adoption to cloud,” he says. “It is more feasible to kickstart [progress] by migrating part of their enterprises’ workload to public clouds.”

“Hybrid cloud will enable enterprises to enjoy the latest technologies from public cloud services with fast time-to-market and simplified IT management,” says Chan, “without sacrificing existing company security policies for retaining sensitive data or mission-critical applications in on-premises or private cloud.”

“[Within] Asia-Pacific, we have seen more influence and market footprint of cloud service providers in China, such as Alibaba Cloud and Tencent Cloud,” says Forrester’s Dai. ”We observed more enterprise adoption in banking, financial services and insurance industries given their importance for local businesses in Hong Kong.”

“This multi-cloud environment opens up a brand-new service opportunity around what in the industry is known as cloud service brokerage,” says Gartner’s Nag.

“There is a need to create a seamless and unified consumption layer that embodies aggregation, integration, customization and governance across these multiple cloud assets and properties. If you are a managed service provider, now is the time to level up your game and start to offer brokerage services as you look to expand your revenue opportunities.”

“As a cloud service brokerage provider, you need to help IT maintain the legacy environment and make sure it coexists and interoperates with public cloud providers for certain needs, as well as private clouds for other use applications,” says the Gartner director.

“You have to play the role of a broker and liaise with business leaders, end users, suppliers and providers all at the same time.”

Challenges for hybrid cloud

HKT’s Chan says one of the major challenges for hybrid cloud is migration and management (managed services). “There are various cloud services on the market, and enterprises are [finding it] difficult to have expertise on evaluating each cloud, planning of hybrid-/multi-cloud architecture, and management of multiple vendors,” he says.

As technology continues to increase in complexity, managed services look increasingly attractive. But what about in the hybrid cloud space?

Chan explains: “Enterprises may need to invest both financial and time costs to develop in-house talent or they can reach out to a service partner that can assist them throughout the entire cloud journey, from planning to implementation, to staff enablement and continuous optimization.

Cloud security

When cloud computing was first introduced, enterprise users in Hong Kong and elsewhere expressed concerns about security. This was natural: data stored “in the cloud” was de facto outside the enterprise’s firewall, and this was outside of most users’ experience at that time.

Nowadays, users are more comfortable with data being stored offsite, although well publicized breaches of users’ data have occurred in recent years. Enterprise users still have security concerns when it comes to cloud computing—especially within clouds that have a customer-facing component.

Costly security breaches

A quick look at some of the data breach penalties handed out in 2018 show the financial penalties that can occur when enterprises are compromised. “In 2016, ride-hailing app Uber had 600,000 driver and 57 million user accounts breached,” writes Dan Swinhoe in CSO Magazine. “Instead of reporting the incident the company paid the perpetrator $100,000 to keep the hack under wraps.”

“Those actions, however, cost the company dearly. The company was fined $148 million—the biggest data-breach payout in history—for violation of state data breach notification laws.”

Uber wasn’t the only firm who thought they could sweep things under the rug. According to Swinhoe: “In 2013, Yahoo suffered a massive security breach that affected its entire database, about 3 billion accounts—almost the entire population of the web. The company, however, didn’t disclose this information for three years.”

“In April [2018], the US Securities and Exchange Commission (SEC) fined the company $35 million for failing to disclose the breach. In September, Yahoo’s new owner Altaba admitted that it had settled a class action lawsuit resulting from the breach [for] $50 million.”

“A total bill of $85 million for three billion accounts works out at around $36 per record,” wrote Swinhoe. “Considering that the average cost per record of a data breach is around $148 and IBM has put the cost of multi-million record megabreaches at hundreds of millions of dollars, the company may have gotten off lightly.”

Punitive damages for securitybreaches were certainly not confined to the USA. “Tesco Bank, the retail banking arm of the UK supermarket chain, was hit with a £16.4 million ($21.2 million) fine by the UK’s Financial Conduct Authority (FCA) after just under $3 million was stolen from 9,000 customer accounts in 2016,” wrote Swinhoe.4

In an October 2018 statement, Mark Steward, executive director of enforcement and market oversight at the FCA, said: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks. In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.”

“Enterprises require more sophisticated security measurements,” says Chan. “HKT’s Threat Management System provide proactive and adaptive security, with locally-based professionals at our 7x24 next-generation Security Operations Centre respond immediately to protect customer resources from cyberattacks—with detailed logs for their records, and analysis when needed. Our system integrator experience helps customer plan and implement their extension of company security policies to a cloud environment which can ensure their data are secured [and] fulfill company compliance. This helps speed up their cloud adoption, especially in sensitive industries such as financial institutions, where compliance requirements are strict and timeframes to update for cloud adoption are longer. While these solutions will help Hong Kong enterprises in the security space, another perennial problem is budgeting for tech implementations.”

Sorting it all out

“Apart from technical considerations, customers also face financial challenges when adopting cloud,” says Chan. “With the flexibility of the public cloud pay-as-you-go model, enterprises find it hard to budget their IT expenses as the billing amount keep fluctuating.”

“HKT’s Cloud Pool provides customers [with] the flexibility to subscribe to multiple cloud services with a single budget agreement, reducing the internal process time and providing agility for enterprises to draw [upon] public cloud resources whenever needed.”

“HKT has enabled over 100 staff with professional certificates to assist enterprises enquires on multiple public cloud services, embracing a not only hybrid-, but multi-cloud world,” says Chan. “It is HKT’s vision to accelerate cloud adoption among Hong Kong enterprises, with leverage on our comprehensive experience with system integration—covering applications, infrastructure, and networks, for both on-premises and cloud adoption.”