This is the 47th article in the “Real Words or Buzzwords?” series about how real words become empty words and stifle technology progress.
By Ray Bernard, PSP, CHS-III
The definition of hybrid cloud has evolved, and it’s important to understand the implications for physical security system deployments.
Recently, a physical security system design consultant made this comment to me about security system design, “Well, there are basically two choices for system architecture: client-server or cloud. It’s one or the other.” But in thinking about it, I seem to remember first hearing about hybrid cloud for physical security quite a while back. For a fact I’ve been hearing or reading the term with increasing frequency regarding physical security systems and products. The problem is that hybrid cloud was being used differently by various vendors.
The thing with many terms, including hybrid cloud, is that they are initially defined by vendors, not by end users. The vendor that first coins a term defines it in a way that benefits that vendor and aligns with its products. Then other vendors come along and apply the term to their products, which have similar characteristics but aren’t identical to – and sometimes are only partly similar to –the products the term was originally invented for. This lets them leverage the buzz around the original term – but it also creates significant confusion and misunderstandings for end users and other technology stakeholders for whom the term has effectively become meaningless.
Definition of Hybrid Cloud
So, I searched SecurityInfoWatch.com and found more than 50 articles with key mentions of hybrid cloud, including an article by security industry veteran Steve Surfaro, which he wrote in 2010. Steve is the first security industry person who mentioned hybrid cloud to me, way back then.
In that article Steve defined hybrid cloud: “A hybrid cloud is a combination of a public and private cloud that interoperates. In this model users typically outsource non-business- critical information and processing to the public cloud, while keeping business-critical services and data in their control.”
That’s how hybrid cloud began. A year later, NIST provided this definition in Special Publication 800-145, The NIST Definition of Cloud Computing: “The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).” What’s important to note about that definition is NIST’s statements that private and community clouds “may exist on or off premises.”
Whatis.com defines hybrid cloud this way: “Hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms.” It is the “orchestration” part of this definition that is significant. In a multi-cloud platform, orchestration provides end-to-end automation and coordination of multiple processes. This orchestration aspect has special significance for security industry hybrid-cloud deployments, as we’ll touch on later in this article.
Hybrid Cloud Evolves
In the years following, many organizations found that in addition to linking on-premises cloud systems with off-premises cloud systems, there were benefits to linking on-premises non-cloud systems with off-premises cloud systems. Well, that completely changes the landscape of hybrid-cloud. This evolution led Forrester Research Principal Analyst Dave Bartoletti to provide a new working definition of hybrid cloud: “One or more public clouds connected to something in my data center. That thing could be a private cloud, that thing could just be traditional data center infrastructure.” And, according to physical security industry vendors, hybrid cloud also includes computing infrastructure that resides on-premises but outside the data center. All of these definitions are valid because it’s how cloud technology is actually being used.
What’s So Special About Hybrid Cloud?
Isn’t it simply another form of integration to connect a legacy on-premises system to a cloud service? My opinion is: Yes. And if the data connection aspect is all there is to the deployment, I wouldn’t really call it hybrid cloud. It’s simply cloud integration. That doesn’t change the architecture of the on-premises systems.
Emerging new technology and evolving current-day technology have begun to take advantage of the cloud side of hybrid cloud in ways that are very significant. For example, the decades old client-server on-premises architecture found in most deployed security systems has significant disadvantages – including cybersecurity weak points – that a current-technology hybrid cloud architecture can eliminate.
In a real hybrid cloud system, many aspects of infrastructure management are performed automatically by the cloud side of the deployment. This includes, but definitely is not limited to, automatic feature and security updates for on-premises servers, appliances and devices – including operating system software, application software, and device firmware. This capability means that for the first time, on-premises security systems can maintain their best cybersecurity profile automatically, without special action being required on the part of the end-user customer or the security system service provider.
In the near future we’ll see video analysis platforms that automatically divide the video analysis workload between on-premises components and cloud-system components, based on the size of the workload, the real-time requirements of the data being extracted, and real-time bandwidth capacities. Today, Eagle Eye Networks manages video data transfer to the cloud to maintain specified levels of cloud-connection network bandwidth usage, and monitors camera LAN bandwidth use as well. It also automatically updates the software on the Eagle Eye on-premises appliances.
Note that the cloud-management capability extends across multiple on-premises deployments. Besides providing central management of on-premises systems across multiple sites, the ability to update on-premises system servers, appliances and devices is a significant future-proofing factor.
Please note that there are many excellent hybrid cloud capabilities by vendors that space doesn’t permit mentioning here. Vendors with such capabilities should write to me about them via LinkedIn or here and I’ll publish a follow-up article describing those capabilities.
About the Author:
Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security. Follow Ray on Twitter: @RayBernardRBCS.