When I hear the term “hybrid,” what often comes to mind is “best of both worlds” or “merging the old with the new.” I credit Toyota with this word association, as its Prius was the first mass-produced hybrid car — dating back over 16 years. Using hybrid technology, the revolutionary Prius solved real problems and delivered on real consumer demands. Since then, marketing teams have latched onto the term, using “hybrid” to describe their solutions while suggesting that they, too, are revolutionary and carving out a path to the future.
In today’s networking environments, many organizations already have what would be considered a hybrid architecture. They may have some of their apps on-premises and some in the cloud, and they may route their traffic locally via Internet breakouts to optimize MPLS spend and deliver a better user experience. These hybrid scenarios make perfect sense and deliver real customer value. But when some legacy vendors, including those in IT security, talk about hybrid, they’re often using the term simply as a way to remain relevant in the new world of IT.
A cloud solution vs. a cloud-washed solution
Mobility and cloud usage have disrupted the traditional castle-and-moat perimeter security architecture and they’re the leading reason why organizations are adopting cloud security. For legacy security vendors, who have been — and still largely are — selling on-premises hardware appliances, this move to the cloud presents a problem. Their bottom lines, and their allegiance to their shareholders, involve selling boxes. Abandoning their traditional approach with its attached revenue streams is not an option.
Instead, in an act of self-preservation, legacy box vendors are taking the same stack of security appliances that resides in your data center, moving it to their own data center, and calling it a cloud. And yet…
It’s neither a viable business model for the vendors nor a solution for their customers. The approach offers none of the benefits of elasticity and scale (or reliability and performance) of a purpose-built, multi-tenant platform. These so-called hybrid (also known as “cloud-washed”) solutions are expensive to buy and maintain and, worse, provide a false sense of security, because they leave pretty serious gaps in protection and policy enforcement. See for yourself: take this quick test to see how well your security appliances are keeping you protected.
Six questions to help you avoid being tricked into buying legacy technology
As you transition to a digital enterprise, here are some questions that will reveal whether or not the vendor you’re talking to is selling you a cloud-washed architecture.
- Can I replace my appliances and use your cloud for 100% of my traffic?
- How many large, cloud-only customers (10,000 users or more) are using your cloud?
- How many requests and security updates does your cloud process in a day?
- Where are your data centers located and can my users connect to any of them?
- Do you have peering relationships in major Internet exchanges?
- Do you back up your claims with a performance guarantee? Including latency?
Know what you’re getting
Hybrid technology in your IT environment can be a solution to real problems. But not always.
Hybrid, in some instances, simply doesn’t make sense. For example, if your company subscribes to Salesforce.com, would you also deploy an on-premises version? Of course not. Furthermore, hybrid can be a misnomer, and there are plenty of instances where it’s little more than a buzzword. It pays to know what you’re getting, so when it comes to critical security decisions, ask the hard questions. And when you see the term “hybrid security,” buyer beware.