Hybrid Cloud Performance and Productivity

Cloud sprawl is the reality for most companies today. This e-book will help you rethink your approach to managing multiple cloud services by adopting an intelligent, modern solution to help secure and control your cloud resources. Key idea statements at the beginning of each chapter summarize the takeaways.

What to do about a sprawling cloud

If your company is adopting a hybrid cloud model—keeping some workloads on-premises while moving others to the cloud—you're already aware that cloud computing is key to driving new levels of agility, innovation, and cost savings. But at the same time, some businesses transitioning to the cloud are seeing a corresponding proliferation, or sprawl, of cloud-based services that are often uncontrolled and unmonitored—and often, unsanctioned. Both IT and lines of business can contribute to sprawl, as they work independently or together to engage cloud services.

Security challenges in the hybrid cloud

A recent survey of over 2,000 IT professionals revealed the top three cloud security challenges they're concerned about. Besides the inefficiencies created by running rogue apps or excessive workloads, cloud sprawl can also amplify security risks—and in the C-suite, that's a cause for concern. A recent survey indicated that 61 percent of CEOs worry that security issues pose a threat to growth.

In a world where multiple cloud instances and on-premises servers can exist within one IT organization, protecting against security threats becomes increasingly complex. More workload owners mean more devices to monitor, more apps and data backups to manage, more potential for data loss. And for most companies operating in a hybrid cloud environment, increased complexity is viewed as the number one challenge.

Point solutions can help solve specific security needs as they come up, but they don't address the big picture. In fact, adding point solutions often places additional responsibility on security teams who are already overburdened managing their existing infrastructure.

A modern solution that answers the challenges of cloud sprawl needs to be holistic. You must be able to see across your entire hybrid environment — every workload, app, and endpoint—to proactively manage and monitor all aspects of your cloud's security and performance.

As IT spend on cloud-based infrastructure continues to rise, addressing cloud sprawl now with a powerful, integrated approach to management and security can save you headaches down the road. By focusing on a solution that provides visibility and control across all of your resources, you will reduce operational complexity—and risk.

Managing cloud sprawl: A 5-part approach

In a hybrid cloud environment, you need visibility across all of your resources to have true control. An integrated, cloud-native solution can provide the insights you need to fix issues faster, and to manage the risks introduced by cloud sprawl.

  • Protection against business disruption. Back up your data and meet compliance requirements to keep your most important information available during a disaster.
  • Security insights that reveal internal and external threats. See what's happening 24/7 with continuous, end-to-end security assessment and threat detection to defend against evolving threats.
  • Monitor in real time. Get deep visibility across your entire hybrid environment using insights based on built-in analytics and machine learning.
  • Governance across your hybrid environment. Establish guardrails for compliance and drive accountability with policy based management and cost optimization.
  • Manage configuration at scale. Apply fixes, make updates, and address configuration drift by implementing automated policies.

In the following chapters, you'll learn how an integrated approach to security, protection, monitoring, configuration, and governance can help your organization manage cloud sprawl and achieve a more efficient hybrid cloud.

Safeguard your enterprise with end-to-end security

Key idea: In a hybrid cloud environment, a strategic and holistic approach to security keeps your infrastructure and your data assets safe, while providing full visibility and control.

Today's security threats are relentless, and rapidly evolving. Your organization needs a comprehensive "always on" and "assume breach" strategy in place to be prepared for the inevitable attacks—whether internal or external. And in a hybrid environment, it's essential to have actionable insights that allow you to respond to incidents quickly.

Clouds on the horizon: Biggest cloud security threats, according to security pros

A truly integrated, end-to-end infrastructure security solution gives you a unified view of all your machines, networks, and services, allowing you to protect your environment proactively, and reactively. When you have a holistic understanding of your security posture, you can:

  • Remediate against vulnerabilities
  • Make ongoing assessments and recommendations
  • Rapidly deploy built-in security controls
  • Integrate existing processes, tools, and partner solutions
  • Reduce attack surface with predictive analytics
  • Centrally manage security policies

Security: What's at stake?

Safeguarding all of your workloads, apps, and data can't happen without broad visibility into all processes at all times. Unlike traditional on-premises solutions, a cloud-native security solution lets you see your entire ecosystem and provides powerful analytics and real-time insights. You get the answers you need to keep your enterprise up and running, and you're able to detect threats and take action before they can cause damage.

Protect all your data, everywhere

Key idea: Business continuity involves data protection. In a hybrid environment, the ability to control all of your data resources across platforms is fundamental to protecting your enterprise against costly data loss and downtime.

Data is your organization's most critical asset, and data protection is one of the top challenges that IT must constantly solve for. Downtime reduction and avoiding data loss are essential for business continuity, and protecting historical data from system or human error is typically mandated by business, regulatory, or legal requirements. And in an era of anytime, anywhere computing, your users and customers expect your apps and processes to run 24/7—on-premises and in the cloud—regardless of platform or physical location.

By the numbers: Just how vulnerable is your data?

  • $21.2K average cost of data breach per day
  • 93% of companies that lost their datacenter for 10-plus days due to a disaster filed for bankruptcy within one year of the disaster
  • 159M data records containing sensitive information compromised in 2015
  • 554M records lost or stolen in H1 2016
  • 3.04M records compromised every day

In the event of a disruption—if an application becomes unavailable, or if your backup protocols don't allow for easy data recovery, trouble can escalate quickly. In addition, the cost and complexity of protecting data assets continues to increase as data itself grows exponentially.

Traditional approaches and piecemeal solutions don't allow you to cover your entire environment and take control of your data resources. What's needed is a robust management solution that allows you to create customized backup and disaster recovery options to protect your data in the cloud, and on-premises. In the event of a disruption, this approach can accelerate recovery times and help you avoid costly downtime. Given the enormous cost of downtime, rapid recovery is vital.

Choosing a platform that provides integrated management and security across cloud and on premises resources can help simplify complexity in a modern hybrid cloud environment, meeting both the application availability and data protection needs of today's organizations. A comprehensive solution should consider requirements such as:

  • Robust backup, and disaster recovery that provides for failover of on-premises workloads, preventing downtime and disruption during a disaster
  • Replication of virtual machines to increase compliance and application availability
  • Built-in protection against ransomware
  • Pay-as-you-go with no secondary site resource costs
  • Meeting or exceeding industry standards and regulation compliance

Bridge the gap between apps and infrastructure

Key idea: When you have visibility into all of your assets—from infrastructure all the way down to a single line of code—it's easier to separate the noise from the important data and focus on what matters.

Applications drive business KPIs and end user interactions that must be understood and managed. Visibility is the challenge: you can't fix what you can't see. Problems can reside at the code level, or deeper within the infrastructure, and it's difficult to see holistic performance metrics across your entire hybrid ecosystem.

But insight into your IT systems and processes is about more than having a tool to provide dashboards or reports. It's about improving the performance and usability of your apps and services, making deep analyses and gaining insights from all of your on-premises, cloud, and multi-vendor solutions.

A closer look at monitoring application performance in the hybrid cloud

Machine learning also plays a role in managing and controlling application performance. An application performance solution enabled by machine learning makes it possible to continuously analyze application telemetry in the context of overall cloud behavior. Notifications and alerts based on actual usage data help you fine-tune as often as needed—and ultimately control how to do so with the least amount of downtime.

From failed requests to new feature releases, performance insights give you a heads-up about critical application issues. Insight into actual usage lets you see where the bottlenecks are, and how response times vary. When you know how much CPU, network, disk, and other resources are being used, and which code slows down your system, you can easily identify the problems and deploy a fix.

Simply stated, to manage your hybrid cloud with authority, you need to be able to keep track of what is happening—everywhere.

The power of insight: a hybrid cloud management checklist

With a holistic perspective, you're able to manage the big picture across cloud, on premises, and multi-vendor environments.

  • Collect and correlate data with simple search and built-in visualizations
  • Detect anomalies and abnormalities in usage patterns
  • Determine resource availability
  • Discover and map dependencies
  • Troubleshoot issues in real time
  • Monitor and back up virtual machines
  • Access individual files

Dependency-aware monitoring: Linking apps and infrastructure

Using an application and IT service dependency mapping tool, you can automatically discover relationships and dependencies between IT components to help you accelerate troubleshooting and root case analysis. With an up-to-date view of dependencies, you can expedite your app and workload migrations, whether you are migrating to the cloud or other destinations.

Better monitoring means better management

As you look into the best ways to monitor your hybrid environment, you should take into account your ability to:

  • See across networks into infrastructure—even down to the code level
  • Gather data from multiple sources in the cloud and on-premises
  • Search and query at cloud scale
  • Discover and map app and network connections
  • Generate predictive analytics to help you make prioritized recommendations

With this integrated approach to hybrid cloud management, it's possible to make data-driven decisions that keep business moving forward, with less friction, more precision—and bottom line results.

Monitoring checkpoints:

  • Are you able to automatically pull data together on a regular basis?
  • Can you see dependencies for servers across environments?
  • How often do you conduct a "health check" of your environment?

Change the game with automation and configuration

Key idea: Process automation, configuration, update management, and change tracking simplify cloud management and accelerate the time it takes to onboard your cloud or datacenter tools and resources.

Automation is a powerful antidote to complexity. There's no substitute for swapping out manual tasks for automated processes—and hybrid cloud management is no different. Instead of trying to manually manage configuration tasks across multiple platforms, you can get up and running quickly with tools that are built for the demands of a hybrid environment.

In a traditional datacenter environment, manual hotfixes are common—but often result in numerous "snowflake" servers that can't be managed or replicated. This problem is avoided in the cloud, where you can automate common processes using configuration management.

It is much simpler to use built-in policies and out-of-the-box dashboards and queries that can be configured to execute whenever you receive an alert, instead of relying on administrators to find and fix the same issues every time they occur. There's no code to write, and integration is vastly less complicated with smart automation tools that are ready to go.

Six benefits of automation and control in the hybrid cloud

Automated remediation

Take immediate action in response to alerts or log search queries: trigger runbooks on demand, automatically, or from your own datacenter.

Orchestrated recovery

Reduce recovery time objectives: use repeatable runbooks in disaster recovery plans; customize groups and create recovery sequences for multi-tier applications and checkpoints.

Integrated solutions

Save time and effort: use pre-built runbooks and automation modules; leverage out-of-the-box partner integrations and solutions.

Consistent configuration

Avoid configuration drift: apply, monitor, automatically update desired app state and infrastructure resources.

Intelligent patching

Reduce complexity: use insights into workload dependencies and time estimates; run group and sequence updates with owner approvals without unplanned downtime.

Change monitoring

Enable compliance reporting: correlate changes and understand application dependencies faster with universal change tracker.

In other use cases, you could easily automate password reset, implement virtual machines for a Dev environment, or schedule and deploy patches for Windows and Linux. There are many ways to save time managing at scale with integrated configuration tools that allow you to:

  • Onboard quickly
  • Add new servers, or connect to your existing management tools
  • Apply and monitor configurations and fix configuration drift without manual intervention
  • Configure servers with the right policies and procedures
  • Maximize efficiency with deep analytics and machine learning
  • Leverage extensible solutions

Deliver more consistency

You can deliver more consistent service to your enterprise when you're able to apply, configure, and deploy automated processes in your heterogeneous environments. An integrated management solution with configuration capabilities substantially reduces downtime, improves time-to-value, and finds and fixes issues that can adversely impact your operations.

Governance made easy

Key idea: Hybrid cloud requires a modern, integrated solution for governance that allows you to create consistent policies and processes and, at the same time, monitor the costs associated with your cloud investment.

In a hybrid cloud model, you need a consolidated view of your IT architecture in order to implement consistent policies that will support compliance. Traditional policy management tools simply aren't designed for the complex world of cloud computing.

Using a holistic solution, you can deploy out-of-the-box dashboards, queries, control, and policies to address a broad range of compliance and governance issues, including access, logging, auditing, and reporting. You're able to create truly flexible policies—defining by workload what you can and can't do—that can be monitored, checked, and adjusted as issues arise.

Monitoring cloud spend

To make informed decisions about allocating your cloud resources, look for opportunities to:

  • Detect anomalies and inefficiencies and make corrections
  • Eliminate idle resources
  • Forecast future spend
  • Produce chargeback and show back reports
  • Use role-based access to surface data and insights
  • Right-size your virtual machines
  • Improve management of virtual machine reserved instances

Under control and good to go

Control, convenience, efficiency, and reducing overall infrastructure maintenance costs are just some of the benefits you can achieve in your hybrid cloud with an integrated management solution. Cloud native tools—based on data intelligence and machine learning—offer policies that are "good to go" at the time of setup. There's really no need to reinvent the wheel or rely on manual processes when you implement a management solution that's made for the cloud.

Do you have a policy for that?

A sample list of activities that you should have policies for:

  • Allowed locations
  • Allowed resource types
  • Allowed storage account SKUs
  • Allowed virtual machine SKUs
  • Apply tag and default value
  • Enforce tag and value
  • Deny creation of public IP addresses
  • Require storage account encryption

Hybrid cloud management in the real world: the IHG story

The customer

IHG (InterContinental Hotels Group) is one of the world's leading hotel companies, with 350,000 employees, and more than 5,200 properties in almost 100 countries. The company has a deep commitment to innovation and a long history of investing in technology.

The challenge

IHG adopted a hybrid cloud model to better align IT practices with its broader business goals. As part of that realignment, IHG's Global Technology IT focused on standardizing as many of IHG's IT functions as possible, with the goal of using standard solutions worldwide that can be tailored to local needs.

The Azure solution

A positive experience with StorSimple—which accessed Azure Blob storage—led IHG to consider Azure security and management services to meet its cloud and hybrid use cases. Azure security and management services provided IHG with a holistic, global view, with a minimal amount of administrative effort.

"We deployed a single agent and then immediately, with very little time spent by an administrator or engineer, we saw information such as patch levels of the servers and Active Directory replication issues on a worldwide basis," says Jason Roth, Senior Engineer on the Global Technology Enterprise Systems team. "The turnaround time from logging in to the operations management web console and having actionable information available was the same day. It amazed me that it was so useful, so quickly. Global infrastructure metrics that were difficult to aggregate before suddenly appeared once we deployed an agent, which really appealed to us."

Ease of use and scalability

The Azure Automation and Control service has had a significant impact, offering the capability for technicians to write code and place it into a runbook in Azure. IHG's technology team is now storing that code and making it available throughout IT. "This allowed us to provide an API for automated Active Directory tasks that could be called from our open source or non-Windows systems," says Roth.

Azure has also provided an additional source of information, especially with Azure Insight and Analytics, which helps collect and analyze data generated by resources in cloud and on-premises environments. "We answer queries, collect information, and have dashboards showing us near-real-time DNS server performance," says Roth. "The system shows us account lockouts, failed logins, and similar information."

In the end, it all comes back to ease of use. "IHG Global Technology is on a journey toward an Agile DevOps style of managing our applications," says Roth. "Tools that deploy easily, scale infinitely, and provide metrics we can use to perform our changes in near-real time are incredibly valuable."


As more and more cloud services are being adopted by organizations—both on the IT side and the business side—complexity has increased, making it a challenge to manage a sprawling cloud environment.

The best way to manage cloud sprawl is with a centralized integrated security and management solution that offers end-to-end visibility and control across all of your cloud resources. Point solutions can't offer this—they lack the holistic view that is essential to understanding the big picture.

In fact, an integrated approach to security and management should be the core of your cloud strategy. Without full insight into your entire IT ecosystem, you run the risks of downtime, data loss, and numerous operational inefficiencies.

As you evaluate your options, review the concepts we've discussed in this e-book—security, protection, monitoring, configuration, and governance—and understand the role that each plays in keeping your enterprise secure.

New solutions: what can Azure security and management do for your business?

  • Provide built-in threat intelligence and rule-based detections
  • Easily assess potential security issues across systems
  • Protect against data loss and downtime with flexible backup and failover options
  • Troubleshoot and resolve issues faster by integrating log data from multiple sources
  • Bring your data to life with real-time monitoring and diagnostics visualization
  • Use enterprise-class intelligence, such as smart recommendations and automation capabilities, to iterate and make improvements