This content is part of the Essential Guide: Breaking down what's in your cloud SLA
News Stay informed about the latest enterprise technology news and product updates.

IT shops unwittingly run hybrid clouds, risk data security, HP says

Are you working out a hybrid cloud strategy? Surprise, says one HP exec -- you might already have one.

The IT term de jour is "hybrid cloud," and while vendors tout this as a new strategy, it's something that many enterprises already have without even realizing it -- and that could pose data security problems.

Saar Gillai, ‎senior vice president and general manager of Converged Cloud at Hewlett-Packard (HP), is responsible for the company's overall cloud strategy. Previously, Gillai was vice president and general manager of HP's Cloud Networking division and senior vice president at 3Com, which was acquired by HP in 2009.

In this Q&A with SearchCloudComputing, Gillai discussed the evolution of hybrid cloud strategies among enterprises, OpenStack and Amazon Web Services (AWS) application programming interfaces (APIs), and HP's own approach to cloud services.

How do you see the cloud computing market developing over the next three to five years?

Saar Gillai: Obviously the biggest trend we see is people are now understanding that it's a hybrid world. Everything you do is hybrid. Even if you use public cloud, if it's somehow tied in to a private application you're running, that's a hybrid environment. In many cases, enterprises are running hybrid clouds without actually knowing it, and that's causing problems, because they end up causing holes in the security perimeter without understanding that.

Obviously the biggest trend we see is people are now understanding that it's a hybrid world. Everything you do is hybrid.
Saar GillaiSVP and GM of Converged Cloud at HP

What you have today with private and public cloud systems is that people put systems of engagement in the public cloud and most of the systems of record are still in private cloud or traditional IT. They have to tie those systems of engagement to systems of record in some fashion, but the way they're doing it is not through some sort of governed methodology. …

While they have this belief that everything is great and the data is all secure, that isn't actually what's going on.  As people look at the deployments that they've done, they're going to realize more and more that there has been somewhat of a false sense of security. And once they realize what that actually means to their data security policies, it changes the way they look at things.

What are the hurdles between where the market stands right now and getting to that idea of a hybrid cloud?

Gillai: Today, by and large, people are still tied to the public or private cloud deployment models, so in most of the solutions people are providing, you can't easily move your workload around between those different deployment models. But that should just be a detail. Someone should be able to say, 'Look, I want to leverage the cloud for the following workload,' and then they should be able to build a solution based on their needs, and they should be able to change their deployment model at different times relative to their specific requirements.

We're still not at that level because most of the solutions out there are very specific to deployment models. That's one of the reasons why we're big supporters and contributors to OpenStack, because we believe ultimately [that] as the cloud matures, there will be an open source solution that people are going to gravitate to -- not because of cost, but because of the ecosystem support.

Speaking of OpenStack, does HP take a position in the debate over OpenStack using AWS APIs?

Gillai: We're supposed to provide APIs that are flexible; things that were done in AWS that make sense. That's fine, but I wouldn't necessarily copy everything they do. [The APIs] need to be based on the ecosystem, not one vendor.

For example, we're doing Heat for templating orchestration in OpenStack, and it's based on some of the CloudFormation stuff in AWS, but it's a much more advanced version of it. There have been some good things done in AWS and other places, and we shouldn't hesitate to adopt the best practices, but I don't think an open ecosystem should be aligned to a single project or implementation. I don't think that would be good for it long term.

Other than having OpenStack on both sides of the wire, how does HP facilitate that hybrid model for customers?

Gillai: OpenStack is just a base. You also have to have what we call Converged Management and Security. You have to have a model for managing and securing your entire infrastructure above OpenStack as well, [which] goes across all deployment models from traditional IT all the way to public cloud with hybrid in the middle.

HP said in January it plans to refine its public cloud service-level agreements (SLAs). Has that happened? How have Cloud Compute SLAs changed since then, if at all?

Gillai: I'd have to get back to you on that. I don't have the specifics. But I think people over-emphasize SLAs. What's important is business continuity. For most customers, if the SLA says you give them a week free for a few hours of downtime, that's not going to help them.

What does HP offer in terms of business continuity in the cloud?

Gillai: Again, if we go back to our architecture, just going back to our OpenStack offering that we're now moving to our private cloud, one of the big differences with this offering is that it [has] actually been tested and proven in our public cloud. So when we talk about providing that kind of technology, it's based on tried and tested solutions. HP also has broad experience in providing business-critical systems for our customers and we're taking a lot of that capability and making sure it's covered as part of our cloud solution.

Is there an HP business continuity service? Are there disaster recovery options for people to choose from within HP's cloud?

Gillai: We are working on various disaster recovery offerings. That's something that's still evolving.

Editor's note: HP has expanded the number of services that are supported by SLAs, such as the HP Cloud DNS Service, and the company expects to add more services covered by SLAs by the end of the year. However, the details of HP's Cloud Compute SLAs haven't changed.

Beth Pariseau is senior news writer for Write to her at or follow @PariseauTT on Twitter.

Dig Deeper on Building and maintaining a hybrid cloud

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.