Business Continuity and Security: how to ensure them in hybrid IT environments

The Rise of Hybrid IT Environments

Businesses across all industries are increasingly relying on cloud-based or outsourced IT services for their digital applications, online customer access, and archiving. This is evident from the findings of a recent survey conducted by Tinext in collaboration with VMware and Innovation Group on Swiss companies ("Pathways of digital transformation at Swiss companies"), which reveals that 52% of companies today deal with hybrid IT environments, where on-premises in-house IT systems coexist with the most modern cloud and multi-cloud services. This is already a significant figure, which is expected to grow to 78% within the next 3 years.

Business Continuity and Security risks in hybrid IT environments

The use of digital services from external providers is now essential for reasons of flexibility, scalability of processing power, savings in IT management, and to benefit from the most innovative applications (for example, the latest ones that use generative AI). The use of cloud services makes it possible to have digital resources available more quickly to support new business initiatives, limiting upfront infrastructure investments and the consequent costs, for example, for changes to projects in production.

Cloud services are generally competitive compared to equivalent on-premises solutions, but they lead to increased IT complexity and the consequent need to review business continuity and security management strategies. This refers to the ability to recover from hardware failures, data loss, human errors, and to strengthen security against cyberattacks to which hybrid IT, which is based on distributed systems, is inevitably more exposed. Cybersecurity deserves special mention, given the doubling of attack reports that NCSC (www.ncsc.ch) has registered from Swiss companies in the last 12 months.

Critical data management considerations

Business continuity and security are not the only areas of concern when transitioning to hybrid environments. Beyond the specific responsibilities for critical data management identified by the ISC2 Swiss Chapter, the mature use of hybrid systems, cloud and multi-cloud services requires a thorough understanding of the types of data in use and their physical location on the different service platforms. This is particularly important when data and applications migrate from internal corporate servers to external networked infrastructures.

While cloud providers generally offer more reliable and better managed resources than internal corporate ones, the use of external services requires the introduction of more effective protections for user access and data exchange tailored to networks that are no longer local but geographical. It should also be noted that some critical data, such as financial or healthcare data, can only be legally protected if it is physically located on servers hosted within the Swiss Confederation.

Misplaced assumptions about provider responsibilities

Tinext Managed Cloud Services' experience with customers who have taken their first steps in using cloud and multi-cloud services on their own shows that many business continuity and security risks stem from the false belief that they have delegated tasks to the provider that are instead, or should remain, the responsibility of the company.

These include responsibilities for controlling user access to data, for example, in the use of CRM, ERP, and other applications that are now delivered in cloud SaaS (software-as-a-service).

In other cases, the risks stem from the fact that the movement of data and workloads to an external provider's infrastructure, for example with the use of cloud IaaS (infrastructure-as-a-service) services, is not accompanied by the IT team's commitment to updating operating systems and software. With cloud IaaS, the provider is responsible only for managing the hardware infrastructure and not, for example, for software updates that can prevent cybercrime exploits of vulnerabilities.

The benefit of a personalized approach to service selection

Different types of platforms - on-premise, private cloud, public cloud, and also depending on whether they are IaaS, PaaS or SaaS cloud - have different capabilities to guarantee business continuity and the division of management responsibilities between the company and the provider. This is knowledge that many providers do not take the trouble to transfer to the customer, basing their services on very rigid SLAs, full of technical terms that are difficult to translate into the operational guarantees that the company needs.

For this reason, Tinext Managed Cloud Services offers customers who intend to develop hybrid IT in a multi-cloud logic a well-tested and low-risk adoption path, which starts with an assessment of processing workloads and data archives and then identifies the most suitable service supports to meet continuity and security objectives. Objectives that vary within the same company (not all workloads have the same criticality and time recovery needs) allowing the choice of synchronization techniques, backups and cloud supports that are also more convenient in terms of budget.

In the field of services for the continuity of modern hybrid IT environments, Tinext Managed Cloud Services qualifies as a certified provider able to offer personalized data protection services, both on its own infrastructures and those of the main international cloud providers. Services provided with data placement in Swiss territory and flexible SLAs to guarantee migrations to hybrid and multi-cloud IT without unnecessary risks.