Companies face new data complexities as

they integrate cloud technologies.

Produced in association with Hybrid cloud

wins rely on
data protection
2  MIT Technology Review Insights
A
fter silicon chipmaker Broadcom acquired
CA Technologies in 2018 and Symantec
Enterprise in 2019, it decided to invest
in hybrid cloud environments, which integrate and
orchestrate public cloud, private cloud, and on-premises
services. The CA and Symantec acquisitions onboarded
vastly different tech stacks and operation workflows,
with a variety of hosting scenarios: on-premises,
colocation, and “cloud native,” where the entire
infrastructure resides in the cloud.
“We modernized cloud-native software to a microservices
container architecture, and moved it into the cloud.
Then we modernized on-premises and colocated data
centers to hybrid cloud architecture,” says Broadcom
CTO Andy Nallappan. Broadcom sought a unified tech
stack to integrate the acquisitions and keep focus on
customer needs, security, and compliance, but to do
this the company had to modernize, standardize,
secure, and scale.
This embrace of hybrid cloud is happening industry
wide at an impressive clip, according to Veeam vice
president of enterprise strategy Dave Russell. “In recent
years, the pandemic and resulting macroeconomic
activities made organizations rethink operational
strategy and move faster to the hybrid cloud,” he says.
Market statistics agree: Mordor Intelligence predicts
the market for hybrid cloud will continue to grow quickly,
with a compound annual growth rate (CAGR) of 21.6%
through 2026.
The hybrid cloud will
continue to grow quickly
21.6 % Companies often rely on multiple systems from multiple
CAGR through 2026
Source: Mordor Intelligence
Key takeaways
1
Hybrid cloud—integrated public cloud,
private cloud, and on-premises services—
is on track to be the new industrywide
business model. Business leaders are
rethinking operational strategy.
2
Hybrid cloud offers novel tools for data
security and protection. It also adds layers
of complexity and risk. Companies must
closely follow cybersecurity practices
as they evolve.
3
Companies must establish a modern
internal data strategy to secure and protect
data assets. Attacks come without warning
and are expensive, with each cybersecurity
incident costing an average of $3.6 million.
Enterprises increasingly turn to hybrid cloud for cost
savings and the flexibility to innovate and scale. “One of
the top benefits of hybrid cloud is to minimize the cost to
expand on-premises infrastructure,” explains Kateryna
Dubrova, IoT networks and services research analyst at
global technology intelligence firm ABI Research. She
adds, “It simplifies developing the workload on the cloud
to allow for quickly testing, prototyping, and launching
new products.”
Keeping control over data
The growth of hybrid cloud adoption brings data security
and protection into sharp focus. “The problem now is
that we have a lot more data and a lot more applications
in a lot more places,” says Alexey Gerasimov, vice
president and head of cloud practice at Capgemini
Americas. “All are subject to attacks, penetrations,
data leakages—the attack surface is much bigger,
and there are many more things to attack.”
Protecting data across hybrid environments is complex.
vendors, which means data vulnerability, inefficiencies,
and rising overhead costs. To protect assets as
cybersecurity threats increase and evolve, companies
must understand the data challenges that come with
hybrid cloud.
 MIT Technology Review Insights 3

Companies that work with cloud
technologies sometimes assume cloud
providers will take care of data security
and protection; however, the ultimate
responsibility for data management
strategy lies with the company—no matter
where the data resides. “Compared to
conventional IT, cloud security and protection
is governed by shared responsibility. The
cloud service provider assumes responsibility
see. The hybrid environment multiplies
risk variables and requires separate
data protection and DR plans to prepare
for on-premises, private cloud, and public
cloud failures.
The connected nature of hybrid also
increases risk and amplifies complexity.
Its flexibility and availability means more
avenues for failure or breach. “We had

67
for underlying infrastructure such as cloud data centers across Europe, the U.S.,
computing services. The enterprise
retains responsibility for applications, % Australia, Canada—across the globe,”
says Nallappan. “We needed a DR and
data, and users,” explains Dubrova. backup plan for each one.”
of companies use cloud
The responsibility is like renting a car, services as part of their data Russell laments the industry’s memory
says Russell: The rental agency provides protection strategy failures about the consequences of
the car and a tank of gas, but the driver Source: Veeam Technologies, inadequate data recovery. The 2011
still has to drive the car and avoid accidents. “2022 Data Protection Tohoku earthquake and tsunami in Japan
Trends” report
“Similarly, working with hybrid cloud, providers reinforced the importance of DR and
supply the working infrastructure—server racks— business continuity plans, but the lessons were
but it’s still up to the enterprise to protect its data,” lost in mere months. Russell explains, “Invest in data
he says. “It’s still up to the enterprise to harden access backup and recovery processes—don’t want to wait for a
from the perspective of ports, credentials, and all the gas leak to find out if your home has a detection system.”
security details associated with using a hybrid cloud
environment.” Recovery is an intricate process with many components,
and it leans on automation as a key to reduced down-
Once this is understood, enterprise responsibility in the time after an outage. Automation and orchestration can
hybrid environment is an advantage. “In my view, hybrid ease complex DR plans on demand, and can provide
is better where you have heavy compliance and data real-time insight into system status. “The request for a
sovereignty requirements,” says Nallappan. dashboard and a ‘single pane of glass’ probably is as old
as management consulting,” says Gerasimov. “There’s
A focus on disaster recovery so much going on, you can’t physically do it manually.
The hybrid cloud offers an opportunity for enhanced Automation is the enabler, working behind the scenes
backup, restore, and disaster recovery (DR) strategies. to capture, store, analyze, and produce results so you
Veeam surveyed more than 3,000 business and IT can see exactly what’s happening.”
leaders for its “2022 Data Protection Trends” report
and found 67% of companies use cloud services as DR aside, in day-to-day business, automation is
part of their data protection strategy. essential. “Automation is the backbone of hybrid cloud
management,” explains Dubrova. “Automation services
However, hybrid cloud’s distributed nature makes it provide blueprints or templates that are well-proven
difficult to get a single view into a company’s data methods. Without templates and a sufficient automation,
and applications. This is imperative for a sound data developers would have to write a unique set of
protection plan: IT can’t respond to anomalies it can’t instructions for managing workloads in each working

“The request for a dashboard and a ‘single pane of glass’

probably is as old as management consulting.”
Alexey Gerasimov, vice president and head of cloud practice at Capgemini Americas
4  MIT Technology Review Insights

environment. This approach quickly becomes

inconvenient and chaotic.”

Allow for data movement

An effective hybrid cloud allows agile, cost-effective
data movement between on-premises, public cloud,
and private cloud. This data movement adds layers of
complexity and risk. “Everybody accesses data from all
over the place. Organizations have to protect what used
to be in the data center; and now, the data center, the
cloud, and data in flight,” says Gerasimov.

Data locality and movement creates compliance

concerns, not only for highly regulated industries like
finance and health care, but also for any company
doing business across borders. Regulations such as the
European Union’s General Data Protection Regulation

$3.6
(GDPR) and the California Privacy Rights Act (CPRA) in
the United States require companies to structure and
deploy applications in compliance with geo-localized
data laws. the average

million
cost of a
Protecting data in motion should be a top priority for any cybersecurity
hybrid cloud plan. “Data will always be an organization’s breach incident
most valuable asset, so data encryption at rest and in Source: World Economic Forum, “Global Cybersecurity Outlook 2022” report
transit can guide the risk of loss reduction or theft in
the case when attackers could bypass security
vulnerabilities,” says Dubrova. “The current practice “Global Cybersecurity Outlook 2022” report, a cyber-
of end-to-end encryption should be standardized and security breach costs an average of $3.6 million per
implemented in both public and private cloud storage.” incident. Companies must prepare.

Data strategies “Attacks are unpredictable, and there are no early

As the pace of hybrid cloud adoption increases and warning indicators,” says Russell. “The C-suite needs
asset attack surfaces expand, companies must establish to be concerned because, increasingly, proper data
a modern data strategy to secure and protect data management and availability is a central component
assets. According to the World Economic Forum (WEF) of security response practice.”

Attacks aren’t the only threats. One in five organizations

experienced significant outages in the past three years,
according to the Uptime Institute’s “2022 Annual
“Invest in data backup and Outage Analysis” report. The report notes “networking-

recovery processes—don’t related problems have been the single biggest cause of
all IT service downtime incidents—regardless of severity.”
want to wait for a gas leak
to find out if your home has Data backups and redundancy are essential to data
availability—companies often turn to hybrid cloud
a detection system.” environments for this very reason. Although many cloud
services come with redundancy tools, enterprises can’t
 ave Russell, vice president of
D afford to leave data protection and security solely in a
enterprise strategy, Veeam service provider’s hands.

Backups are an essential aspect of DR plans.
“Consider a ransomware attack—what do we do if we
lose everything? If you are compromised, you have
to go back to a known clean point in time, and that’s
absolutely where backup comes into play,” says Russell.
Centralize for operational consistency
Hybrid cloud is best supported by a centralized cloud
management platform. Centralizing and unifying tool sets
and processes provides a seamless, familiar environment
for teams to work and collaborate across all on-premises
and private and public cloud instances.
“Centralized management systems make it easier
to implement encryption, automation, access
control, orchestration, and endpoint security.”
Kateryna Dubrova, research analyst, ABI Research”
‘You can innovate
every minute’
When Broadcom purchased CA Technologies
in 2018 and Symantec in 2019, Andy Nallappan,
CTO and head of software business operations
at Broadcom, knew IT faced big changes.
Each organization had multiple tech stacks
and IT operations, and hosted via on-premises,
colocation, and cloud software. Broadcom sought
to standardize this into one modern tech stack,
keep the company aligned with customers, and
be ready for changes on the horizon.
“This was complicated, not just a lift-and-shift
to the cloud. You must modernize it to take
advantage of the cloud architecture and justify
the cost,” Nallappan says.
The effort involved more than 20 partners, vast
cultural change, and attention to issues such
as international compliance, integration with a
spectrum of security requirements, and software
workload needs that shift daily, weekly, and
monthly. Broadcom had to modernize,
standardize, secure, and scale.
MIT Technology Review Insights 5
Centralization not only creates an ecosystem for
cross-team collaboration and operational consistency,
but improves developer experience performance,
helping to shorten product time to market. The Cisco
“2022 Global Hybrid Cloud Trends Report” highlights
that 41% of IT leaders surveyed say collaboration
translates to operational efficiency, and 39% say it
improves application performance.
As 2020 dawned, Nallappan expected Broadcom
was ready for market disruptions. Its new hybrid
cloud solution—integrated and orchestrated
public cloud, private cloud, and on-premises
services—offered abundant flexibility and agility.
Covid-19 quickly tested Broadcom’s solution.
“Many customers had to go right to the cloud,”
Nallappan said. “If we had not made these
changes for our acquisitions, we would not
have been able to scale.”
“We had about 750,000 users pre-covid.
Post covid, it went to 4 million users, in a
matter of weeks,” Nallappan says.
Nallappan urges new, “cloud conscious”
thinking. “If you don’t manage it, you don’t get
the best outcome. It’s not on-premises. With
an on-premises solution, nobody innovates.
People feel that they bought the technology
and now they’re stuck for five years. With the
cloud, you are not stuck with anything. You
can change every day. You can innovate every
minute. We have that power,” he says.
6  MIT Technology Review Insights

Additionally, operational consistency creates business
continuity and improved security. “Centralized
management systems make it easier to implement
strong technical security measures such as encryption,
automation, access control, orchestration, and endpoint
security,” says Dubrova. “It is expected that enterprises
are turning more toward holistic platforms, where they
can balance their workloads and maintain business
continuity across the hybrid IT architecture.”
Hybrid cloud and innovation
Hybrid cloud is on trend to become the de facto
enterprise business model. The Cisco “2022 Global
Hybrid Cloud Trends Report” also found that 82% of
respondents indicated their company has adopted a
hybrid cloud model. A hybrid model facilitates the scaling
of compute resources, allowing a company to scale up
and down in times of short-term spikes in demand, and to
provide a path for data availability and the flexibility to
expand and experiment.
Hybrid cloud also facilitates increasing complexity in
applications and supports innovation. With hybrid
cloud comes the expectation that data will be readily
available to deliver services, Russell says. “Especially
as production workloads move to the cloud, the
expectation of availability is higher than in the past.”
Organizations that adopt holistic data protection
strategies can then adapt to ever-changing needs, in and
out of the cloud. As innovations in smart technologies
and autonomous products advance and edge computing
becomes more mainstream, hybrid cloud will become an
essential tool for companies to compete.
“You’ve got to prepare now—you’re not early to market,”
says Russell. “The time is right to be looking at the hybrid
cloud, multi-cloud reality, which is only looking to become
more the case, not less the case.”

“People feel that they bought the

technology and now they’re stuck
for five years. With the cloud,
you are not stuck with anything.
You can change every day.
You can innovate every minute.
We have that power.”
Andy Nallappan, CTO, Broadcom
 MIT Technology Review Insights 7

“Hybrid cloud wins rely on data protection” is an executive briefing paper by MIT Technology Review Insights.
We would like to thank all participants as well as the sponsor, Veeam. MIT Technology Review Insights has collected
and reported on all findings contained in this paper independently, regardless of participation or sponsorship.
Laurel Ruma and Michelle Brosnahan edited this report, and Nicola Crepaldi was the publisher.

About MIT Technology Review Insights

MIT Technology Review Insights is the custom publishing division of MIT Technology Review, the world’s
longest-running technology magazine, backed by the world’s foremost technology institution—producing
live events and research on the leading technology and business challenges of the day. Insights conducts
qualitative and quantitative research and analysis in the US and abroad and publishes a wide variety of content,
including articles, reports, infographics, videos, and podcasts. And through its growing MIT Technology Review
Global Insights Panel, Insights has unparalleled access to senior-level executives, innovators, and entrepreneurs
worldwide for surveys and in-depth interviews.

From the sponsor

Veeam® is the leader in backup, recovery and data management solutions that deliver Modern Data Protection.
The company provides a single platform for Cloud, Virtual, Physical, SaaS and Kubernetes environments.
Veeam customers are confident their apps and data are protected and always available with the most simple,
flexible, reliable and powerful platform in the industry. Veeam protects over 400,000 customers worldwide,
including 82% of the Fortune 500 and 69% of the Global 2,000. Veeam’s global ecosystem includes
35,000+ technology partners, resellers and service providers, and alliance partners and has offices in more
than 30 countries. To learn more, visit www.veeam.com or follow Veeam on LinkedIn @veeam-software
and Twitter @veeam.

Illustrations
Cover art and spot illustrations created by Chandra Tallman Design LLC, compiled from The Noun Project.

While every effort has been taken to verify the accuracy of this information, MIT Technology Review Insights cannot accept any responsibility or liability for reliance on any person
in this report or any of the information, opinions, or conclusions set out in this report.

© Copyright MIT Technology Review Insights, 2022. All rights reserved.

MIT Technology Review Insights
www.technologyreview.com
@techreview @mit_insights
[email protected]