After silicon chipmaker Broadcom acquired CA Technologies in 2018 and Symantec Enterprise in 2019, it decided to invest in hybrid cloud environments, which integrate and orchestrate public cloud, private cloud, and on-premises services. The CA and Symantec acquisitions onboarded vastly different tech stacks and operation workflows, with a variety of hosting scenarios: on-premises, colocation, and “cloud native,” where the entire infrastructure resides in the cloud.

“We modernized cloud-native software to a microservices container architecture, and moved it into the cloud. Then we modernized on-premises and colocated data centers to hybrid cloud architecture,” says Broadcom CTO Andy Nallappan. Broadcom sought a unified tech stack to integrate the acquisitions and keep focus on customer needs, security, and compliance, but to do this the company had to modernize, standardize, secure, and scale.

This embrace of hybrid cloud is happening industry wide at an impressive clip, according to Veeam vice president of enterprise strategy Dave Russell. “In recent years, the pandemic and resulting macroeconomic activities made organizations rethink operational strategy and move faster to the hybrid cloud,” he says. Market statistics agree: Mordor Intelligence predicts the market for hybrid cloud will continue to grow quickly, with a compound annual growth rate (CAGR) of 21.6% through 2026.

Enterprises increasingly turn to hybrid cloud for cost savings and the flexibility to innovate and scale. “One of the top benefits of hybrid cloud is to minimize the cost to expand on-premises infrastructure,” explains Kateryna Dubrova, IoT networks and services research analyst at global technology intelligence firm ABI Research. She adds, “It simplifies developing the workload on the cloud to allow for quickly testing, prototyping, and launching new products.”

Keeping control over data

The growth of hybrid cloud adoption brings data security and protection into sharp focus. “The problem now is that we have a lot more data and a lot more applications in a lot more places,” says Alexey Gerasimov, vice president and head of cloud practice at Capgemini Americas. “All are subject to attacks, penetrations, data leakages—the attack surface is much bigger, and there are many more things to attack.”

Protecting data across hybrid environments is complex. Companies often rely on multiple systems from multiple vendors, which means data vulnerability, inefficiencies, and rising overhead costs. To protect assets as cybersecurity threats increase and evolve, companies must understand the data challenges that come with hybrid cloud.

Companies that work with cloud technologies sometimes assume cloud providers will take care of data security and protection; however, the ultimate responsibility for data management strategy lies with the company—no matter where the data resides. “Compared to conventional IT, cloud security and protection is governed by shared responsibility. The cloud service provider assumes responsibility for underlying infrastructure such as cloud computing services. The enterprise retains responsibility for applications, data, and users,” explains Dubrova.

The responsibility is like renting a car, says Russell: The rental agency provides the car and a tank of gas, but the driver still has to drive the car and avoid accidents. “Similarly, working with hybrid cloud, providers supply the working infrastructure—server racks—but it’s still up to the enterprise to protect its data,” he says. “It’s still up to the enterprise to harden access from the perspective of ports, credentials, and all the security details associated with using a hybrid cloud environment.”

Once this is understood, enterprise responsibility in the hybrid environment is an advantage. “In my view, hybrid is better where you have heavy compliance and data sovereignty requirements,” says Nallappan.

Download the full report.

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.