We have all been awestruck by the recent IT security breaches: 100M Target credit cards, 102M Sony Entertainment records, and 80M Anthem personal records breached to name a few. While a smaller event, the Jennifer Lawrence photos stolen from iCloud was significant by the fact that they were stolen from a public cloud.

Over the last year, Topline Strategy has conducted hundreds of interviews with Corporate IT leaders about the future of their infrastructure. The most important thing we’ve learned from them can be summed up in two words: Hybrid Cloud. While the Public Cloud had gained a reputation as a platform for rogue IT developers circumventing corporate policy, what we found is a growing acceptance of the Public Cloud as an integral part of Corporate IT’s infrastructure strategy. The vision for most IT organizations is to have an integrated Public Cloud/Private Cloud infrastructure where the placement of workloads happens seamlessly based on cost, security and performance needs.

To be sure, many companies are still at the front edge of implementing this vision. However, there has been considerable interest in moving many workloads to the Public side of the Hybrid Cloud. A recent Northbridge Venture Partners1 survey showed that 65-70% of all companies will move some or significant processing to the Public Cloud in the next 1-2 years.

This is partly because when it comes to the two principal objections to the Public Cloud – reliability and security – the Public Cloud providers built a strong case for themselves. In terms of performance, according to Dun & Bradstreet, 59% of Fortune 500 companies experience a minimum of 83 hours of downtime a year. By comparison, Amazon’s AWS was down less than 5 hours in 2013. In terms of security, many IT professionals have posited that companies like Amazon have far more resources to  pour into security and may actually be safer than internal IT. An IT executive at a major media company, who had fully bought into the Public Cloud went as far as to say, “If it doesn’t have PII or highly confidential corporate data, it’s going to go into the [Public] Cloud.”

However, the recent breach involving Jennifer Lawrence as well as other breaches may change this Public/Private Cloud calculus.  In the course of our interviews, there was one notable outlier to the Hybrid Cloud trend – a major financial institution had banned the Public Cloud altogether. Instead, they were working on implementing a Private Cloud that delivered the cost and convenience of the Public Cloud but with the security of internal IT. To achieve this goal, they were simultaneously pursuing multiple Private Cloud technologies that ranged from Converged Infrastructure to having Microsoft roll up a tractor-trailer with an Azure Private Cloud inside.

At the time, we chalked this up to the unique security concerns of Big Financial Services. But what if recent and future breaches cause executives to call into question the fundamental security of the Public Cloud? Coupled with technology advances that deliver on the promise of “Private Clouds that have the cost and convenience Public Clouds,” the momentum could easily swing back from Public to Private.

For hardware, software and IT services companies, how IT infrastructure evolves is crucial.

Infrastructure technology providers have to decide whether to invest more heavily in supporting Hybrid environments or capabilities to support low cost/high convenience Private Clouds.

SaaS providers need to think carefully about their underlying infrastructure. Should they be running their own infrastructure, running in the Public Cloud, or even developing a version that can run in the Private Cloud while still delivering the advantages of SaaS?

Topline Strategy helps companies address these kinds of issues. Contact us to learn more.