If you\u2019re still thinking \u201cprivate data center\u201d and don\u2019t have an ironclad regulatory reason for doing so, you should really ask yourself: Why?\nFewer and fewer companies are holding out. They\u2019ve had to navigate many wants and needs, from security and regulations to enabling digital platform strategies to extending the life of existing infrastructure investments. Analysts predict that most will settle on hybrid clouds as the end game that balances the pieces.\nBut with so many enterprises adopting hybrid architectures, the question rears its head again: If you\u2019re not tethered to a private data center by an immovable regulatory requirement, what\u2019s holding you back? The obstacles may be more easily surmounted than you think.\nIn my work with companies navigating transitions to the cloud, I\u2019ve found that when companies worry about hybrid, hesitancy often boils down to two main areas: data security, and latency and performance.\nLatency: Quick solutions to slow clouds\nLatency is a legitimate problem - users won\u2019t tolerate slow apps! - but more and more, if you can identify potential sources of latency, you can also find a hybrid cloud option that architects around them.\nConsider proximity. Digital assets exist in virtual space\u2014but the machines hosting those assets sit in the physical world, and the the bigger the distance between machines, the higher the potential for latency problems. An organization can often reduce latency simply by choosing a cloud service provider whose facilities are in the same region as the organization\u2019s data center.\nA more technical example: Suppose an enterprise wants to keep backends and APIs in its own data center while running management and analytics services in the cloud. While more cost-effective than doing everything in-house, this approach can introduce latency, as round-tripping the APIs to the cloud and back can slow down operations. For this problem, many enterprises are employing lightweight, federated cloud gateways that keep API runtimes in the data center while asynchronously pushing analytics data to the management service provider\u2019s cloud.\nSecurity: Focus on internal threats\nSo, if latency is a largely manageable issue, that means concern about hybrid clouds becomes mostly about data security. According to Gartner, \u201c38 percent of companies who don\u2019t plan to use the public cloud cited security and privacy as the main reasons.\u201d \u00a0\nBut in a July webinar presentation, Gartner Research VP Jay Heiser noted \u201cno evidence indicates that [cloud service providers] have performed less securely than end user organizations. Quite the opposite.\u201d He added, \u201cGenerally speaking, public cloud computing represents a more secure starting point than in-house implementations.\u201d\nThis \u201cmore secure\u201d starting point may mitigate some concerns\u2014but it \u00a0isn\u2019t absolute. Some clouds are more equipped than others to extend corporate data centers while meeting regulatory and security requirements. It\u2019s important to consider SLAs and redundancy agreements, and whether the provider submits to third-party audits and has been awarded industry certifications. That\u2019s just the tip of the iceberg, of course\u2014you should also consider whether the provider has expertise delivering to your needs and goals, whether it ever directly accesses your data, and so on. But the point is, a lot of threat mitigation in the hybrid cloud world involves proper vetting of partners.\nThis vetting extends to physical security, too. Our fears are often defined by remote attackers who hack into a network\u2014but in practice, many threats involve close-proximity attacks rather than network break-ins executed from afar. Think how Stuxnet, the malware associated with knocking Iranian centrifuges offline, is believed to have spread primarily through USB flash drives, contractors, and equipment compromised while in transit. Against these sorts of threats, cloud providers often possess technical resources and data center management expertise that would be difficult and expensive for many private enterprises to cultivate internally. Many top clouds boast a variety of physical, on-site security mechanisms, such as data center access limited to very few individuals via biometrics, and machines custom-built to detect whether they\u2019re booting appropriate software.\nThreat mitigation also requires that companies take seriously the role of internal threats. Some of these involve nefarious intent, such as an ex-employee stealing intellectual property, but many stem from simple user error, such as sloppy password management or susceptibility to phishing scams. Indeed, Gartner predicts that through 2020, 95 percent of cloud security failures \u201cwill be the customer\u2019s fault.\u201d The takeaway is that many of the threats perceived around cloud have little or nothing to do with vulnerabilities intrinsic to the technology itself\u2014and much more to do with a company\u2019s internal security and governance processes.\nCSPs Run on user trust\nA final note: Successful cloud service provider models are almost necessarily built on a foundation of preserving user trust\u2014an unspoken contract that manifests in CSP reliability and security investments whose scale exceeds what most in-house operations are capable of.\nAs cloud providers have continued to earn this user trust, they\u2019ve demonstrated that many of potential customers\u2019 most pressing fears involve abstract anxiety as much as - or more than - demonstrated dangers. The majority of organizations are now embracing the cloud, especially hybrid flavors, as they\u2019ve realized key concerns may be \u00a0more manageable than anticipated\u2014which again begs the question of those still holding out: Why?