Network connectivity is one of the major barriers. Just how do you know which part of the web is causing a problem? How do you test and manage response times and latencies, especially if your audience now includes users on mobile devices?
Is Azure, Amazon or one of the hundreds of different cloud providers offering the right platform for your particular application?
Nope. Not unless you're A) American, B) picking a public provider in your jurisdiction or C) building a private cloud.
“To burst into the cloud sounds like a great vision but how do you actually do it? How do you implement it? How do you set it up to be flexible? You need clever bits of software and people who can manage that software,”
Not really. The software is relatively commonplace and the skills for it are mundane. You just have to be prepared to spend. And spend and spend and spend. People with those skills are smart, and they won't be treated like crap. Companies with that software charge a lot. And you need great reliable internet connectivity and your ISP is going to take it out of your genitals. With prejudice.
Sounds easy? Maybe not, but if you plan your transition to a hybrid cloud setup correctly you will retain control over your IT. You get to choose how you customise your environment for your workloads.
No, your ISP does. They control the pipe and you do exactly as they say. Same with your hypervisor/management tools vendor. And your tin shifter. And your storage overlords. And - above all else - your government, who may well demand that any company large enough to be seriously looking at hybrid cloud computing build in back doors to allow the spooks to pwn us all in the information so that they can nose out political dissidents.
You are not in control. Everyone else is in control. You just give them money and hope they leave you alone long enough to retire. Even if you're a Fortune 1000 company.
So design your networks with that in mind. If your duty of care - and your legal obligations - run towards the protection of your customers'/employees' data, then you absolutely must treat your ISP, your vendors and your government as hostile agents who are just as likely to try to cause compromise as any outside hacker. They'll use different means, but you need to be prepared to defend against them nonetheless.