According to HashiCorp, the state of cloud report, over 76% are already in multicloud today, which will be 86% in two years. Furthermore, other surveys have stated similar findings, and shared security within their multicloud strategy is a top priority for IT Leaders.
Another survey found 86% of business owners plan to increase investment in multicloud environments in coming years, and 95% say those technologies have already been critical to their success.
This level of adoption creates enormous opportunities but with a catch. You can only enjoy the benefits of multicloud when you have a solid strategy. The question is, how to get started?
Optimize for Best-of-Breed Integrations
To achieve a successful multicloud strategy, start by asking how to enable consistent control across different cloud services/providers, from a compute to data-centric perspective. This may be vital to avoid the risk of vendor lock-in, but I do not think cross-cloud strategy only has to do with minimizing vendor lock-in; it should also reduce the complexity of the management; therefore, security and resilience.
Ideally, your multicloud strategy should be capable of supporting the workloads that should be distributed, redundant and portable across cloud providers. This will give your business the most potent benefits like achieving speed, scale, and value; the autonomy is to deploy and integrate your application services on the providers that best fit for the business.
By making sure your strategy is cloud-agnostic, you will get the most out by leveraging multiple cloud providers and their services.
However, there’s always a question: Why does one need to consider a multicloud strategy, and what business benefits does it bring? In my opinion, it always depends on what business problem we are trying to solve and how can a multicloud model help solve that organically.
Here are some expected benefits you can reap from multicloud,
- Best of breed technology. A successful multicloud architecture allows developers to use the optimal provider for each service/load. Moreover, having the freedom to use the best of breed cloud technology it is easier to innovate and achieve a competitive advantage for the organization.
- Improve resilience and reliability. When the multicloud strategy is successfully applied, your organization can distribute critical services (such as apps, data, users’ management, and others) across cloud providers, which is invaluable at the time of outrage or attack on a particular provider.
- Upmost agility. A cloud-agnostic strategy allows you to leverage the strengths of each provider. In other words, use the best provider for your compute and storage need or the best fits for AI services, others. It also allows you to migrate these services from one provider to another according to varying costs, a point that we will cover in-depth in another section.
All in all, the ability to migrate or distribute your apps and services to the provider who provides the most value is the crucial point of achieving a successful strategy.
Enable Security Out-of-the-Box
Managing security in the cloud is a daunting task, especially for a multicloud. For this reason, the recommended approach is to have Cloud Security Control Framework early in any cloud migration strategy. But what does this mean?
Today the best practice is to change the security mentality from perimetral security to a more holistic approach, which considers cybersecurity risks from the very design of the multicloud deployment. It starts by allowing the DevSecOps team to build/automate modular
guardrails around the infrastructure and application code right from the beginning. And you can consider these guardrails as cross-cloud security controls based on the current trend of implementing Zero Trust networking architecture.
Under this new paradigm, all users and services are “mistrusted” even within the security perimeter. This approach requires a rethinking of access controls since the workloads may get distributed and deployed across different cloud providers.
Implementing security controls at all levels is a key, from infrastructure to application code, services, networks, data, users’ access, etc. Some ideas in this regard are to establish everything-as-a-code templates with built-in security to apply zero-trust networking segmentation that only gives necessary privileges and controls to a group of needed users.
There are certainly challenges when it comes to multicloud security; here are some tips and best practices you can consider.
Be Agile and Take Control of Your Cloud Costs.
Keeping the costs of a multicloud environment under control is challenging as its design constantly changes, scaling up and down. Simply put, the cloud cost could fluctuate like the stock or crypto market, depending on how well your services are optimized. And these complexities can be harnessed for better business benefits when approached the right way.
Coming back to the point of agile deployments that are cloud-agnostic, where FinOps practice can be a great option to manage costs in exciting ways, You may consider following certain best practices to enable this approach within your cloud operating model.
For example, before launching application/workloads on any cloud, you can negotiate or evaluate the best pricing from suitable providers. Additionally, the agility provided by cloud-agnostic strategies allows distributing the load to lower-cost clouds during periods of low demand.
In short, a successful multicloud strategy not only takes advantage of the law of supply and demand to your advantage during the negotiation of terms of the contract but can also save costs by moving loads dynamically.
Developing innovative applications and services saves costs and increases competitiveness and achieving the best user experience is more critical for any business. It could be straightforward when developers have complete freedom to use the most convenient platform and services.
Bridge the Gap Between People and Clouds
Finally, from a peoples and skills perspective, it is essential not to overlook the difficulty of finding the cross-cloud skills. According to the Hashicorp survey, 57% of respondents cited a lack of in-house skills as a critical obstacle to embracing the multicloud strategy.
These survey results are an alarm single for the organizations that have already decided to move with the multicloud model. They should start bridging the skill gap and upskilling their team to handle the cross-cloud operating model efficiently.
However, encouraging the team/individual to learn multiple clouds simultaneously will be overwhelming, even with numerous free training resources from each provider (Amazon Web Services, Azure, Google and VMware). So, a good approach can be starting with one cloud, performing hands-on and scenario-based learnings, and further extending those experiences with other clouds by using leveraging comparison technique would greatly benefit.
There are multiple factors to consider when embracing a multicloud strategy. However, I have shared four aspects cited throughout this article as the fundamental pillars to base your strategy.
In my opinion, these are like the four legs of a table. So, design your strategy around cloud-agnostic systems and applications that are secure out of the box, be agile in controlling costs, and don’t lose sight of the fact that you will need a team with the necessary skills to carry out the whole process.
Amazon Web Services, HashiCorp, StrongDM and VMware are sponsors of The New Stack.
Photo by George Desipris on Unsplash