Managing multiple providers in a single environment poses distinct challenges. Here’s how to ensure your multi-cloud strategy is secure, harmonious, and cost-effective.
Companies have been moving data, applications, and development work to the cloud in greater numbers for the past several years — a trend that has seen a significant boost since the coronavirus pandemic triggered a rise in remote work and ecommerce activities.
More than ever, organizations are launching or expanding multi-cloud strategies as they advance their digital transformations and deal with the new challenges wrought by the global health crisis and its impact on business processes. Recent IDG research noted that cloud platforms are playing a key role in helping organizations respond to the crisis, because they provide operational resiliency and needed work-from-home tools.
IDG’s survey of 551 IT decision makers found that more than half use multiple public cloud services today and 21 percent said they use three or more cloud services.
Operating and managing an environment supported by multiple cloud providers and services poses distinct challenges, however. IT and business leaders need to address these hurdles if they are to help their organizations succeed in a multi-cloud world.
Not all cloud services are equal when it comes to supporting particular applications, workloads, and business processes. Organizations on multi-cloud journeys must put in the effort to figure out which services are best for specific tasks.
“The first main challenge was around the identification, selection, and deployment of the right services in each cloud environment,” says
Samantha Liscio, CIO of the Workplace Safety & Insurance Board of Canada (WSIB), an agency that provides support and insurance for workers injured on the job.
Since late 2017, WSIB has been shifting away from its legacy IT infrastructure toward the cloud. In partnership with IT consulting and services provider Accenture, it designed and executed a transformation program that includes cloud services, a new, cloud-ready operating model, and greater emphasis on resilient digital services.
Today, WSIB operates a multi-cloud environment involving a mix of integrated public cloud offerings and its own private cloud. Among the cloud providers it relies on are ServiceNow, Microsoft Azure, and WSIB’s private cloud hosting provider. The organization is using cloud services for a variety of applications, including employer financial reconciliation, identity management, a digital portal for employee claims information, and claims processing.
“One of the difficult decisions WSIB needed to make was choosing the fit-for-purpose cloud services from a broad catalog of services offered by the leading cloud vendors and understanding how they integrate into WSIB’s broader hybrid cloud architecture,” Liscio says.
In the development of the overall infrastructure strategy, Accenture helped WSIB overcome the challenge by defining the cloud service selection criteria and cloud deployment decision framework. WSIB then used this to make important strategic choices, Liscio says.
In many cases, multi-cloud environments are replacing proven, cohesive legacy IT infrastructures that have been in place for years. To make the transition successful, and to ensure workflows aren’t disrupted, companies must make the various cloud services fit together as if in a puzzle.
“The difficulty with multi-cloud management is in the ability to integrate with and operate multiple diverse technology solutions, standards, and service tiers [offered by the cloud vendors], from a single place — what is often referred to as a single pane of glass,” Liscio says.
The infrastructure strategy WSIB created defined a set of critical cloud management and operations capabilities, such as orchestration and automation, metering and billing, and predictive operations. This has enabled the organization to deploy those capabilities in its operations, either directly or with the help of cloud providers.
The challenge of making sure the pieces fit together can be all the more daunting for technology and business leaders because of the increasing complexity of the technology landscape and architecture, Liscio says. This makes effective planning all the more important.
Accenture helped WSIB shape its multi-cloud architecture to modernize its existing aging technology while introducing new digital services for end users. The organization developed its multi-cloud strategy to ensure optimal user experiences and application availability across the various cloud technologies.
One of the key components of the WSIB multi-cloud strategy is an enterprise application gateway that supports integration across multiple clouds. “We implemented a modern, scalable API [application programming interface] manager across the enterprise,” Liscio says. “We needed to ‘future-proof’ our environment to ensure that it could live up to the demands of multi-cloud environments and the new technologies that come with these environments.”
One of the reasons companies move to the cloud is to reduce costs; for example, by cutting back on servers or eliminating on-premises data centers outright. But a multi-cloud environment can be a costly endeavor if not managed effectively.
WorldView, a provider of healthcare information systems, is using cloud services from Microsoft Azure and Amazon Web Services (AWS). This includes infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) offerings.
Keeping costs under control was vital. To better monitor the two services and achieve cost containment, WorldView deployed cloud management software from OpsCompass that provides a “dashboard” across the two platforms.
“We can see both AWS and Azure with consistent measurement and can monitor cost, rigor, and performance in one location,” says Marc Johnson, CIO, CISO, and chief compliance officer at WorldView. “Without OpsCompass, our FTE [full-time equivalent] costs would have doubled,” Johnson says. This includes hiring people with experience in the two platforms along with the staff hours to manage them.
“It took a lot of discipline and codification of our standards to make this possible,” Johnson says. “We standardized everything in order to create the baseline affiliations across the two platforms. In essence, we had to go back to the original lift-and-shift migration to organize and standardize all of the [application dependencies] as well as tag resources appropriately. Tagging gives an organization better visibility into the consumption of resources on the differing platforms and better analytics therein.”
Keeping the environment as simple as possible was important for keeping costs down. “Simplicity is paramount,” Johnson says. “The various options on each platform allow for excessive agility, but that can come at a cost if not managed properly.”
Allowing the multi-cloud strategy and architecture to become complex over time by combining too many elements is a risk, Johnson says. “Just as with on-premise architecture, the more parts there are exponentially increases the risk,” he says.
One way to simplify the cloud is through using microservices as much as possible, Johnson says, although “sometimes we were limited by the core legacy application as to what we could make a microservice.”
Cybersecurity is challenging enough when everything is located on premises. When data, applications, and platforms are housed in any number of places, including company data centers and multiple clouds, the challenge multiplies.
Variations in security controls from cloud service to cloud service can increase the risk of data breaches because an organization’s
internal security model needs to be applied to each cloud in a different way.
“In a multi-cloud environment, how do we ensure that our overall security fabric that we have at an enterprise level gets mapped to the distributed workloads across various geographies?” Navdeep Singh, vice president of cloud and cybersecurity at financial services technology provider Fiserv noted at a CIO virtual roundtable in June 2020.
“Also, at the same time, what is that consistent and repeatable manner with which our associates — or anybody, for that matter — are accessing those environments?” Singh said.
Indeed, controlling access is one of the biggest concerns with multi-cloud security. “Common challenges across all multi-clouds are providing seamless access to cloud services to users based upon their default credentials, maintaining least privilege access across all clouds, and keeping up with risk assessments and vetting of additional cloud services,” says Jim Reavis, CEO of the Cloud Security Alliance (CSA), an organization that provides education and best practices for cloud security.
“Organizations should maintain a competency and knowledge base around using multiple clouds as a risk management strategy, to better help future-proof the organization as market developments make differing clouds more or less attractive,” Reavis says.
Enterprises need a strong cloud-centric identity architecture that federates with any chosen cloud service, Reavis says. “The ability for cloud services to be compatible with open standards for identity need to be a procurement requirement,” he says. “Organizations need to translate their risk appetite for any cloud business need into the correct resiliency requirements.”
Critical business applications should be designed to have appropriate redundancy, Reavis says, often by orchestrating across multiple workloads. “Enterprise-wide visibility and control of cloud services continues to be a pain point, and what we are seeing as a market trend is an integration between cloud access security broker-like solutions that traditionally manage access to SaaS applications [and] cloud workload management solutions that operate on the IaaS layer.”
Cloud providers are regularly introducing new services and upgrades and the market as a whole is highly dynamic. IT and business leaders must be up on the latest changes and make adjustments as needed.
“We have long known that the only constant in business is change,” Johnson says. “That applies to the various cloud platforms as well.” Cloud service providers “are constantly adding new functionality, sunsetting others, and creating new integrations,” he says.
The way WorldView addresses this challenge is to maintain a learning environment. “My team is always encouraged to look into new functionalities, integrations, and products that address our core vision and mitigate our risks,” Johnson says. “When we find something that looks promising, we bring it into a proof of concept to narrow down the players.”
After much testing in a production-like environment, “we come together as a team to walk through the situation, weaknesses, opportunities, and threats,” Johnson says.
This approach enables the company to figure out the best way to align cloud services with business demand with the least amount of risk. “We expect change and address it head on, instead of waiting for a vendor or platform to force the issue,” Johnson says.