Managing multiple suppliers in the same environment poses different challenges. Here’s how to make sure your multicloud strategy is secure, harmonious and cost-effective.
Businesses have been moving more data, applications and development work to the cloud for several years – a trend that has increased significantly since the coronavirus pandemic triggered an increase in remote work and e-commerce activities.
More than ever, organizations are launching or developing multi-cloud strategies as they move forward in their digital transformations and face the new challenges posed by the global health crisis and its impact on business processes. Recent research from IDG has noted that cloud platforms play a key role in helping organizations respond to the crisis, providing the operational resilience and home-work tools needed.
IDG’s survey of 551 IT decision makers found that more than half now use multiple public cloud services and 21% reported using three or more cloud services.
However, operating and managing an environment supported by multiple cloud providers and services poses distinct challenges. IT and business leaders must overcome these barriers if they are to help their organizations succeed in a multi-cloud world.
Determine the right cloud service for the job at hand
Not all cloud services are equal in supporting specific applications, workloads and business processes. Organizations on multi-cloud travel should strive to determine which services are best for specific tasks.
“The first major challenge was identifying, selecting and deploying the right services in every cloud environment,” says
Samantha Liscio, CIO of the Workplace Safety and Insurance Board of Canada (CSPAAT), an agency that provides support and insurance to injured workers at work.
Since the end of 2017, the CSPAAT has abandoned its old IT infrastructure and turned to the cloud. In partnership with IT services and consulting provider Accenture, it has designed and executed a transformation program that includes cloud services, a new cloud-ready operating model and a greater focus on resilient digital services.
Today, the CSPAAT operates a multicloud environment that combines a combination of integrated public cloud offerings with its own private cloud. Cloud providers it relies on include ServiceNow, Microsoft Azure and WSIB’s private cloud hosting provider. The organization uses cloud services for a variety of applications, including employer financial reconciliation, identity management, a digital portal for employee claims information and claims processing.
“One of the difficult decisions the CSAPAT had to make was to choose the right cloud services from a broad catalog of services offered by major cloud providers and to understand how they fit into the broader hybrid cloud architecture of the CSPAAT,” says Liscio.
In developing the overall infrastructure strategy, Accenture helped the CSPAAT overcome the challenge by defining the criteria for cloud service selection and the decision-making framework for cloud deployment. The OASA then used this to make important strategic choices, Liscio says.
Assemble the parts
In many cases, multicloud environments replace existing and consistent IT infrastructures that have been in place for years. To make the transition a success and ensure that workflows are not interrupted, businesses need to make different cloud services fit together like a puzzle.
“The challenge with multicloud management lies in the ability to integrate and exploit multiple technology solutions, standards and service levels [proposed by cloud providers], from one location – what is often called a single glass shutter,” says Liscio.
The infrastructure strategy created by the WOW has defined a set of critical cloud management and operating capabilities, such as orchestration and automation, counting and billing, and predictive operations. This allowed the organization to deploy these capabilities in its operations, either directly or with the help of cloud providers.
The challenge of ensuring that the pieces fit together can be all the more discouraging for business and technology leaders because of the increasing complexity of the technological landscape and architecture, says Liscio. This makes effective planning all the more important.
Accenture helped the CSPAAT shape its multicloud architecture to modernize its existing aging technology while introducing new digital services for end-users. The organization has developed its multi-cloud strategy to ensure an optimal user experience and application availability in various cloud technologies.
One of the key components of WSIB’s multicloud strategy is a enterprise application gateway that supports multi-cloud integration. “We’ve implemented a modern, enterprise-friendly API [application programming interface] manager across the company,” says Liscio. “We needed to ‘sustain’ our environment to ensure it could meet the demands of multicloud environments and the new technologies that accompany these environments.”
Managing costs in a complex environment
One of the reasons businesses move to the cloud is to cut costs; for example, by reducing servers or eliminating on-site data centers altogether. But a multi-cloud environment can be an expensive business if not managed effectively.
WorldView, a provider of health information systems, uses the cloud services of Microsoft Azure and Amazon Web Services (AWS). This includes offerings of infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).
Cost control was vital. To better monitor both services and reduce costs, WorldView has rolled out OpsCompass’s cloud management software that provides a “dashboard” on both platforms.
“We can see both AWS and Azure with consistent measurements and can monitor costs, rigor and performance in one place,” says Marc Johnson, CIO, RSSI and Director of Compliance at WorldView. “Without OpsCompass, our FTE [full-time equivalent] costs would have doubled,” says Johnson. This includes hiring people with experience in both platforms and staff hours to manage them.
“It took a lot of discipline and codification of our standards to make that possible,” says Johnson. “We have standardized everything in order to create basic affiliations on both platforms. For the most part, we had to go back to the original lift-and-shift migration to organize and standardize all [application dependencies] as well as tag resources appropriately. The mark-up gives an organization better visibility on the consumption of resources on different platforms and better analysis. »
Keeping the environment as simple as possible was important to reduce costs. “Simplicity is paramount,” Johnson says. “The different options on each platform allow for excessive agility, but it can be costly if not managed properly.”
Enabling multi-cloud strategy and architecture to become complex over time by combining too many elements is a risk, says Johnson. “Just like on-site architecture, the more rooms there are exponentially increases the risk,” he says.
One way to simplify the cloud is to use microservices as much as possible, Johnson says, even though “sometimes we were limited by the basic main application as to what we could do with a microservice.”
Ensure data protection and privacy
Cybersecurity is difficult enough when everything is located on site. When data, applications and platforms are hosted in a number of locations, including enterprise data centers and multiple clouds, the challenge multiplies.
Variations in security controls from cloud service to cloud service can increase the risk of data breaches because an organization
The internal security model must be applied to each cloud in a different way.
“In a multi-cloud environment, how can we ensure that our overall security structure at the enterprise level is mapped to the workloads distributed in different geographic areas?” Navdeep Singh, vice president of cloud and cybersecurity at financial services technology provider Fiserv, noted at an IOC virtual roundtable in June 2020.
“At the same time, what is this consistent and reproducible way in which our associates – or anyone else, for that matter – access these environments? Singh said.
Indeed, access control is one of the biggest concerns of multi-cloud security. “The challenges common to all multi-clouds are to provide seamless access to cloud services to users based on their default credentials, to maintain the least privileged access to all clouds, and to track risk assessments and verify additional cloud services,” says Jim Reavis, CEO of the Cloud Security Alliance (CSA), an organization that provides cloud security training and best practices.
“Organizations need to maintain a knowledge and skills base on using multiple clouds as a risk management strategy, in order to better help the organization sustain itself, as market developments make different clouds more or less attractive,” says Reavis.
Businesses need a strong cloud-centric identity architecture that unites with any chosen cloud service, Reavis says. “The ability of cloud services to be compatible with open standards for identity must be a procurement requirement,” he says. “Companies need to translate their appetite for risk for any business need in the cloud into appropriate resilience requirements.”
Critical business applications need to be designed to have proper redundancy, Says Reavis says, often by orchestrating multiple workloads. “The visibility and control of cloud services across the enterprise continues to be a problem, and what we see as a market trend is an integration between cloud access security broker-type solutions that traditionally manage access to SaaS applications [and] managing the cloud workload of solutions that work on the IaaS layer.”
Keeping pace with change
Cloud providers regularly offer new services and upgrades and the market as a whole is very dynamic. IT and sales managers need to be informed of the latest changes and make the necessary adjustments.
“We’ve known for a long time that the only constant in business is change,” says Johnson. “This also applies to different cloud platforms.” Cloud service providers “are constantly adding new features, eliminating others and creating new integrations,” he says.
The way WorldView meets this challenge is to maintain a learning environment. “My team is always encouraged to look at new features, integrations and products that meet our fundamental vision and mitigate our risks,” says Johnson. “When we find something that looks promising, we bring it in a proof of concept to restrict players.”
After many tests in a production environment, “we come together as a team to analyze the situation, weaknesses, opportunities and threats,” says Johnson.
This approach allows the company to find the best way to align cloud services with the company’s demand with the least risk. “We expect changes and we’re fixing them head-on, instead of waiting for a supplier or platform to force the problem,” says Johnson.