For a growing number of enterprises, a migration to the cloud is not a simple matter of deploying an application or two onto Amazon Web Services, Microsoft Azure, or some other hosted service. It’s a multi-cloud strategy that’s a key part of a digital transformation initiative aimed at modernizing business processes.
Deploying a multi-cloud strategy can lead to substantial benefits.
Using multiple cloud computing services such as infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) in a single heterogeneous architecture offers the ability to reduce dependence on any single vendor, says Brian Reynolds, principal with audit and advisory firm Grant Thornton.
It can also improve disaster recovery and data-loss resilience, make it easier to exploit pricing programs and consumption/loyalty promotions, help companies comply with data sovereignty and geopolitical barriers, and enable organizations to deliver the best available infrastructure, platform, and software services, Reynolds says.
“Cost optimization is a huge benefit,” says Glenn Pinnel, CIO at paint producer Benjamin Moore & Co., which moved to a cloud-first strategy several years ago and has never looked back. “It’s not so much that you are spending less by going multi-cloud, but rather you are managing risk far better.”
Having multiple clouds “makes you more flexible and agile, allows for the adoption of best-of-breed technologies, and provides far better disaster recovery,” Pinnel says. “By not being ‘locked in’ to one vendor, we have the flexibility to run certain applications in a private environment, and others in a public environment, while keeping everything connected. Our cloud service providers have the right skill sets to make this all happen so that we don’t have to maintain this expertise in house.”
Like any other major IT initiative, ensuring an effective multi-cloud strategy involves having the right people and tools in place, and taking the necessary steps to keep the effort aligned with business goals. Here are some best practices around this rising trend, according to IT executives and industry experts.
Perform due diligence
A multi-cloud deployment adds complexities that require organizations to develop a deep understanding of the services they’re buying and to perform due diligence before plunging ahead, says Donald Faatz, security solutions engineer in the CERT Division of the Software Engineering Institute at Carnegie Mellon University.
Due diligence includes planning. “Use a cloud adoption framework to provide a governing process for identifying applications, selecting cloud providers, and managing the ongoing operational tasks associated with public cloud services,” Faatz says. “Educate all staff on the cloud adoption framework and the details of using selected CSPs’ [cloud service providers] architecture, services, and tools available to assist in the deployment.”
Moving to a multi-cloud environment might present risks that were not present in current applications and systems, Faatz says. “Check for new risks and identify any new security controls needed to mitigate these risks,” he says. “Use CSP-provided tools to check for proper and secure usage of services.”
A company’s infrastructure should be treated as source code, Faatz says, and change control procedures should be enforced. Procedures will need to address differences in CSPs’ implementations.
Decommissioning of services is also part of due diligence. “The most important part of any application or system to the organization is the data stored and processed within,” Faatz says. “Therefore, it is critical to understand how the data can be extracted from one CSP and moved to another.”
Rethink your IT organization
Enterprises need to separate cloud engineering into its own organization so that it can be fully focused on its mission of expanding and securing workloads in the cloud, says Grant Bourzikas, CISO and vice president of Labs Operations at security company McAfee.
“Growth in public cloud [use] requires new skill sets that may not exist in traditional IT departments, roles like cloud architects, automation engineers and product managers,” Bourzikas says. Companies will need to hire, train, or certify people with these skill sets, and think about how their cloud organization aligns with the business. “For example, do you create a bi-modal structure to separate the cloud organization from traditional, core IT services?” he says.
Like many medium-to-large companies today, McAfee has a hybrid cloud environment, including two public clouds and its own private cloud. It uses the public cloud for both external customer-facing and internal needs, Bourzikas says, and leverages IaaS and PaaS services from its cloud providers. The private cloud is also used for internal and external customer-facing applications.
“We’ve classified our portfolio of applications into disposition categories as part of a global data center consolidation strategy,” Bourzikas says. “Determining which applications will be moved to the public cloud — IaaS, PaaS, SaaS — and which will be moved to our private cloud [is] based on variables like transformation opportunity. Can it be rearchitected to leverage microservices in the public cloud? Is it a pure lift and shift?” Costs and application characteristics are others factors, he says.
Take a full inventory of enterprise applications
Before deploying a multiple cloud strategy, it might be a good idea to perform an assessment of existing applications.
“As a practice, I always recommend first taking a fresh inventory of the application portfolio, assessing the individual application technology stack, how the applications fit into the overall application ecosystem, [and] most importantly the business value these applications bring to the enterprise,” says Thomas Martin, former executive vice president of application transformation at GE, who led the company’s multi-cloud efforts, and is now a consultant.
“This information provides critical insights into how to proceed through the enterprise transformation effort,” Martin says. The first step should be to determine which applications can be eliminated. The next step is to determine which applications have a SaaS-based offering in the market, and to determine whether one of these offerings is a good fit.
The remaining applications become core candidates for public cloud migration, Martin says. “How these applications are migrated should be dependent upon the value that they bring to the enterprise,” he says.
Applications that have only 12 to 18 months remaining in their value lifecycle are solid candidates for re-hosting, Martin says. Those that are deemed to have a longer value lifecycle, are considered to be differentiating, or are driving disruptive market differentiation, should be refactored or re-written to take advantage of modern cloud technologies, he says.
Make integration a priority
When relying on multiple cloud services to deliver business applications to customers and internal users, having strong integration between services is vital.
“Put the right APIs [applications programming interfaces] in place so that systems can work together to create a seamless user experience, with no lags or delays in service,” Pinnel says. “Many of our applications now live across various clouds, both private and public, and we’ll soon be migrating most of our IT infrastructure to the Virtustream Enterprise Cloud, which already hosts our SAP applications,” he says.
Benjamin Moore is rolling out a national account program that will allow customers to order paint in a far more efficient way. To make it all work, the company uses a cloud service for back-end processing, another for the front-end application and still other clouds that are involved in running the website and other related applications.
“All of our infrastructure and apps come together to make this B2B solution work seamlessly,” Pinnel says. “Trying to manage this on a single cloud would be much harder. By going multi-cloud, we can choose the best infrastructures for various applications, depending on where it makes the most sense.”