multicloud, strategy, cloud

Cloud service providers offer highly specialized services, requiring enterprises to onboard two or more partners to access innovation, proprietary technical capabilities and best-fit solutions. Today, eight in ten enterprises have a multicloud setup – either using two or more cloud providers, or a mix of public or private clouds. Still, most multicloud estates are accidental, arising out of siloed cloud decisions, shadow IT, or mergers and acquisitions of other businesses having different clouds. 

This strategic lack of planning can outweigh the benefits of agility and capability. It could lead to complexities due to interoperability issues, cost overruns, regulatory non-compliance and security lapses from misconfigured policies.  

A multicloud strategy requires ‘trade-offs’ to avoid these common pitfalls. For instance, ensuring interoperability between different cloud platforms requires deciding between cloud-agnostic (containers) or cloud-native deployments. While the former builds interoperability, it may not be able to leverage the full breadth of innovative services that cloud-native deployments can. On the other hand, cloud-native deployments are higher performing and auto-scalable compared to cloud-agnostic ones that require additional infrastructure, talent and tooling to manage performance. Multicloud strategies depend on such strategic decisions that must factor in the type of support, flexibility, compliance and innovation needs of the business.  

A governance framework can inform such decisions at every layer of cloud provisioning, and it would include mechanisms to align cloud deployment with business needs, control access and embed security policies as code, foster a cost-conscious culture and make operational hygiene a shared responsibility. This significantly reduces cybersecurity risks in multicloud setups while addressing technical complexities with standardization, containerization and cloud management capability building through internal skilling or external partnerships. 

Here’s a three-pronged approach to guide enterprises in their cloud governance strategy: 

  • Implement landing zones: Cloud service providers have varying security and compliance policies. It is crucial to ensure applications and data adhere to standard organizational protocols across cloud platforms. However, too many policies can become bottlenecks for innovation and speed. To balance controls with agility, enterprises can set up landing zones or preconfigured cloud environments that help calibrate cloud-hosted workloads with organizational security and compliance policies, such as identity and access management, network segmentation, data encryption and logging and monitoring. Landing zones are cloud-agnostic, templatized environments that enforce minimal viable security guardrails and compliance checks for a consistent, secure and compliant under-the-hood infrastructure. As a policy execution filter across cloud deployments, landing zones also build observability and visibility, allowing business units to tag billing alerts with resource usage and be accountable for operational costs. For enterprises leveraging public and private clouds in conjunction, landing zones provide visibility into fixed costs (capex) and moving costs (opex) to support financial planning and decision-making.  

For instance, we implemented this approach by creating landing zones for a global provider of claims management. Persistent helped the organization transition to a multicloud environment that reduced operational costs by 35% and enhanced security management through improved threat intelligence, monitoring and risk prevention. 

  • Democratize governance: With multiple teams using different clouds to develop and run applications, enterprises need a core team of experts who bring cloud best practices and domain knowledge to define the multicloud approach. Akin to a center of excellence, this team comprises advisors and experts in cybersecurity, cloud management, business use cases and risk control to define usage and security policies, a responsibility matrix and vendor management. These experts inform business unit leaders and developers on cloud security practices and help enforce training and upskilling across the organization to democratize cloud hygiene. They standardize processes and workloads hosted on different cloud service providers, and bring stakeholder visibility into cloud resource utilization, set in processes that achieve economies of scale and align cloud usage with high-level business goals. With a curated talent that caters to the unique needs of different cloud environments, the cloud center of excellence can offer strategic guidance to developers on managing multiple cloud environments efficiently, giving executive leaders confidence in their multicloud estate. 
  • Orchestrate compliance management: In multicloud setups, enterprises incur compliance overburden due to data dispersion from cloud providers’ presence across jurisdictions. A slew of cross-border data movement and sharing regulations comes with high penalties for non-compliance. Organizations failing to comply with data protection laws, particularly those like the GDPR and new state-level regulations in the US, face the risk of hefty fines, potentially reaching €20 million or 4% of global annual revenue, whichever is higher.  While cloud service providers have different tooling and protocols to ensure compliance, enterprises must set up a top-down governance-risk-compliance function (GRC) to ensure their cloud applications and data are compliant and do not breach an organization’s risk-tolerance levels. Enterprises can either depend on the cloud core team for guidance or set up a dedicated GRC function to proactively assess risk exposure, scout for vulnerabilities, or embed regulatory controls within common data lakes where the enterprise teams parse data for proprietary and protected information before it is shipped to the cloud to build uniformity across environments. This team will help orchestrate governance controls across cloud setups, ensuring cloud applications and data operate within applicable legal boundaries. 

We assisted a UK sports and betting company with compliance as it expanded into U.S. markets for its 14 million monthly players. As part of the transition, the company adopted a cloud-native data platform. To support this shift, we helped build automated data pipelines to improve data quality and support compliance reporting, contributing to its efforts in promoting responsible gaming.  

Getting Multicloud Right  

Since hyperscalers have different policies, protocols, technology stacks and tools that may not integrate while hosting applications and data on multiple cloud platforms, it becomes paramount for enterprises to create a cohesive layer that calibrates the different policies and protocols within a uniform policy structure. Executing and orchestrating these top-level controls across cloud environments requires the right expertise, tooling strategy and policy automation. A trusted cloud transformation partner can help navigate this complexity — bringing the skills to consolidate cloud sprawl into a business-first multicloud strategy. This includes guidance on the right tooling strategy, access to native security and operational features and embedding best practices that turn the cloud into a business enabler.  

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

SHARE THIS STORY

RELATED STORIES:

Ramping Up Multicloud Visibility with Cisco Multicloud Defense

Announcements from Cisco Live | Gestalt IT Rundown: June 7, 2023

Cloud Security Has a Problem, and Thankfully, a Solution

Take Charge of your Multicloud Environment with NetApp: A Cloud Field Day Extra