7 best practices for managing a multi-cloud environment

Multi-cloud strategies and hybrid IT environments bring a set of challenges that technology leaders might not have expected.

A network of clouds with binary code.

For many companies today it’s no longer a question of whether to move some data and workloads to the cloud. It’s a matter of how extensively to migrate the IT infrastructure to cloud services, and how many cloud providers are needed to achieve the organization’s goals.

Today, it’s common for enterprises to be using software-as-a-service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS) and other cloud-based offerings, in many cases from a variety of providers.

The multi-cloud strategy and the shift to hybrid IT environments are becoming more commonplace, and they bring a set of challenges that technology leaders might or might not have expected.

Research firm IDC, in an August 2019 report, noted that different clouds might offer unique capabilities and pricing options; development and line-of-business decision-makers might have strong preferences for one cloud vs. another; and regulatory compliance considerations, geolocation concerns; and resiliency, performance and latency constraints might all dictate that an enterprise rely on more than one cloud.

As a result of these factors, most enterprises are adopting multi-cloud architectures that blend infrastructure and advanced services from one or more public clouds, and in many cases on-premises private clouds as well, IDC says.

The firm surveyed 296 U.S.-based enterprise IT decision-makers earlier this year, and found a large majority (93 percent) reported that their organization is currently using more than one infrastructure cloud. “Multi-cloud architectures are the new enterprise normal,” IDC notes.

The multi-cloud users said optimizing cost, maintaining performance, and ensuring interoperability across clouds are critical to keeping the business competitive. The most common pattern, cited by 81 percent of the respondents, is to use two or more public IaaS clouds plus one or more private/dedicated clouds.

Regardless of the mix of cloud services, companies need to ensure that things don’t regress into chaos. Here are seven best practices for managing the growing complexity of multi-cloud environments.

1. Establish a strong team and governance program

A major move into the cloud represents a dramatic shift for companies, and with so much on the line for their business and IT operations, a top-notch team should be put in place to handle all aspects of cloud management.

Among the key members of the team should be an executive leader who oversees all cloud-related activities and is accountable for the success of the cloud strategy. Other members include executive sponsors who lend support and funding; cloud architects, cloud engineers, system administrators, a cloud security manager and a compliance/privacy expert.

Members of the team need to work closely, with all of the cloud providers to ensure they are aware of the company’s needs and changes in requirements related to applications, storage, security and other aspects of IT. In fact, at least one individual should be accountable for ongoing collaboration with cloud providers to make sure needs are being addressed.

Strong governance is needed because of the potential for issues such as cost overuns, security breaches, privacy and compliance issues, and other risks. In addition to adhering to the service contracts signed with service providers, companies need to establish metrics that will ensure cloud-related costs are not getting out of control and that the right access and other security mechanisms are in place.

2. Invest in the right cloud management tools

Given the rapid growth of cloud services and the propensity for organizations to use a number of different clouds, it’s not surprising that a market has emerged for cloud management tools. Organizations can take advantage of some of the latest technologies, such as artificial intelligence (AI) and machine learning, to better manage how they use and maintain services.

The IDC survey notes that over the next two years, enterprise decision-makers are expected to prioritize analytics (67 percent), performance monitoring and reporting (65 percent), capacity optimization (60 percent), cost management (53 percent) and automation and self-service (51 percent) when it comes to investing in new capabilities for multi-cloud management and governance.

These management tools are deeply interconnected, the report says, and the effective use of automation and self-service requires advanced analytics to match user requests with approved profiles for resource cost, performance, security and geography.

The research shows that most enterprises expect they will need new multi-cloud management tools to keep up with their emerging business and infrastructure operations demands. Among the users of these tools will be traditional IT operations teams, DevOps teams, emerging cloud centers of excellence and site reliability engineers.

IDC recommends that organizations consider a number of factors when they evaluate multi-cloud management products and services, including how long it will take to realize value from the tools; the level of analytics provided; consistent visibility and governance across on-premises and public clouds; and support for emerging container- and microservices-based applications.

Many organizations are looking to SaaS-enabled offerings and a combination of SaaS and on-premises management tools to address the full range of requirements. Strategies that balance on-premises and SaaS-based multi-cloud management products and services allow enterprises to create a management environment that best matches their business goals, compliance requirements and budget preferences, IDC said.

3. Acquire the right skills

Some of the most in-demand job roles in IT these days are related to the cloud. These include cloud engineers, cloud architects, cloud security specialists and others.

Aside from having the best tools in place, organizations need to acquire the skills needed to manage and maintain increasingly complex cloud environments. People who have extensive experience working with the cloud will likely be in high demand.

As IDC notes in its report, IT decision-makers who are working to deploy and maintain diverse infrastructures and modern applications across multi-cloud environments said operational requirements and changing roles often create management and governance challenges related to the lack of appropriate IT skills.

Most enterprises are struggling to balance their competing goals of optimizing multi-cloud management processes and skills (cited by 55 percent of the respondents), and ensuring the availability of adequate IT talent (52 percent).

4. Take a full inventory of enterprise applications

Prior to deploying a multi-cloud strategy, organizations should conduct a thorough assessment of their existing applications to get a sense of what, if any, applications need to stay on premises — either because of the critical nature of those applications or because they’re not available from a reliable cloud provider.

The assessment should include taking inventory of the enterprise application portfolio, evaluating the application technology stack and how the applications fit into the overall goals of the organization, and the business value the applications bring.

Perhaps the assessment will show that some applications are no longer needed and can be eliminated, while others are well suited for the SaaS model through a public cloud service.

5. Emphasize collaboration

Because the cloud affects so many facets of an organization, IT can’t try to dictate and control all cloud-related activities. There needs to be collaboration among different factions to ensure a successful migration and ongoing use of cloud services.

As multi-cloud environments become the norm, IDC said, most IT management teams are finding that traditional manual or ad hoc approaches cannot adequately coordinate the configuration, provisioning, and day-to-day management of multi-cloud infrastructure and applications.

IT not only is expected to purchase and maintain on-premises data center resources, but also needs to collaborate with business and developer teams that might have different expectations regarding the consumption of cloud resources.

The complexity and pace of change of these environments require more sophisticated and collaborative policy-based management and governance to optimize the cost and performance of applications across various cloud services, IDC said. IT and business decision-makers have to collaborate throughout the lifecycle of the applications to make sure performance, costs, configuration and other requirements are all in sync.

One of the best ways to achieve collaboration is to create a multi-cloud management center of excellence (COE). COEs are designed to help organizations achieve success through the sharing of experiences and best practices. Such an organization can help companies gain consistency and reliability in how they manage their complex cloud environments.

6. Adapt existing cybersecurity programs 

Companies have been investing in a host of cybersecurity tools and services for years, with the goal of protecting information resources from a host of threats. But many of these efforts were likely aimed at defending on-premises systems and might not account for risks and vulnerabilities related to the cloud.

While public cloud service providers are responsible for protecting their own networks, servers, storage systems and other components, that doesn’t mean customers are off the hook for ensuring that they have their own security mechanisms in place.

For example, what access controls are in place to make sure only authorized users can access certain SaaS-based applications? Is the company using technologies such as multi-factor authentication and data encryption? The cloud inherently introduces several challenges related to security, data privacy and access control.

A consequence of adopting cloud services is the introduction of far more points of entry into the enterprise, which means much more vigilant security is needed. This includes not only the possible addition of more tools, but comprehensive training and education about how users can work securely within an environment that includes multiple clouds.

The Cloud Security Alliance (CSA), an organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, in August 2019 identified the top threats to cloud computing.

These include data breaches; misconfiguration and inadequate change control; lack of cloud security architecture and strategy; insufficient identity, credential, access and key management; account hijacking; insider threats; insecure interfaces and application programming interfaces; weak control plane; metastructure and applistructure failures; limited cloud usage visibility; and abuse and nefarious use of cloud services.

That’s a varied and daunting list, and it shows why organizations need to make cybersecurity a high priority of their multi-cloud strategy.

7. Become expert at cloud vendor management

Relying on multiple cloud services and service providers can become perilous if these resources are not managed effectively and continuously.

Just as many companies have been plagued with server and virtual machine sprawl, they now run the risk of cloud sprawl -- an uncontrolled proliferation of cloud instances, services, or providers that generally happens when an enterprise lacks control over its cloud computing resources.

Selecting which cloud provider is best for a particular type of service can also be a challenge and requires deep knowledge of the cloud market and the latest offerings of the providers. Things change rapidly within this market, with vendors adding, dropping, and changing services.

Another consideration is whether particular services are limited by geography. It’s possible that not every service is available in all regions covered by a provider.

Avoid cloud vendor lock-in will require using services across multiple clouds and having resources to connect these clouds, as well as translate terminology and services across the different vendors.