Multi-Cloud Deployment – How to avoid common mistakes & ensure success

When we think about Multi-Cloud Deployments, many things may come to mind, such as the complexities of managing a multi-vendor architecture, or the issues associated with visibility across multiple technology stacks.

When we think about Multi-Cloud Deployments, many things may come to mind, such as the complexities of managing a multi-vendor architecture, or the issues associated with visibility across multiple technology stacks. And while these, and many other issues are important to consider, I have found that it is necessary to ensure that one has a good, basic understanding of the mechanisms and approaches that make cloud possible BEFORE we can truly understand the common mistakes to avoid and how to ensure success. To that end, let me begin with what might be a review for many, but will be a learning opportunity for some as well.  

Cloud computing is defined as the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence over the internet (“the cloud”). You normally pay only for cloud services you use, helping lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change. There are many reasons that companies may decide to move to the cloud in part, or wholly, however the most common reasons include the following:

• Cost
• Global Scale
• Performance
• Security
• Speed
• Productivity
• Reliability

According to NIST SP 800-145, The NIST Definition of Cloud Computing, the cloud model is composed of five essential characteristics, three service models, and four deployment models.

The essential characteristics are:

• On-demand self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• Measured service

The three service models are:

• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)

The four deployment models are:

• Public Cloud - The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
• Private Cloud - The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
• Hybrid Cloud - The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
• Community Cloud - The cloud infrastructure is provisioned for exclusive use by a specific  community of consumers from organizations that have shared concerns (e.g., security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

Now that we have the basics out of the way and have established a working definition of what Hybrid/Multi-Cloud is, we can turn our attention to the main issues that have to be avoided & the approaches that can ensure success. I am going to start with the seven mistakes to be avoided, as they will have the most significant negative impact on your Multi-Cloud deployment if they are not identified and addressed.

The first mistake is combining or confusing a cloud strategy with a cloud implementation plan. A cloud strategy is different from a cloud implementation plan & a cloud strategy must come first, as it is the decision phase in which business & IT leaders decide the role that cloud computing will play in the organization A cloud implementation plan comes next, putting the cloud strategy into effect.

The second mistake is equating a cloud strategy with “We’re Moving Everything to the Cloud”. Many organizations assume that having a cloud strategy implies moving everything to the cloud. This is not always the case, as some applications may not be suitable for migration to the cloud.

The third mistake is assuming it’s an IT (only) strategy. Cloud computing is not only about technology, those outside IT also have skills & knowledge critical to cloud strategy success. Business & IT leaders should avoid the mistake of devising an IT-centric strategy & then trying to “sell it” to the rest of the business.

The fourth mistake is not addressing cloud sprawl & not accounting for complexity. Cloud sprawl can lead to several issues such as increased costs, security risks, & compliance issues. Multi-cloud environments can be complex due to differences in infrastructure, services, APIs, data formats, security models, billing models, etc… Not accounting for this complexity can lead to poor decision-making, increased costs, security risks, & compliance issues.

The fifth mistake is poor visibility / lack of visibility. Lack of visibility into multi-cloud environments can lead to poor decision-making, increased costs, security risks, & compliance issues  Cross-platform tooling is a requirement that has to be considered carefully. Auditability & frameworks play a significant part as does third party risk, both of which can be made more complicated by bad decisions in the tooling arena.

The sixth mistake is not having an exit strategy. Devising an exit strategy from cloud providers is difficult, many organizations believe they do not need an exit strategy because they do not expect to bring anything back from the cloud. An exit strategy is vital to the success of an organization’s cloud strategy because it forces you to consider what to do in order to ensure business continuity and plan for disaster recovery, as well as proactively make well informed decisions that are designed to mitigate risk.

The seventh mistake is believing it’s too late to devise a cloud strategy. It is never too late to begin a cloud strategy! If organizations drive cloud adoption without a strategy, this will ultimately cause resistance from individuals who are not aligned with the strategy’s key drivers & principles, leading to negative outcomes, and missed opportunities.

Now that we have discussed the seven mistakes to be avoided, we can turn our attention to the seven approaches that can ensure success.

The first approach is to establish a Cloud Center of Excellence (CCOE) & a Cloud Architect role. The CCOE manages & governs the different stages of the cloud adoption roadmap. Delaying the formation of the CCOE is a common mistake among organizations embracing cloud, and implementations deployed without the assessment of the CCOE could result in unsecure or unreliable architectures that require redeployment. The CCOE has three main responsibilities within the organization:

• Governance – policies & tools
• Brokerage – selection of vendors
• Community – cloud knowledge

The CCOE must include a cloud architect, who is responsible for defining the cloud strategy & interacting with key stakeholders.

The second approach is to focus on managing microservices if they are being actively developed and deployed. Rapid application advancements made possible by microservices require new approaches toward management, particularly as they continue to rapidly scale. Application sprawl can hinder innovation & productivity as well as create security risks if abandoned applications are not updated appropriately.

The third approach is to deal with changes in responsibilities. The rise of the cloud in all its forms is changing virtually everything about the way IT operates. This does not mean IT management is no longer needed, in fact, with the growing complexity of multi-cloud strategies, IT’s guidance is needed more than ever.

The fourth approach is to work around the “worker shortage”. Technology professionals, including those expert in areas related to the cloud, are in short supply while demand remains high. IT leaders need to find ways to attract & retain people who understand cloud architecture, service platforms, languages, API’s, cloud security, containers, data migration, & many other aspects of the cloud.

The fifth approach is to ensure the cloud is driving actual business results. The more complex a cloud strategy gets, the more difficult it might be to determine the ROI from the various services in use, or whether there’s a return at all. Having the ability to define workloads & architect the right provider to perform specific requirements is crucial. Success with a complex cloud environment in this context is possible only by brokering service level agreements (SLAs) with cloud service providers that outline a clear set of deliverables.

The sixth approach is to address cybersecurity risks. Security management has become one of the most critical issues for companies moving to the cloud & into multi-cloud. The pandemic has brought higher complexity to the environment in terms of employee dispersion, and this change in paradigm must be addressed by approaching security from a different standpoint. Strategies may include migrating to a cloud-based secure access service edge & zero-trust service model.

The seventh approach is to focus on controlling costs. Cloud costs can quickly spin out of control, especially when departments outside central IT add to the organization’s overall cloud footprint. Moving to the cloud means that we need to manage change to reduce risk & cost, with governance as the top layer to facilitate that change. A strong governance plan should include best practices like tagging, workload management, RACI matrix, rightsizing, cost management & continuous security monitoring.

Best practices include:

• Partnering with cloud providers to get maximum value from their services
• Hiring people with cloud-related skills
• Moving toward DevSecOps methodologies for cloud-based development
• Documenting & communicating the governance program properly

By examining the seven mistakes as well as the seven approaches that can help to ensure success, we have laid out an accurate picture of the landscape that organizations have to navigate as part of their multi-cloud journey. Becoming aware of the mistakes and focusing on mitigating them through proactive planning will yield good results and ensure that your organization finds success at the end of the multi-cloud pathway. For organizations that have already mastered the steps necessary to address the mistakes, the next step is to align with the approaches that can help to ensure success, ensuring that they become part of the “go-forward” strategy to enable the organization to benefit from the hard-won victories that mistake mitigation has provided. Taken together, the combination of mistake mitigation and proactive success planning makes for scalable and reliable multi-cloud deployments that will serve the organization well over time.