New year, new terms: multicloud is here

Examining the cloud technology options for an enterprise in 2018

cloud computing gears - team strategy
Thinkstock

For countless organizations, a new calendar year means new tech challenges and potential new strategies ahead. Cloud technologies are so flexible with so many options that the best answer for a given organization may not be obvious. It takes a bit of research to analyze what these options mean to an organization, so let’s explore the cloud technology scene for 2018.

Multicloud vs. hybrid cloud

One of the most significant technology terms to emerge in 2017 was multicloud. This technology approach uses several cloud components made up of both public and private services from more than one service provider. Different than hybrid cloud, multicloud specifically uses multiple public clouds and joins them to serve one application. Hybrid is similar in that it uses different public and private cloud technologies to serve one application, but not necessarily from different vendors. Either by circumstance or by strategic planning, as companies embrace this practice, one of the principal challenges they’ll face is in the field of security, compliance, and cost rationalization of the different options. Ever more complex environments mean that greater risks are inevitable, and the beginning of a new year is an ideal opportunity for a thorough evaluation.

Multicloud cost leverage and optimization

Many firms have started using multicloud sources—using cloud services across various cloud providers instead of only one—because of cost savings. A recent study by BMC shows that 45 percent of IT decision-makers cite cost optimization as the biggest reason to adopt multicloud. Cost has emerged as a growing problem for organizations that deploy global digital businesses—thus the need for a solution that enables flexibility and does not lock them in. Enterprises using multiclouds are using the capability to model, design, benchmark and optimize cloud infrastructures. Combining an easy-to-use modeling application with a continuously updated catalog of multicloud assets is essential to quickly and accurately assessing and selecting the optimal computing storage, networking, and datacenter solutions for digital transformation to the cloud. Comprehensive, continuous price-performance benchmarking reports become table stakes in a multicloud environment where the enterprise can now arbitrage the different clouds.

The bad and good: security and compliance of multiclouds

Since the dawn of cloud services, great emphasis has been placed on rapid adoption and growth. Unfortunately, the convenience and deployment pace of commodity clouds has opened opportunities for gaps in security. This was exemplified in the last year when AWS customers endured very public security misconfiguration incidents in which data was mistakenly exposed. Accenture, Verizon, Time Warner Cable, and many other well-known organizations were among those affected. Adding more cloud services with expanding on-premises services can multiply the opportunities to miss on security, adding potential risks across the board.

It’s not all bad news; multicloud can readily improve the overall security and disaster recovery of an organization. Cloud environments can introduce security features and protections that an organization didn’t have before. Like other technology principles, better security comes down to better predictive knowledge. One of the first steps to assessing security in a multicloud environment is finding out what features exist and where within the multicloud. This information, combined with your organization’s security profile, create a composite security picture.

Beyond basic security technologies, look for elements such as:

  • Authentication
  • Reporting
  • Password policy
  • Monitoring
  • Disaster recovery

Security and governance as a multilevel practice

A strategy is susceptible to the weakest link, where something gets missed, despite the capability of the technology that is available. That gap may be human, a dark spot in reporting, missed updates, a misconfigured filesystem, or whatever loose items exist in a security plan.

A good multicloud security plan addresses risk through a living security policy that is uniformly applied and includes elements such as protection, awareness, prevention, production and preproduction practices, monitoring, incident detection, and disaster recovery in the event of a breach. Data protection and security policies must be applied at multiple levels, including virtual systems, data at rest, and data in transit, as well as data that exists at the user and application levels. These policies must be applied in every cloud, every tenant, and every datacenter, without fail.

Staging out a secure multicloud

In any security plan, identifying data is critical to strategy and policy setting. Classifying company data is an essential exercise in applying policies and technologies, monitoring, auditing, and more. Essentially, the most sensitive data, the crown jewels, get the most protection and attention.

Next, find that corporate data which exists in many locations throughout a network; in the case of multicloud, data may exist throughout various cloud and on-premise environments. Often, this data is in motion. Identify each of these points as well.

Once you have this info, it can be combined with the information gathered about your security technology capabilities, security processes, and the gaps that exist. Closing these gaps is the name of the game. During this discovery, you’ll find that there is plenty to wade through because public cloud providers use a shared responsibility security model.

Ready compliance

It may be difficult to get to all the facts, but it is a necessary process because the weight of data security falls upon the customer, especially in public cloud scenarios. This security element is one of many reasons that multicloud service customers often elect to use the advanced security benefits of compliant cloud services. Combined with hybrid cloud strategy, complying with and maintaining security standards, regulatory, and industry requirements can be much simpler.

The best of modern security technologies work to protect information in various ways. But the sum of these technologies may not produce better security if they are not implemented with good security principles, especially in a multicloud environment. It takes both great technology and great principles, and there’s simply no substitute for a solid security plan.

Vendors not equal

Every organization has special security needs, individual security capabilities, and its own security policies, so each multicloud scenario is similarly specific. Therefore, the selection of cloud service vendors is contingent on the provider’s ability to deliver on not only functional but security initiatives. SaaS, IaaS, PaaS, and all other components of a multicloud environment should be accounted for and integrated into a customer’s security needs.

To gain the most from a multicloud business strategy, a solid and secure foundation is required. Navigating the multicloud environment is a balancing act that requires an expert guide and ally on your side. As tough as that sounds, it is quite manageable with the right principles and practices in place, and especially the right partner. Be sure to engage cloud partners in the discussion, re-evaluation, and structuring of your security plans for the year ahead.

This article is published as part of the IDG Contributor Network. Want to Join?