Cloud management: What you need to know

In the emerging multicloud world, new management challenges arise. And so do new solutions, including CSPs, CMPs, and CASBs

Cloud management: What you need to know

When it comes to cloud services, many organizations are thinking in multiples—deploying several cloud offerings to meet a variety of business needs.

This multicloud strategy is true whether it’s for software-as-a-service (SaaS), platform-as-a-service (PaaS), or infrastructure-as-a-service (IaaS) offerings, and it presents several challenges as well as opportunities for organizations as they embark on digital transformations.

The benefits of a multicloud strategy

An August 2018 “state of the enterprise cloud” report by IDG Communications shows that organizations are continuing to boost their investments and evolve their cloud environments so they can use the technologies they need to meet business goals. The research, based on an online survey of 550 IT decision-makers across multiple industries, shows that nearly one third (30 percent) of the organizations have a combination hybrid cloud and multicloud environment.

The perceived benefits of deploying a multicloud strategy include increased cloud options (59 percent), easier and faster disaster recovery (40 percent), and increased flexibility by allowing the spread of workloads across multiple clouds (38 percent).

With nearly 40 percent of respondents saying their IT department feels pressure to migrate 100 percent to the cloud, and IT management at 44 percent of enterprises (those with more than 1,000 employees) feeling pressure from executive management or individual lines of business to migrate 100 percent to the cloud, the multicloud push is likely to continue in a big way.

Best practices for your multicloud strategy

Here are some suggested best practices for succeeding with a multicloud strategy.

Prepare the IT staff for increased complexity

The rise of cloud services doesn’t simplify things for IT, even though some functions are shifted to service providers. In fact, having multiple cloud services can lead to increased complexity, and many organizations might not have the internal expertise needed.

The technology and services are rapidly changing at any single cloud service provider (CSP), which makes it difficult for an organization’s IT staff to stay up to date, says Timothy Morrow, situational awareness technical manager at the CERT Division of the Software Engineering Institute at Carnegie Mellon University.

When an organization chooses to implement a multicloud environment, this significantly broadens what the IT staff needs to understand and be trained in, Morrow says. For example, PaaS and SaaS offerings are tailored for each CSP, which requires a more intimate understanding of their use. That in turn means the complexity significantly increases when multiple CSPs’ services are used.

Determine how to best connect to CSPs and port data

How an organization intends to use a CSP’s services is a significant influence on the type of connection needed to interface the organization’s assets and services to a CSP.

Because of this, the organization needs to perform due diligence in several area to help understand the connection needs, Morrow says. These include architecture and design to address the quality attributes critical to the organization’s vision, engineering with an eye for automation to help reduce IT staff burden, security policy governance, and risk management.

This needs to be done for all CSPs that are being considered for use, keeping in mind that each CSP provides differing operational and security capabilities.

As for data portability, being able to use data across different CSPs is a significant challenge. That’s especially true when providers’ PaaS and SaaS services are used, because of their vendor-specific tailoring, Morrow says.

The IT staff must understand the input and output data-formatting requirements for the services being considered, and provide the interfaces needed to use the data between CSPs, as well as with the organization’s on-premises assets.

Using containers can provide a level of portability for organizations, Morrow says, delivering a deployment and runtime environment that an organization can use to run the same applications on multiple CSPs’ PaaS implementations. The software used to run and manage containers is continuing to focus on providing consistent implementations across CSPs to help simply IT staffs’ tasks.

Deploy resource tagging

Cloud service vendors provide the ability to deploy on-demand, burst, and autoscale resources. Resource management and control, accounting, and allocation of consumption costs can be more difficult in a multicloud environment, says Brian Reynolds, a principal with Grant Thornton, an audit, tax, and advisory firm.

To simplify these necessary administrative duties, organizations can use resource tagging, composed of key-value pairs to assign metadata to resources and logically organize them in categories, Reynolds says.

Resource tagging is supported by market-leading cloud service providers. It improves an organization’s ability to implement tag-based, resource-level permissions; to quickly spin up and spin down related resources from different resource groups; and to continually monitor costs and track these costs against established subscription budgets.

Implement a cloud management platform (CMP)

The costs of managing multicloud environments include staffing costs for maintaining multicloud competencies and expertise, as well as costs of administrative control, integration, performance design, and the task of isolating and mitigating issues and defects.

Native tools can be used to manage resources provisioned through disparate cloud service providers, Reynolds says. But to reduce these costs and improve manageability, many organizations are adopting CMPs.

These software platforms include native tools offered by public cloud providers as well as third-party products designed to provide consistent functionality across multiple cloud providers.

They support functions such as provisioning and orchestration, to create, modify, and delete resources as needed; automation; security and compliance, including managing role-based access to cloud services; monitoring and logging; inventory and classification; cost management and optimization; and migration, backup, and disaster recovery.

Use systems of orchestration

As systems of record for finances, employees, customers, and other assets and operations are increasingly available as SaaS offerings deployed through disparate CSPs, organizations are finding it important to build workflow automations that bind solutions running in disparate clouds into systems of engagement, Reynolds says. These are used to improve the data collection experience.

Likewise, as multicloud architectures proliferate, organizations increasingly find the need to implement systems of orchestration to implement workflows across best-of-breed PaaS and SaaS delivered through multiple CSPs.

These systems of orchestration will be needed to support organizations that have underlying applications built on best-of-breed CSP offerings, Reynolds says. They are likely the key to value creation, he says, based on insights and services that can only be delivered through the integration of systems of record running within a multicloud architecture.

Take the necessary security and compliance precautions

When companies use multiple cloud services, the provisioning of IT resources and underlying engineering moves out of the controlled environment of the data center and away from established governance practices.

That can raise some cybersecurity concerns, including the unsanctioned use of multiple, disparate cloud offerings. There are increased risks that data will be exposed or cybersecurity protocols will be overlooked or bypassed.

To help address this challenge, companies can deploy tools such as cloud access security brokers (CASBs) to gain visibility into the access and use of multicloud services, Reynolds says. They can assess the security posture of disparate cloud providers, and control the use and exposure of sensitive data.

Regulatory compliance is another key concern. It’s important to make sure each of the various cloud services and workflows is compliant with regulations and meet requirements after migration, says Bill Connor, enterprise infrastructure architect at Forest County Potawatomi, a business development organization for the Potawatomi native American tribe.

IT needs to identify the people in the organization who are responsible for regulatory compliance, and involve them early in the process of cloud planning deployment. Maintaining compliance is a continuous process, Connor says, so IT should select team members to evaluate and manage risks on an ongoing basis.

Take advantage of vendor offerings to better manage services

One of the main challenges organizations face in selecting cloud services for multicloud environments is keeping up to date with all the emerging options, Connor says.

Cloud services have drastically changed the enterprise and enabled organizations to do more than ever before, Connor notes, but it’s a challenge to establish a roadmap of which applications are best suited for migration and to which service. On top of that, migrating services from on premise to the cloud can be challenging to manage, especially while maintaining legacy applications.

Organizations should look to implement solutions that will help them address the challenges of selection, migration, and cost of cloud services, Connor says. For examples, vendors such as Nutanix provide tools such as analytics and life cycle management to help simplify and better manage IT environments and optimize costs.

Avoid runtime dependencies and address cognitive complexity

A common challenge with using multiple cloud services is cascading failure, says Max Edmands, engineering manager for assortment at online grocery and meal-kit delivery service provider Good Eggs.

If a system has a runtime dependency on a SaaS system and the SaaS system fails, the original system now has to deal with that failure somehow. If things aren't architected right, that system might also fail and cause a cascade to yet other systems. At Good Eggs, this could translate to the inability for customers to shop or an interruption in order fulfillment.

The company can mitigate this by avoiding runtime dependencies when it can. A completely self-contained system is also invulnerable to cascading failure. This can be achieved caching data and propagating updates with some kind of event bus, Edmands says.

Another challenge is cognitive complexity. Every time Good Eggs brings on a third-party provider to meet a business need, it must learn about how that new provider works.

For example, it recently onboarded a new master data management system, Riversand, to provide an authoritative data source for the products it sells. It had to carefully configure that system, to make sure it worked properly with its specific business needs. To configure the system, the company had to understand it well enough, Edmands says.

Leverage application programming interfaces (APIs)

Integration is vital when companies are trying to knit multiple cloud offerings into a cohesive infrastructure, and APIs play an important role.

Organizations need to put the right APIs in place so that systems can work together to create a seamless user experience, with no lags or delays in service, says Glenn Pinnel, CIO at paint products company Benjamin Moore.

For example, the company is rolling out an e-commerce national account program that will let customers order paint more efficiently. To make it all work, it has an enterprise resource planning (ERP) platform operating on the back end, an e-commerce platform on the front end, several other cloud-based applications for running the main website, and yet other applications that calculate pricing and taxes.

All the infrastructure and applications come together through APIs to make the offering work with no lags or delays in service, Pinnel says. Trying to manage this on a single cloud would be much harder and might hinder user experience, he says.

Copyright © 2019 IDG Communications, Inc.