With organizations choosing different clouds for their specific workloads, multi-cloud is the norm today. A Forrester survey last year cited that close to 62% of public cloud adopters were using more than two unique cloud environments or platforms. Another report by Gartner says that by 2020, 75% of organizations will have deployed a multi-cloud or hybrid cloud model.
While reasons such as low latency, regulatory compliance, flexibility and scalability, security have led organizations to adopt a multi-cloud or hybrid cloud model, the challenges in a multi-cloud world make it extremely difficult for organizations to achieve optimal efficiency and performance across multiple cloud environments.
An IDC report last year highlights some of the key challenges for organizations operating in a multi-cloud environment: Some of the top challenges include meeting security and compliance standards, optimizing spend, and maintaining application performance.
Similarly, a Forrester survey last year described that only 42% of the respondents could regularly optimize cloud spending, while only 37% could enforce capacity limits or expirations.
Most organizations also end up shooting their cloud IaaS budgets, while a significant majority do not optimize their cloud workloads. With lack of a proper governance framework, another significant number of organizations end up accidentally exposing their data or services.
In our view, there are some key challenges for organizations operating in a multi-cloud environment.
Visibility: As organizations start deploying multiple clouds, they are challenged by the lack of visibility across divisions or regions. Additionally, in the absence of a central console, organizations struggle to gain information or knowledge about cost, usage, security, performance, availability, and configuration in a multicloud environment.
Security: In a multi-cloud environment, enterprises find it challenging to monitor and secure all the different IT systems, as there is no single point of control to monitor security and compliance. Patching and configuration management across different systems is hence extremely challenging. Additionally, in many instances, the existing system and application-centric security controls that are prevalent for the on-premise infrastructure, do not extend to the cloud. This creates risks when information is moved to a cloud environment. Enterprises also have to plan for identity and access management, which may require a different solution for the cloud. This makes enterprises vulnerable to man-in-the-middle attacks.
Cost Management: The cloud's inherent capability of being flexible can also lead to over spending or over provisioning. Many organizations end up spinning too many server instances which never get used. Once created and used for a specific period, many of these instances are not de-provisioned even after they serve no purpose. Typically, in the absence of a central console, organizations do not know which divisions or business groups are consuming more cloud resources.
Governance: In the absence of a standard governance model, organizations will struggle to ensure budget control, compliance and security. This could financial management governance (for example, tracking cloud spend and tracking variance of budget versus actual usage etc) or infrastructure governance (tracking and eliminating infrastructure issues that do not meet required standards of compliance and security).
Pillars of a successful multi-cloud strategy
To mitigate these issues, organizations must have the ability to do the following activities in an automated manner:
Usage Reporting: A single pane of glass that shows statistics such as cloud usage and its overall impact on cost, performance, and scalability.
Performance Management: Organizations must be able to analyze asset performance metrics to help solve business challenges by visualizing and correcting underutilized resources.
Migration Assessment: Organizations must be able to assess the impact of workloads on different cloud resources by doing a side by side cost comparison.
Cloud Security and Compliance: In most recent cloud-based outages, cloud misconfiguration is the single most reason. Organizations must have the ability to improve their cloud’s security posture with real-time visibility into misconfigurations based on out-of-the box security rules and custom policies. Similarly, organizations must also be able to continuously benchmark compliance and automate reporting for frameworks and track compliance scores and open violations.
Uncovering hidden costs: Using analytics, organizations must be able to identify opportunities to reduce costs based on historical usage. They must also be able to identify ghost virtual servers or instances that are not used. Organizations must also be able to define and compare their cloud budgets according to different business units or divisions. This helps in forecasting and predicting if the cloud spend will exceed the sanctioned budget.
All the above issues can be solved by automating governance policies and increasing accountability. For example, a cloud automation tool such as CloudHealth by VMware, can quickly identify opportunities to proactively reduce spend, remediate risks, and streamline configuration. Organizations can easily maintain control over their cloud environment with custom policies and workflows that are uniquely based on how they want to run their specific organizations.
In summary, by automating policy management for standardized cloud operations, organizations can reduce the risk of security violations or overspend, and increase efficiency to dedicate more time to business growth and for driving innovation