One-cloud-fits-all may work for a small few, but most organizations are leveraging multiple clouds already.
Now that we seem to have moved beyond the “do or don’t” phase of enterprise cloud adoption, the question that is frequently asked is “What’s next?” I’ve seen several articles recently about how multi-cloud is the next big thing, or the next step in cloud for 2018.
In my experience, most organizations have been multi-cloud for years already. According to a study by 451 Research on behalf of Microsoft, only 21% of organizations were using a single cloud to operate as of 2016. That is a significant majority, and you can imagine that this number has only gotten smaller in the time since this study.
How did we get here?
I wish I could tell you that everyone out there is happily executing a well-crafted multi-cloud strategy, but the truth is that quite often it has happened due to pressure from business units, as well as vendors.
A 2015 study from Cisco showed that businesses were using 15-22 times more cloud services than their IT Departments were aware of. The rise, and subsequent crackdown, of shadow IT that has happened in the last few years, and dealing with the cloud sprawl it entails, has forcefully expanded the cloud service portfolios of many organizations.
The rise of pure-play cloud platforms like Salesforce, ServiceNow, and Workday, the first enterprise cloud platforms to reach $1 billion yearly revenue, has enticed lines of business like sales, marketing, customer service, and HR to move their supporting services to the cloud.
Historically on-prem focused vendors have also been pushing customers toward their cloud services. Microsoft, for example, has been trying to guide customers toward Office 365 for years. Last year they announced they would begin to remove Skype for Business and OneDrive for non-365 users in 2020. Oracle has also made a strong push to the cloud, introducing features in their SaaS/PaaS products to entice customers to move their workloads from on-prem to Oracle cloud.
Productivity tools used by IT, as well as other lines of business, have also made a home in the cloud. Cloud-based storage services (i.e. Box, Dropbox, OneDrive) and collaboration tools (i.e. WebEx, GoToMeeting, Slack) have found a home in enterprises for years.
Some consider multi-cloud to apply only to IaaS cloud services, but I think this is incredibly short-sighted. SaaS and PaaS cloud apps will likely make up much of your architecture going forward, serving common, “undifferentiated” functions like HR, customer service management, and workforce productivity. These cloud tools may not be serving your core, customer-centric business, and they may or may not have been part of your strategic plan, but if they enable your business processes, house your data, and have become integral to getting work done, you’re already living multi-cloud.
So, we are multi-cloud already, but we’re struggling. What do we do?
If you’ve found yourself unprepared for the barrage of cloud services being introduced in your organization, the first thing you’re going to need to do is to change your approach to engaging with the business, as well as engaging with vendors. Focus on becoming a secure enabler of services. Line of business leaders don’t typically set out to bypass IT, they do it because they are under pressure to get things done. You need to be their partner and help them get there, not be the famous CI-”no.”
Engage with information security, legal, risk, and procurement to overhaul your processes for onboarding vendors. This is one of the biggest bottlenecks I have seen regarding the handling of cloud services. Businesses have 20+ years of processes built around the handling of bringing on new technology solutions, and cloud typically turns these on their head, from funding and purchasing to the increasing attack surface for information security.
Develop a true multi-cloud strategy, or amend your existing cloud strategy, focused on being an enabler. Acquire tools that enable secure authentication and authorization (AuthN and AuthZ) to services, as well as modern, agile integration tools. Most top-tier cloud solutions support common frameworks for these basic functions, and the integrations can often be done in hours, as opposed to days, weeks, or months, with the right tools in place.
Develop a MoSCoW method (must have, should have, could have, will not have) inspired list of requirements for cloud services. For instance, if you are taking payments, PCI compliance would be a must have. This provides transparency, in a way that is easily understood by those that don’t speak tech. Transparency builds trust, which is key to getting business leaders on board with your initiatives.
How do you operate all these disparate systems? There are many different options, but I’ve found that having DevOps teams that handle each solution from end-to-end is extremely effective. Automate as much as possible, building in security measures along the way (DevSecOps) to reduce the amount of post-inspection and rework required to operate securely and efficiently.
How do we keep from getting back here in the future?
The key to reigning in cloud sprawl and preventing this type of event from happening in the future, is to be prepared. You may or may not already be looking at functions as a service (FaaS) solutions, but these will need to be catered for going forward. Look at other technologies that are on the way – IoT, edge computing, AI/ML, among others – and work with the players internally who will need to be involved to have a plan in place when the inevitable happens and the business begins to look at how these things can help affect your bottom line. Better yet, use your seat at the table and bring these solutions to them, showing them the possibilities and how they can benefit. By moving from reactive to proactive, you can truly become the strategic partner that the business needs.