The dramatic shift to cloud services over the past few years has given organizations unprecedented flexibility and scalability, enabling them to forge ahead with digital transformation efforts. For many, it has also led to intermingled, complex strategies that threaten to take away some of the luster of the cloud.\n\nEnterprises don\u2019t typically deploy one cloud service and call it a day. They rely on multiple offerings from various vendors for everything from procuring key business applications to creating new development environments to running their entire IT infrastructure.\n\nThe multiple\/hybrid cloud strategy can result in complexities and challenges that many IT and business leaders didn\u2019t see coming. And this can be made all the more difficult when various business departments and groups use the cloud without central IT\u2019s approval or knowledge.\n\nHere are some of the ways managing cloud environments is becoming more complex and challenging, and what organizations can do to succeed amidst these difficulties.\n\nControlling costs\n\nCloud costs can quickly spin out of control, especially when departments outside central IT add to the organization\u2019s overall cloud footprint. But because one of the main attractions of the cloud is the possibility of cost reduction, letting a multicloud strategy lead to runaway costs is especially unappealing for organizations.\n\nOne possible solution is to create a cloud governance program.\n\n\u201cGovernance is not a fixed process or tool,\u201d says Antonio Vazquez, CIO at business process automation platform provider Bizagi. \u201cGovernance programs can be structured and managed in many different ways, and they are critical to a successful cloud strategy. Moving to the cloud means that we need to manage change to reduce risk and cost, with governance as the top layer to facilitate that change.\u201d\n\nIt\u2019s a good idea to start small and then expand the governance plan, Vazquez says. Other best practices include partnering with cloud providers to get maximum value from their services, hiring people with cloud-related skills, moving toward DevSecOps methodologies for cloud-based development, and documenting and communicating the governance program properly.\n\n\u201cThis change in paradigm makes it very complex to navigate, and the only tool that we have is governance,\u201d Vazquez says. \u201cA strong governance plan that includes best practices like tagging, workload management, RACI [responsible, accountable, consulted, and informed] matrix, rightsizing, cost management, security monitoring, etc., will provide the necessary tools to steer the boat and navigate complex cloud management.\u201d\n\nFragmented investments in cloud services without a clear enterprise strategy can turn into long-term cost and management challenges, says Sumit Johar, CIO at automation software provider Automation Anywhere. \u201cOn the business applications side, organizations are facing an explosion of SaaS [software-as-a-service] applications,\u201d he says. \u201cA decade ago, an organization may have used from 20 to as many as 50 apps. But now the average is 250-plus apps.\u201d\n\nSince subscription-based cloud applications don\u2019t need any IT infrastructure, a line of business such as human resources or marketing can buy their own, Johar says. \u201cCIOs must ensure that procurement of these applications goes through an IT-led vendor risk assessment process,\u201d he says. \u201cGoverning apps within an organization is becoming a greater challenge, and CIOs must put policies in place for business-led applications.\u201d\n\nAddressing cybersecurity risks\n\nAddressing security issues in the cloud has been a concern for IT leaders for some time. But as cloud environments become more complex, the challenge of protecting data and applications in the cloud is even greater.\n\n\u201cSecurity management has become one of the most critical issues for companies moving to the cloud,\u201d Vazquez says. \u201cOn top of that, the pandemic has brought higher complexity to the environment in terms of employee dispersion.\u201d\n\nAs a result, Bizagi has moved from a working model in which all employees were accessing on-premises systems from the office using a corporate network, to a model in which employees can work remotely, using any device, and access cloud resources.\n\n\u201cThis change in paradigm has to be addressed by approaching security from a different standpoint,\u201d Vazquez says. \u201cIn our case, the strategy is migrating to a cloud-based secure access service edge and zero-trust service model.\u201d\n\nAlthough Bizagi still has some legacy systems running on-premises or in a private cloud, the strategy has been to move most of its services to the public cloud, for applications including CRM, billing, project management, and ERP. It also uses the cloud for web platforms such as ecommerce and for its own low-code automation platform. \n\nPitney Bowes, a provider of mailing and shipping equipment, conducts continuous monitoring of its cloud configurations for security issues created by misconfiguration or policy violations, says James Fairweather, executive vice president and chief innovation officer.\n\n\u201cWe implement this scanning across the entirety of our cloud footprint, and link the output into our centralized security incident and event management system,\u201d Fairweather says.\n\nOne of the mechanisms the company uses to ensure security of products and services is a common security scorecard approach that each team maintains, and that a senior team reviews with the application development team on a quarterly basis.\n\n\u201cThe use of a numerous automated scanning tools, a common \u2014 and automated \u2014 scorecard to show results, and imparting accountability to teams to own the outcomes and be part of a quarterly review of their scorecard all have led to a significant improvement in our security posture over the last several years,\u201d Fairweather says.\n\nWorking around the worker shortage\n\nLots of organizations are continuing to deal with the \u201cGreat Resignation.\u201d But in the case of IT jobs, often there is no one to resign because positions remain unfilled in the first place. Technology professionals, including those expert in areas related to the cloud, are in short supply while demand remains high.\n\nNevertheless, IT leaders need to find ways to attract and retain people who understand cloud architecture, service platforms, languages, application programming interfaces (APIs), cloud security, containers, data migration, and many other aspects of the cloud.\n\n\u201cManaging cloud environments is different than managing on-premises environments, and requires a diverse skill set,\u201d Johar says. \u201cCIOs must build a team with unique skills in addition to continuing to upskill and reskill IT teams to work in cloud environments.\u201d\n\nDealing with changes in responsibilities\n\nThe rise of the cloud in all its forms is changing virtually everything about the way IT operates, including the responsibilities of the CIO. If technology leaders and their teams stick to the traditional ways of doing things before the cloud became prominent, they might be heading for failure.\n\nThis doesn\u2019t mean IT management is no longer needed. In fact, with the growing complexity of multicloud strategies, IT\u2019s guidance is needed more than ever.\n\n\u201cThe CIO\u2019s role is changing from \u2018build and control\u2019 to \u2018guide and inspire,\u2019\u201d Johar says. \u201cOur new role requires us to allow citizen developers from business teams to share some of the traditional IT work with proper oversight from our IT team.\u201d\n\nAutomation Anywhere is a \u201ccloud-first\u201d company Johar says, and many of its customers are embracing the cloud version of its automation platform. \u201cTherefore, it\u2019s important to me that we also fully embrace cloud internally within our global organization, and tap into its benefits,\u201d he says.\n\nMost of the organization, including IT infrastructure, network services, and nearly all of its business functions across the company use SaaS applications as well as cloud infrastructure. As CIO, Johar has an opportunity to help enable these services and tame the complexity through strong leadership.\n\nManaging microservices\n\nAs microservices expand with the increase in cloud services, the complexity of managing them also increases, says Emily Lewis-Pinnell, who leads the cloud practice at consulting and IT services firm NTT Data Services. Rapid application advancements made possible by microservices require new approaches toward management, particularly as they continue to rapidly scale, she says.\n\nApplication sprawl can hinder innovation and productivity as well as create security risks if abandoned applications are not updated appropriately, Lewis-Pinnell says. \u201cBusinesses need to have a balance between adopting new technology and retiring the old, as well as strong management and organization, or their application footprint can quickly grow to be unmanageable,\u201d she says.\n\nNTT Data recently worked on microservices with online store builder Volusion. \u201cWe applied infrastructure-as-code [IaC] to two of the microservices in Volusion\u2019s ecommerce platform,\u201d Lewis-Pinnell says. \u201cIaC ensures that the same environment is reliably provisioned every time throughout the software development cycle, including test and production, allowing rapid deployment at scale with less risk.\u201d\n\nThe microservices are orchestrated in four Kubernetes clusters. The open-source IaC tool gave Volusion the ability to define those clusters, Lewis-Pinnell says. \u201cVolusion can now deploy Kubernetes clusters with a simplified, automated workflow, [ensuring] that each environment is built with a consistent, best-practice design,\u201d she says.\n\nEnsuring the cloud is driving actual business results\n\nThe more complex a cloud strategy gets, the more difficult it might be to determine the return on investment from the various services in use, or whether there\u2019s a return at all.\n\n\u201cHaving the ability to define workloads and architect the right provider to perform specific requirements has been crucial, in my experience,\u201d says Mike Clifton, executive vice president and chief information and digital officer at Alorica, a provider of customer service outsourcing.\n\n\u201cI recommend thinking of your company like a puzzle, with numerous pieces that connect together to add value for the customer,\u201d Clifton says. In Alorica\u2019s line of business, the company has different actions coming into its environment and going out to its client\u2019s environment, be that authenticating, call tracking, or recording.\n\n\u201cFor example, our ability to successfully integrate voice functionalities into a customer-facing environment in the right language, in the right time and in the right channel, is table stakes for achieving real-world business outcomes, whether that\u2019s a positive product review, interest in a discount offer or even an upsell,\u201d Clifton says.\n\nSuccess with a complex cloud environment in this context is possible only by brokering service level agreements (SLAs) with cloud service providers that outline a clear set of deliverables, Clifton says. \u201cOnce you have the scalable infrastructure in place, you can begin to piece together all workflows without major risk of disruption,\u201d he says.