Multicloud is now the de facto standard for infrastructure among enterprises, with the leading drivers for this cloud adoption strategy running from reliability and scalability to security and governance.
However, multicloud deployments are full of complexity, as there's often no uniformity between clouds for anything but the biggest, most obvious service layers — instead, each cloud service provider (CSP) has its own nuance and stylistic dialect.
Add the additional layer of integration with legacy sites, services, and applications, and the situation becomes increasingly complicated — fast.
Dennis Smith, vice president analyst at analytics firm Gartner, points to the manifold differences within the different cloud environments that enterprises need to navigate when moving to a multicloud strategy.
"This navigation requires additional skilled resources and tooling," he said. "These are things like securing the different cloud environments and cost optimization."
Why Develop a Multicloud Strategy?
Among the central challenges organizations are facing when developing a multicloud strategy is having a clear understanding for why they are embarking on a multicloud strategy, Smith said.
"The reasons behind this are complex, as is the need to incorporate people, processing, and tooling into the strategy, and some aspects of these are not totally mature," he added. "Unfortunately, some organizations think that they must be multicloud without really thinking through the reasoning."
Tooling, technology, and understanding of operationalizing multicloud is improving, which will help, Smith said.
"As more enterprises select tactical cloud providers along with maybe a strategic vendor that they already use, adoption will grow," he said.
To determine if a multicloud strategy is the right move, Smith said organizations must go back to their requirements and clearly understand why they need the additional vendors.
"This best happens organically where there is an enterprise need to use additional clouds, as such perhaps a cloud architect or cloud center of excellence that has a broader view than just technical possibilities," he said.
Randy Armknecht, managing director at global consulting firm Protiviti, agrees that organizations should look to a cloud center of excellence that contains representatives across business units, including IT and finance, to guide the direction of cloud adoption.
"If extending into multicloud enhances the achievement of the business's objectives and can be accomplished in a risk-aware manner, then pursue it," he said.
While CSPs offer standard capabilities on their respective platforms, the APIs to automate them, and the specific technical details required to configure them, differ between each, according to Armknecht.
"Resilient, efficient, and secure cloud deployments require mastery of these details," he said.
What Are the Top Multicloud Challenges to Developing a Multicloud Strategy?
From Armknecht's perspective, the two core challenges when considering a multicloud strategy are value realization and skilled staff.
"The most significant value is extracted from a cloud platform when harmoniously leveraging its platform-specific services," he explained.
However, a substantial portion of the cloud value proposition is lost by generalizing the technology stack to be portable across platforms.
Further, in the already competitive labor market for cloud resources, supporting multicloud requires rare skilled professionals and often duplicative roles — for example, security specialists for each platform.
Armknecht pointed out that there has been a recent uptick in interest in a "multicloud control plane," "super cloud," or similar abstraction layer over multiple cloud platforms.
"The desire we see in the market is for the business, IT, and developers to focus on what they need their application to do and let the abstraction layer determine how best to implement it across clouds, optimizing within each to recapture value through platform-specific services," he said.
Ideally, it's a form of an expert system, leveraging predictive analytics and the latest thought leadership to achieve the application's objectives.
Anticipating the costs and length of that journey are among the most difficult challenges, according to Tim Wade, deputy CTO at Vectra, an AI cybersecurity company.
"Sometimes, while the vision may be clear, the muscle necessary to execute on that vision hasn't been built yet," he said. "Organizations need to weigh the most important elements of their business to transform against the operational readiness they can realistically deploy to execute. Often it may be wise to start small, fail, iterate, learn, and adapt."
Wade said there's been a realization that flexibility and agility are a core component of cloud strategies and that principle can be extended to the CSP layer itself.
"That's a net-positive, but the practical reality is that each CSP often requires its own set of bespoke skills at an implementation and execution layer," he said. "This means that there is real cost benefit analysis from an operational standpoint that needs to be weighed against what might otherwise be obvious architectural advantages."
Business stakeholders are ultimately responsible for making the call under the advisement of technology leaders based on objective business outcomes.
"If, against the request for such outcomes, the technology wing of an organization can't articulate the tangible, beneficial support for a multicloud strategy, then it's an exercise in chasing squirrels and shiny lights, not a strategic advantage," Wade warned.
Tyler Croak, principal strategist at Lookout, a security service edge (SSE) provider, said one of the biggest challenges is the lack of skilled workers.
"You may have an architect that is an expert in Azure, but is he or she also an expert in GCP [Google Cloud Platform]?" he asked. "If you have that same architect be responsible for the overall design of your deployment across both clouds, this may result in a misconfiguration that creates a massive risk for the organization."
The risk that comes from understaffed or inexperienced personnel is exacerbated by organizations' tendency to deploy multiple point solutions to protect that multicloud environment that requires extensive day-to-day management, he said.
This mundane effort results in overworked teams that don't have the opportunity to focus on career development and strategic initiatives, which results in high job dissatisfaction and turnover.
Croak points to another challenge: Service-level agreements (SLAs) across cloud providers might not be the same for components in the organization's design, yet the customer demands a specific SLA.
"Using a cloud-delivered model will alleviate the pressure by removing the unnecessary and tedious labor that point products require," he said. "This equips your IT and security teams with the visibility and control they need as well as the time to focus on the projects that matter to their personal development and the protection of your organization."
Vishal Jain, co-founder and CTO at Valtix, a provider of cloud-native network security services, said he's seeing more and more enterprise organizations wanting to manage multicloud complexities through standardized security across each of their clouds.
They are using architecture, networking, and third-party technologies to accomplish this by abstracting away the complexity of each provider.
"For most, an assumption of multicloud is core to their enterprise cloud architecture strategy," he said. "Their goal is to create consistent networking, security, and visibility across clouds going forward."
In most organizations, the cloud journey began through individual teams, driven by business needs, building their apps on public cloud infrastructure and with platform services, Jain said.
"Over time, different teams might use new cloud providers based on the specific business requirements of a single project," he said. "This ad-hoc nature of cloud adoption has resulted in fragmentation."
Fragmentation creates a challenge for the security and architecture teams now responsible for putting in place centralized security, governance, and management.
Due to the underlying differences in each provider and a lack of skilled resources with cloud-specific knowledge, these security architects are challenged to reset strategy in a way to carry them forward for the next decade.
"At the same time, they must also continue to deal with new projects, because the business isn't slowing down," Jain said.
About the authorNathan Eddy is a freelance writer for ITPro Today. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin.