Putting all your eggs in one basket doesn’t always work out well. We’ve all done it, and when done in a business context (e.g., Cloudflare’s July outage that briefly tanked numerous web-based businesses), the consequences can be far-reaching and dire.
It’s way easier to keep everything all in one spot. However, just because it’s easier doesn’t make it more beneficial, nor does it make it better.
Cloud computing has suffered the wrath of convenience. Sure, it might be more convenient in management and contracting to consolidate cloud resources to a single provider, but you might experience a variety of losses in doing so. These losses may be in actual costs, but more likely, they’re the result of sacrifices in not immediately fiscal areas.
The case for multicloud adoption
In last month’s column, I alluded to multicloud adoption as a part of the natural evolution of cloud computing. This month, we’ll dig into the numerous advantages that accompany adopting a multicloud structure, as well as take an unbiased look at relevant concerns that might pop up along the way to a solid multicloud setup.
Preventing single-vendor dependency or “vendor lock-in” is a big reason businesses should diversify their cloud infrastructure. When all cloud resources are held by a single vendor, an outage at that vendor could severely impact a business’ functionality and put a dent in their credibility, trust, and daily revenue.
That concern by itself should dissuade companies from taking a single-vendor approach. By consolidating all cloud resources under a single vendor, your business is at the whim of that vendor’s uptime: If they go down, so do you. Diversifying cloud resources helps businesses build resilience to these vendor failures; if one of your cloud vendors goes down, only part of your business is inconvenienced.
There’s another, sometimes less-apparent reason to diversify cloud resources: Multiple vendors vying for contracts sometimes drives down the price. Most vendors are comfortable taking less dime if it means their competitors don’t get your dimes at all, which benefits your business in the long run.
Advantages aside, integrating and managing cloud resources isn’t always easy, especially when you’ve got several to worry about at once. We’ve seen the advent of cloud management platforms in response to concerns around difficulty maintaining multiple clouds, which—though incredibly helpful—add additional OpEx to diversifying your cloud resource portfolio. However, integration with these clouds isn’t all that difficult, depending on what you’re doing. In fact, utilizing different clouds for different tasks, processes, or functions might provide better results.
Cloud infrastructure tools are usually designed for specific functionalities. Some are ideal for containerization, others for databases. As a result, if there’s a process or core function you want running on cloud infrastructure, there’s one provider, or five, that have cloud infrastructure built specifically for that function. This is called best of breed.
Utilizing a multicloud approach, businesses can capitalize on a variety of best of breed offerings to optimize their cloud-driven processes and systems. While a business might worry about integrating many solutions into different clouds, they’re integrating with environments built specifically for those solutions. The result is more optimized functionality from the solution-environment pair, allowing teams to work more efficiently and effectively, reducing friction and creating opportunities for increased innovation and growth.
Nevertheless, this route runs into the same OpEx issue discussed before. More environments means more contracts and potentially more costs. At the end of the day, businesses have to make a decision whether the high performance from best of breed platforms is worth the higher costs and contract hassle.
Security is one of the more intriguing (read: volatile) benefits of the multicloud approach. Done correctly, business data can be significantly more secure, organized, and cordoned. However, if done incorrectly...that’s an entirely different story.
Multicloud approaches let businesses section off data security by function or need. One cloud environment might handle development data, while another focuses on core databases, and a third concentrates on client data. Businesses could use one cloud environment as redundancy for a disparate cloud environment, providing opportunities to fail over while avoiding vendor lock-in. Functionally, a multicloud approach can be a major inconvenience to anyone trying to illicitly glean company data. Instead of hitting one cloud environment, they’d need to attack three, or five, or nine. Disparate systems are way harder to crack.
However, anyone with a security background can see challenges cropping up. More clouds means a larger fence around your data, and more fence means more places to break through. In other words, a more complex environment to protect introduces more places to misconfigure perimeter protection. Since cloud infrastructure providers push most security responsibility to the companies using their services, multicloud can evoke additional pain points to cover the full perimeter. Earlier this month, G2 research analyst Aaron Walker pointed out some recent examples of configuration failures—including Capital One’s web application firewall issue and Cisco’s REST API vulnerability—noting the necessity of increased security attentiveness as cloud adoption expands into multicloud.
Access and enforcement are additional challenges with adding more clouds to the mix. When designing user access policies, admins must keep in mind each cloud a user might (or might not) require access to and adjust rights accordingly. The evolving world of identity and access management (IAM) will play a key role in user administration for multicloud.
“Better safe than sorry” is the best approach from an access standpoint. For example, the data access rules in health care are almost comically strict, but for good reason. If you don’t need it, you can’t see it. When organizations allot access on a need only basis, potential complications are greatly reduced.
|Related: Learn more about the benefits and risks that come with cloud security.|
The policies and methods around maintaining data policies, compliance, quality, and data governance are important and hot topics in the business world right now. HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), and CCPA (California Consumer Privacy Act) are just a few major legislations that companies must contend with in storing, managing, and distributing data in modern business.
Multicloud infrastructure creates interesting opportunities for data governance. In finding a cloud infrastructure provider in regulated states or countries, businesses can consolidate any data affected by those regulations within those regions. Mass management of that data, by means of aligning it with data regulations, becomes simpler, and any data that needs to be moved from that area to a different one would already be compliant upon transfer. Companies that deal heavily with HIPAA-affected (health care and health care-adjacent) businesses—or businesses affected by other regulations—sometimes have cloud infrastructure solutions designed specifically for dealing with those regulations, located in the affected regions. This offers an extra layer of awareness around regulatory alignment.
That said, staying compliant isn’t a simple endeavor, and adding more clouds into the mix can further complicate that task. Compliance to data privacy regulation, though, is not going away. The past several years have shown a massive uptick in both added privacy regulations and public calling for further privacy protections, especially as numerous companies have come under fire for haphazardly selling, transferring, and securing personal data. Consider higher privacy lockdowns as a cost of doing business. It is inevitable, and the best course of action moving forward is to get ahead of the curve.
Geography can play a surprising role when choosing which multicloud system to implement, but its advantages don’t fall just to data governance. Latency—the time between request and response from a server—can be drastically reduced by adopting a multicloud approach.
Say most of your business users are in Chicago, but your servers are in Austin. The average request latency between those two cities (about 1,125 miles apart) is around 29–33ms. That doesn’t sound like much, but when your users are in a situation where every millisecond counts (e.g., finance, or the over $1 billion esports industry), that latency can be a problem. If you have cloud server in Chicago, that latency drops to almost nothing. Through multicloud approaches, you can host your functions closer to your end users, improving performance for the user.
Wider distribution of cloud infrastructure starts leading us down the road to edge computing. Edge computation—generating, collecting, and analyzing data as close to the data source as possible—can be more strongly supported by a proximal data center. To stay close to your clients, adopting some cloud infrastructure near target locations may be beneficial.
Each benefit of adopting a multicloud approach does come with its own challenges, but this is to be expected. Challenges accompany growth and innovation. For modern businesses, these challenges deserve to be undertaken. Multicloud is the future of cloud infrastructure.