Overcoming Challenges of a Multi-Cloud Strategy
As more and more companies move to a mature cloud strategy, it’s becoming clear that part of that strategy is to deploy on more than one cloud. In practice, this can mean multiple public clouds or some combination of private cloud plus public cloud(s).
There are concrete business reasons for following a multi-cloud strategy, but multi-cloud strategies also create new challenges and compound some challenges inherent in all cloud strategies. There isn’t one ‘right’ path for success with multi-cloud, but there are both technical and cultural ways to get the full benefits from a multi-cloud strategy.
Reduce Risk of Service Disruption
While all of the major global cloud providers offer highly reliable services, they have all had major outages—although not at the same time. Workloads that are distributed over several public clouds, that can automatically fail over into the second cloud if an error is detected with one of the deployments—can weather an outage with little to no disruption to users and little manual intervention.
A multi-cloud strategy also reduces the risks of succumbing to a distributed denial-of-service (DDoS) attack, which can both take a site down and keep it down. The ability to shift to another cloud computing provider seamlessly limits the damage that can be done by DDoS attacks.
One common misconception about developing, deploying, and running applications in the cloud is that all of the platforms have identical workflows and identical processes.
Negotiating Power and Pricing Optimization
Amazon Web Services (AWS), Google Cloud, and Microsoft Azure all have rates posted on their websites—but don’t be fooled into thinking that everyone is paying exactly the same price. Major companies can negotiate for discounts, but it’s hard to negotiate when you can’t credibly move your deployment elsewhere. One component of the multi-cloud strategy in major enterprises is getting the cloud providers to compete for the best rates.
AWS, Azure, and Google Cloud also each offer discounts—Reserved Instances on AWS, Reserved VM Instances on Azure and Committed Use Discounts on Google Cloud. But each cloud provider has slightly different cancellation policies, exchange policies, and payment options. These pricing policies also change multiple times per year, making it difficult to compare AWS, Azure, and GCP pricing directly. However, with the correct pricing management tools some companies take advantages of the different providers pricing structures to deploy applications and route traffic dynamically to the cloud that will offer the best price.
The Right Cloud for the Job
One common misconception about developing, deploying, and running applications in the cloud is that all of the platforms have identical workflows and identical processes. This isn’t the case. A major reason to choose a multi-cloud strategy is the ability to use the cloud environment best suited to your specific application’s needs.
The most obvious difference between cloud providers is in geography—some have better coverage than others in certain regions. For example, some companies choose to send Asia-based traffic to Alibaba Cloud while using Google, AWS, or Azure for traffic from North America.
However, that’s not the only way the platforms are different. With different native tooling, storage, function runtimes, and workflows, it could be that a specific application would work better in Azure than in AWS… or vice versa. For example, Amazon has generally been a better environment for Linux-based applications and open source apps in general, whereas Azure, unsurprisingly, has better interoperability with other Microsoft products. The ability to select the cloud environment with a workflow best suited for the application in question is probably the highest-level reason to adopt a multi-cloud strategy, from an engineering perspective.
There are plenty of reasons to use a multi-cloud strategy, but multi-cloud strategies are inherently more complex. Many of the challenges that arise from multi-cloud deployments stem from that complexity. Modern application architectures are already complex, built on hundreds or thousands of interdependent microservices. Spreading your application over two or more cloud providers makes it that much more difficult to manage. In addition, taking advantage of the pricing and performance optimization that drive some companies to a multi-cloud strategy requires keeping track of how the major cloud providers compare on features and billing structures even when all providers are making changes every month or two.
Making sense of either AWS billing or Azure billing, using just the native tools provided by the platform providers, can be overwhelming and confusing. Deploying to one or two additional clouds means doubling or tripling the complexity when it comes to managing costs. And while a multi-cloud strategy can be reduce overall costs if managed correctly, having comparatively smaller workloads in each cloud can lead to less overall discounts. If cost management is part of your reason for pursuing a multi-cloud strategy, you’ll need to ensure you have tools in place to help you understand and optimize your cloud spend.
In most cases, compute functions can move fairly seamlessly between cloud environments, with little need to rewrite or reconfigure. Data is often the thing that ties you to a particular provider and makes mobility between providers challenging. If you keep your data directly in Amazon Simple Storage Services (S3), in Google Cloud Storage, or in Azure Storage (also called Blobs), that data will not be mobile and will keep you from moving clouds, either dynamically or even as part of a major strategic realignment.
Keeping your data secure, especially if you handle customers’ personal information or health records, is also as important as ever. Data is not less secure in the cloud, but the more places the data is stored the more important it is to ensure that security best practices are followed consistently, which generally means implementing automated security tools.
While a multi-cloud strategy decreases your risk from DDoS attacks, it can increase your overall application attack surface and make it more vulnerable. It’s even more important to ensure that permissions are set appropriately and that security best practices are followed. Keeping track of and correctly configuring permissions using Identity and Access Management (IAM) or Active Directory can be error-prone and tedious if done manually. The likelihood of errors increases when you have two or more different environments (each with slightly different configurations and vocabulary) to manage.
Multi-Cloud Success Strategies
The way to get the maximum benefit from a multi-cloud strategy can be summed up easily: Use comprehensive cloud management to help manage the complexity of your cloud deployment. You can’t manage even a single cloud deployment entirely manually. The more complex your cloud strategy is, the more important it is to lean on the right tooling to automate as much of the management as possible and to give you intuitive interfaces so you can make sense of the data from Amazon, Azure, and/or Google Cloud.
Use a Cost Optimization Tool
Cost management is a major reason enterprises adopt a multi-cloud strategy—but increased costs are actually one of the most common, unexpected pitfalls when using more than one cloud. Assuming your company cares about costs (most do), using cost optimization techniques with CloudCheckr is the only way to ensure that you both understand why bills go up (or down), and also that you are able to adjust your strategy to take advantage of the best rates at Amazon, Azure, or Google Cloud.
Follow Zero Trust Principles
Zero Trust is a set of best practices designed to limit an application’s vulnerability to attack. It is essentially what it sounds like: Do not trust any person or function until it has passed authentication—preferably multifactor authentication. Zero Trust isn’t really a technology solution—it is a development/security principle and there are technologies available to help companies consistently follow Zero Trust.
Following a Zero Trust strategy involves ensuring all permissions are set as restrictively as possible, that identity and access management is set up correctly in AWS, Azure, and/or Google Cloud and using multifactor identification. Not only can permissions configuration be a tedious, error-prone process when done manually, the differences in interfaces and vocabulary used by the cloud providers makes it even more difficult to manage security successfully as part of a multi-cloud strategy.
Use a Software Storage Layer
At the end of the day, your applications are only as mobile as the data they rely on. If you’re serious about a multi-cloud strategy and avoiding vendor lock-in, it’s essential to add a layer of abstraction between your data and Amazon S3, Azure Blobs, and Google Cloud storage. This is especially true if you intend to move between clouds dynamically as part of a cost or performance optimization strategy because moving data stored on Amazon, Azure, or Google native storage services is difficult.
When done correctly and supported by the right tools, a multi-cloud strategy can increase your resilience to both DDoS attacks and non-malicious cloud provider outages. It can decrease costs while increasing performance. The key to any successful multi-cloud strategy is choosing the right tools to support your strategy and keep your development team focused on shipping new code rather than manually managing the ins and outs of a complex cloud deployment strategy.
How to Get Started with Multi-Cloud Management
Only CloudCheckr provides cost analysis for finance teams, advanced automation for IT teams, and security with compliance for infosec teams—in a unified dashboard across the most popular cloud providers. Our partnerships and certifications with Amazon Web Services, Microsoft, and Google allow us to help you get the most out of your cloud investment. Get started today with a free 14-day trial or a live 30-minute demo.