Before your organization gets too far into a multicloud environment — using some combination of hyperscale providers such as Microsoft Azure, Amazon Web Services and Google Cloud Platform, along with private clouds — it’s wise to develop a management strategy. Proper multicloud management supports long-term optimization and amplifies a DevOps culture, which is complementary to this strategy. As we discuss on the CDW podcast “Simplifying DevOps”, when multicloud and DevOps are deployed together, the whole is greater than the sum of its parts.
In general, organizations should take existing IT best practices and extend them to cloud platforms, adapting as necessary. The same security and resiliency objectives that apply elsewhere also hold true for the cloud, particularly given the shared responsibility model that governs public cloud arrangements. Beyond that, organizations should focus on four key areas.
1. For Multicloud Management, Emphasize People, Process and Culture
In multicloud, as in DevOps, the goal is to get away from a focus on tools and spend more time on people, process and culture. Both approaches should focus on a foundational principle that drives culture, behavior and patterns — and only then considers which tools will yield the desired results. Organizations need a way to decouple policy and governance from the environment where applications are running so that these principles, not the cloud, drive decisions.
For DevOps teams, the right multicloud management platform is a gateway, providing access to all the cloud services at their disposal. In establishing this access to consumption, every organization has to find the right balance between two poles. On one side are services that are universal to any cloud environment. On the other side are bespoke services from a specific cloud provider that support functionality not available elsewhere.
The goal should be to map as many services as possible to universal constructs in the cloud management platform, minimizing cases where the DevOps team must develop case-specific instances. Rather than writing governance every time a workload is deployed or a new tool is incorporated, an organization should impose policy and governance on top of the cloud management platform, which determines where to spin up the workload.
2. Establish a Cloud Center of Excellence
Most organizations aim to eliminate operational silos. That goal also should apply here. Create a cross-discipline group from business lines, IT teams, security and DevOps to map a cloud strategy, make policy decisions and determine where to place each workload.
Cultural barriers can influence, to an organization’s detriment, who gets a seat at the table. Many organizations still view their IT team as more of an internal utility than a strategic stakeholder. Other organizations fail to recognize that developers may have the best insight into cloud-native design. For a cloud center of excellence to do its best work, it needs to have a cross-functional team.
3. Don’t Overlook Security in Your Multicloud Environment
Many security breaches in the cloud arise from misconfigurations, which are easy to miss if an organization attempts to track them manually. The best defense against this issue is to automate configuration processes and incorporate proper governance standards. Establish security from the start and ensure that it carries through every time a change is made. Finally, layer on a third-party security product that will follow an application wherever it goes and check for issues that traditional security products won’t, such as source-code analysis.
Multicloud environments also require identity and access management for any cloud-based resource. The principle of least privilege should govern access, along with clear separation between development, testing, quality assurance and production.
It’s important to remember that access doesn’t apply only to humans. As organizations continue to shift to a microservices architecture, we have to be even more concerned about which services can talk to other services. The threat is no longer simply that a hacker can access your database, but also that, for example, your web front end can talk to your database.
4. Understand the Tools of Each Cloud You’re In
Each of the hyperscale public clouds is unique, and certain functionalities exist only in a specific environment. No single console or dashboard can provide comprehensive management and visibility across them. Certain solutions support a degree of cross-cloud monitoring, but the best in-depth management happens when you’re using the native tools in each cloud. Running multicloud means using multiple tools, so embrace that reality.