Multicloud environments tend to grow organically, less by design and more because organizations spin up resources quickly to meet specific needs without an overarching strategy. When this happens, governance may fall by the wayside. Business and IT leaders generally know they’ve reached this point because they’ll start to see three types of issues.

First, many organizations experience cost increases, usually because they have overprovisioned or idle resources. Second, the presence of poor security controls or the lack of security visibility may raise a red flag. Third, it becomes apparent in other ways that the multicloud environment lacks cohesive, intentional management.

Fortunately, it’s never too late to impose structure and controls where they belong. In fact, there will always be a need to periodically take stock of cloud environments to make sure they align with an organization’s current needs.

City leaders may know they need a smart city strategy to attract and grow business, and to connect and serve citizens. But often, achieving the desired outcomes is harder than it sounds. These initiatives vary widely, with some struggling to get off the ground, while others achieve significant successes, such as aligning disparate, siloed systems.

To help establish the kind of success that drives further investment, I often suggest focusing on the development of the smart city “nervous system” platforms — the place where humans and data intersect for the purpose of better decision-making.

Cybersecurity philosophies have changed significantly over time to adapt to the changing needs of the organizations they serve. In the early days of cybersecurity, we focused on building boundaries between the “inside” and the “outside.” Users and devices that we trusted were placed inside network perimeters and granted largely unfettered access to systems and data within that environment. Those on the outside were untrusted and blocked from accessing sensitive resources. While that approach served us well for decades, it fails to meet the needs of increasingly mobile and cloud-focused organizations as well as increasingly sophisticated and covert threats and malware. The evolution of the perimeter of the network has made it difficult to draw lines between “inside” and “outside” effectively.

Zero-trust architecture (ZTA) represents a philosophical shift in cybersecurity planning that seeks to address this limitation by making trust decisions based on the identity of a user or device, rather than the location.

It can be frustrating when you ask if an IT system is safe, and your expert resource responds, “It depends,” followed by a quip that the only secure system is one that’s powered off. Not so helpful.

Most IT teams are proficient in working with one cloud service provider (CSP) or on one facet of cloud computing, but increasingly, they are being asked to manage multiple cloud environments. The shift is substantial, especially because when it comes to security, the devil is in the details.

We know that risks are involved with multicloud Infrastructure as a Service implementations. It’s critical to know what they are and how to manage them. Let’s start by examining how we got here, and why there’s no turning back now.

Before your organization gets too far into a multicloud environment — using some combination of hyperscale providers such as Microsoft Azure, Amazon Web Services and Google Cloud Platform, along with private clouds — it’s wise to develop a management strategy. Proper multicloud management supports long-term optimization and amplifies a DevOps culture, which is complementary to this strategy. As we discuss on the CDW podcast Simplifying DevOps, when multicloud and DevOps are deployed together, the whole is greater than the sum of its parts.

In general, organizations should take existing IT best practices and extend them to cloud platforms, adapting as necessary. The same security and resiliency objectives that apply elsewhere also hold true for the cloud, particularly given the shared responsibility model that governs public cloud arrangements. Beyond that, organizations should focus on four key areas.

As organizations build multicloud environments, it’s important that they think strategically about guiding principles and capabilities. Multicloud may involve any combination of the major hyperscale public cloud platforms — Microsoft Azure, Amazon Web Services and Google Cloud Platform — or a hybrid that also includes private clouds.

For many organizations, multicloud works because it lets them use the provider that offers the best features, security, resilience or cost-effectiveness for a specific workload, without limiting them to a single option. Multicloud also facilitates the DevOps objective of providing rapid time to value for features or products. The ability to accelerate the frequency and quality of releases is a paramount goal of DevOps, and a well-maintained multicloud solution can help organizations achieve that objective.

Both multicloud and DevOps thrive on rapid-response flexibility, and that makes it essential to have a strategy that can guide important decisions.