First it was cloud, now it’s multi-cloud. As Australian companies ramp up their investment in as-a-service everything – Gartner predicts the annual spend will rise to $7 billion in 2021, up from $4.6 billion in 2018 – the trend of using multiple cloud computing and storage services continues to gather speed.
Some of Australia’s largest enterprises have endorsed the model. They include ANZ Bank, whose hybrid cloud model encompasses services from IBM, Amazon Web Services and Google, and its Big Four competitor NAB which is throwing resources at a similar strategy utilising multiple public cloud services.
It’s not just a Down Under thing. Organisations elsewhere in the world are intent on optimising their cloud infrastructure by spreading their custom amongst multiple vendors.
RightScale’s 2018 State of the Cloud Report notes a number of compelling benefits to doing so. They include enhanced flexibility, reduced likelihood of data loss and downtime and the ability to sidestep expensive lock-in; historically one of the less appealing hallmarks of the ICT industry.
More than 80 per cent of companies surveyed were pursuing a multi-cloud strategy, according to RightScale. Diversification is very much the name of the game, with the average number of clouds in use currently sitting at 4.8 per enterprise.
High stakes security challenges
Developing a cyber-security strategy for this brave new architecture model is no easy feat – a fact which is not lost on many of those ICT professionals who are charged with pulling it off.
Seventy-seven per cent of RightScale’s survey respondents stated security was the chief challenge associated with cloud computing and in a climate of rising threats and increasingly punitive regulatory regimes the stakes have never been higher.
Key obstacles to developing a coordinated and robust cyber-security framework include the three Ts – terminology, technology and team.
A multi-cloud security strategy requires cohesion between providers but the absence of a common language to describe products and processes makes this a big ask. Currently, cloud providers use their own jargon, which means one vendor’s Virtual Private Cloud may well be another’s Virtual Network. It makes crafting an umbrella security strategy unnecessarily complex.
Cloud technology has its own Tower of Babel flavour, with different vendors employing their own authorisation and authentication models. Unless they’ve had the opportunity to become au fait with all the variations, expecting DevOps teams to apply consistent security standard and measures across the board is a big ask.
In the interests of expediency, most large organisations will order their DevOps groups according to expertise. The result is likely to be a series of autonomous units, each working on its own slice of cloud infrastructure. That’s the antithesis of what’s needed to craft a whole-of-enterprise cloud security strategy – a strategically aligned team that’s focused on standardising operations not siloing them.
Against this backdrop, it’s clear crafting a robust and comprehensive multi-cloud security strategy is not a cinch. Here are some tips for organisations seeking to do so successfully.
Invest in research
Scoping out the challenge exhaustively before you develop a security strategy will up the odds of your settling on a solution that’s comprehensive and thoughtfully configured. That includes drilling down to unearth the strengths and weaknesses of your cloud architecture and any potential points of failure. These are most likely to arise where technologies converge and processes are not automated.
Your planning process should include extensive research into the differences between cloud environments, including reports produced by SOC 2 and other third parties with first-hand experience of multi-cloud implementations.
Don’t cobble it together – recode it
In 2019, constructing a multi-cloud environment is not necessarily simple or straight forward. It pays to understand from the outset that creating secure connections between your selected array of cloud environments can be time consuming and expensive and involve a strong element of DIY. In other words, rewriting code. Investing resources to produce applications and scripts which can standardise functions and automate processes will pay a dividend in the form of a robust, flexible and secure environment.
Teach your people
Multi-cloud implementation is hot and that means it’s a sellers’ market for skills. Finding developers who have experience with both AWS and Azure may be an ambitious ask. Hiring individuals who are expert on at least one platform and training them in another may be the most expedient way to amass the expertise your multi-cloud implementation requires.
Find strategic partners
Multi-cloud environments are still in their infancy – which means the rules for implementing them are still being written.
Investing in people and processes and partnering with vendors which are dedicated to developing solutions to safeguard data and intellectual property will see companies well placed to reap the benefits the architecture promises to deliver.