Multi-cloud environments are quickly becoming an established element within the overarching enterprise data ecosystem. Still, there is a fair bit of confusion over this particular form of cloud computing. As experience grows, of course, organizations will learn their own truths about how the technology best supports their operational models. In the meantime, here are 10 of the top prevailing myths about multi-cloud management and the affect it has on today’s digital services.
Myth 1: Multi-Cloud Data Management Is Complicated
Like all myths, this one has a grain of truth to it: multi-cloud is hard to manage if you try to manage it in the traditional IT fashion. But as Splunk noted on Forbes recently, simple observability is no longer enough. For effective oversight, organizations need to build full analytical capabilities from any source and at any scale, not just to provide real-time insights into operating conditions, but to empower management teams to function proactively. (Read also: Best Practices for Managing Cloud Applications.)
Myth #2: Multi-Cloud Equals Hybrid Cloud
While similar, there are a few key distinctions between the two that can affect how they are designed and operated. VMware has pointed out that multi-cloud utilizes clouds from different providers, such as front-end applications on AWS with Exchange Servers on Azure. Hybrid cloud involves the integration of private cloud infrastructure with one or more public clouds, allowing them to function as a single entity. The type of cloud architecture you deploy will depend on the kinds of applications you support and your overall business objectives. Another iteration would be to combine your on premise datacenters with an AWS Storage Data Lake.
Myth #3: Multi-Cloud Is Less Secure Than Single Cloud or On-Prem
Just like with management in general, security is only more complex in the multi-cloud if you don’t implement it correctly. Fortinet’s Vince Hwang says that the key to successful cloud security is a software-defined wide area network (SD-WAN) with an integrated security layer. In this way, the entire cloud is placed under an integrated architecture in which security policies and monitoring capabilities can be extended to any point. (Take the quiz: What Do You Know About SaaS Risks?)
Myth #4: Multi-Cloud Is More Secure Than Single or On-Prem
Of course, there is nothing inherent in multi-cloud that makes it more secure than any other architecture either. Irfan Ak of Branex highlights some of the unique challenges to multi-cloud, including the need to address numerous service models, data access and control (particularly during migration) and the need to maintain compliance across various architectures and across multiple geographic regions.
Myth #5: Multi-Cloud Management Is Best With Open Source
Open source is great, but as CloudOps points out, it is not always the best solution. It takes time to develop and deploy open solutions into a cloud management stack, and there is no guarantee it will have the best feature set. Meanwhile, proprietary solutions often integrate well into cloud environments, and they usually come with service and support programs as well.
Myth #6: Multiple Clouds Are More Expensive
Multi-clouds are no more apt to blow the budget than any other cloud. It’s all in how you manage them. Walmart’s Rupesh Patel argues that with even basic guidelines in place, such as keeping an eye on provisioning and placing data in the appropriate storage tier, organizations will find they can easily keep multi-cloud costs under control. The last thing you would want to incur are charges for misconfigured dynamic provisioning. This can lead to what is known as an economic denial-of-service (EDoS) attack and basically uses up resources and drives up the cost of cloud computing. (Read also: 5 Questions Businesses Should Ask Their Cloud Provider.)
Myth #7: Multi-Cloud Is Only for Large, Established Enterprises
While it may be true that large enterprises may have a greater need for multi-cloud architectures, Anblicks’ Nikhil Acharya notes that small organizations still employ any number of specialized applications that are enhanced by employing multiple clouds. To fully utilize these tools, it’s best to have a scaled out environment from the start. Small businesses can utilize multi-cloud via the use of SaaS platforms like CRM Dynamics, O365, Powe BI, Tableau or by using a managed security service (SeCaaS) like Qualys or Rapid7.
Myth #8: Enterprises Embrace Multi-Cloud Only When They Are Ready
Most organizations are already using multiple clouds whether they know it or not. Shadow IT, the unsanctioned apps and software people use on top of the official company platforms, has been a problem for more than a decade. This is in no small part because it leads to discoordinated infrastructure that drives up costs and hampers performance. As IBM’s Sai Vennam points out, a formalized multi-cloud environment goes a long way toward keeping shadow IT under control. If either in-house or SaaS cloud platforms are implemented without the appropriate governance, risk and compliance, Shadow IT can lead to all sorts of issues. Shadow IT may well evade Data Loss Prevention (DLP) systems, putting the security triad of confidentiality, integrity and availability at risk.
Myth #9: Multi-Cloud Is Optional
Most organizations are implementing multi-cloud into their overall infrastructure, but this does not mean it is right for all applications. Michelle Woodruff of tech consultancy Contino says multi-cloud works best when assembling best-in-class systems and maintaining compliance through complex data migrations. It might not be appropriate for disaster recovery or when trying to avoid vendor lock-in.
Myth #10: Multi-Cloud Is Worry-Free
Multi-cloud is an effective solution to many problems, but it is not perfect. Like all technologies, it must be applied to the right set of services, says CIO’s Bob Violino. It also requires careful coordination to ensure each piece fits together well. And while providers should ensure top-notch data protection and privacy, the enterprise still bears final responsibility to its users.
Before deciding on any cloud service provider (CSP,) make sure you do your research. Remember as well that you will need to formulate an individual Incident Response (IR) Plan for each CSP. Check out the guidance on the Cloud Security Alliance (CSA) website for tools that can help you when sourcing a CSP and guidance on the types of controls that you should ensure are provided by your CSP.