Managing multiple providers in a single environment poses distinct challenges. Here’s how to ensure your multicloud strategy is secure, harmonious, and cost-effective.
It’s no longer a question of whether enterprises need multiple cloud services, but which ones they should deploy and how best to craft a multicloud strategy that creates the most value for the business.
That strategy had best take into account the challenges organizations are most likely to face on their multicloud journey. Here are five potential issues CIOs and other IT leaders must be aware of when planning or maintaining a multicloud environment.
AI’s massive impact
The AI juggernaut is affecting just about every aspect of the IT stack, cloud services in particular. But when it comes to running AI workloads in multicloud environments, complexity compounds. Key hurdles include ensuring data security, interoperability, and performance optimization.
Enterprises often need to integrate AI and machine learning models across a variety of cloud environments, which can be a complex undertaking due to the different APIs and data formats necessary to do so.
Transferring AI data among various cloud services and providers also adds complexity — but also significant risks.
“Tackling software sprawl, especially as organizations accelerate their adoption of AI, is a top action for CIOs and CTOs,” says Mindy Lieberman, CIO at database platform provider MongoDB. “AI is transforming processes and empowering employees to focus on their most impactful work. But every new initiative can add to the complexity of an already sprawling tech stack.”
Failing to deploy active governance initiatives can lead to uncontrolled consumption, rising costs, and deepening technical debt, Lieberman says. “Without managing that debt, organizations can’t move with the agility needed to compete in today’s [demanding] economy,” she says.
AI can also be part of the solution, Lieberman says. “When leveraged effectively, it can help identify redundant systems, improve governance, and intelligently monitor software usage,” she says. “AI tools can even help IT teams in their efforts to modernize legacy tech infrastructure and consolidate on modern, cloud-native platforms.”
CIOs need to monitor cloud services consumption closely, using AI to eliminate complexities of the multicloud environment. “The solution landscape is complex and evolving quickly, so technologies need to be evaluated not just on what they can accomplish today, but where you expect them to be in six to 12 months,’ Lieberman says.
Data sovereignty requirements
A multicloud environment can complicate the management of data sovereignty. Companies need to ensure that data remains in line with the laws and regulations of the specific geographic regions where it is stored and processed.
To address this challenge requires careful planning and ongoing management to navigate the diverse regulatory landscapes in non-US locations.
“As a publicly traded, multinational company, we must follow the regulations and reporting requirements in all the countries where we operate,” says Scott duFour, CIO at financial services provider Corpay.
For example, the General Data Protection Regulation (GDPR) requires that Corpay’s EU customers’ data stays in the EU. “So we have to create a new instance in the EU landing zone, increasing our costs,” duFour says.
This also applies in the US, duFour says. IT has forged a data governance partnership with Corpay’s compliance team to adhere to reporting requirements for the company as well as its third-party partners.
“This especially true in California, which is leading the way with data privacy legislation in the US,” duFour says. “Being compliant is non-negotiable, but we still must strike a balance between expanding and [consolidating] our cloud-based service footprint on a case-by-case basis, with the goal of managing costs and driving revenue.”
Cybersecurity risks
Deploying even one cloud service can present cybersecurity risks for an enterprise, so having a strong security program in place is all the more vital for a multicloud environment. The risks stem from expanded attack surfaces, inconsistent security practices among service providers, increased complexity of the IT infrastructure, fragmented visibility, and other factors.
IT needs to be able to manage user access to cloud services and detect threats across multiple environments — in many cases without even having a full inventory of cloud services.
“Managing access and protecting data in a multicloud environment requires a multifaceted approach,” says Scott Simari, principal at Sendero Consulting. “Think of it like securing a physical data center: You establish a defense perimeter using firewalls, log monitoring, malware protection, and antivirus solutions.”
Even though cloud service providers offer their own security features, most companies will still “ringfence” their own networks within each cloud using their preferred security tools, Simari says.
“The challenge in multicloud is ensuring consistency and appropriate measures across different providers,” Simari says. “Security standards and regulatory requirements can differ, and certain types of data may have specific mandates.”
Sendero’s work with a utility company that owns and operates nuclear power plants highlights this. “Federally regulated data can only reside on government-controlled instances of the cloud — like Microsoft’s federally approved cloud, not their commercial cloud,” Simari says. “This necessitates a tailored approach to data loss prevention and security apparatus for each cloud.”
While general security practices apply regardless of whether an enterprise uses a single or multicloud environment, a multicloud set up enhances the case for adopting more rigorous practices, Simari says. This includes centralizing identity and access management to ensure user provisioning and authentication across all platforms.
“It’s also crucial to apply least-privilege or just-in-time access principles, which grant users only the necessary permissions for the shortest possible duration,” Simari says. “Organizations should also prioritize encrypting data both at rest and in transit while centralizing key control for managing encryption keys across disparate cloud services.”
Need for flexibility and observability
As technology evolves to solve increasingly complex problems, the infrastructure and services needed grow more sophisticated as well, says Bryan Wall, senior competency leader, cloud engineering at Experis, a provider of staffing and managed services.
“With greater complexity comes more potential avenues of failure, but also more opportunities for customization and optimization,” Wall says. “Each cloud provider offers unique strengths and weaknesses, which means forward-thinking enterprises must know how to leverage the right services at the right time.”
The key to harnessing the advantages of multiple clouds lies in flexibility and observability, Wall says. “Flexibility begins by ensuring that custom software is not tightly bound to a single provider. Containerization and cloud-agnostic orchestration allow teams to deploy workloads anywhere, aligning specific applications with the providers best suited to their needs.”
This flexibility, however, requires operations teams to understand the nuances of each cloud. “Observability is what makes this manageable at scale,” Wall says. “A holistic monitoring and cost-management platform is essential to unify disparate tools and provide actionable insights.”
As organizations expand across multiple hybrid cloud platforms, maintaining clear visibility becomes increasingly complex, says Chris Thomas, principal at Deloitte Consulting. “Without robust, cross-platform observability, it’s easy for issues to go undetected, impacting everything from compliance to customer experience,” he says.
To address these challenges, organizations are adopting unified monitoring solutions that aggregate data from all hosting platforms, enabling real-time insights and proactive response, Thomas says. “Organizations should give thought to using AI-driven analytics to identify patterns and anomalies that might otherwise be missed in siloed environments,” he says.
Cost concerns
Keeping costs under control in a multicloud environment can be a challenge for enterprises. This is deeply intertwined with effective financial management, often referred to as FinOps, Simari says. FinOps is a cloud management practice focused on optimizing spending by fostering collaboration among IT, finance, and business teams.
“FinOps is about ensuring you’re a responsible steward of your cloud resources and ensuring that you’re not leaving money on the table,” Simari says. “This means diligently conducting cost-benefit [analyses] for any services you use and being mindful of consumption and operational costs.”
Without proper oversight, it’s easy for expenses to escalate, Simari says. “When conducting these analyses on behalf of our clients, we’ve seen that some organizations are paying for way more cloud space than they need,” he says. “FinOps involves ongoing monitoring of usage, optimizing resource allocation and leveraging pricing models effectively across different cloud providers, to ensure organizations are getting the most value for their investment.”
Containing software-as-a-service (SaaS) costs is especially challenging for Corpay, which has grown its business largely through acquisitions.
“Each company we [acquire] has its own environment such as AWS or Azure, so we have to move them over to our landing zones to maintain security and operational control,” duFour says. “With each acquisition, we have a goal of creating synergies and alignment that help control costs and prevent creep, while maximizing the benefits and efficiencies we gain. As we add additional companies to Corpay, this will continue to be an on-going exercise.”
