3 key things firms should consider to expedite their multi-cloud strategy

Businesses of all sizes are embracing the cloud, and at a faster rate than before. In Australia alone, Gartner has predicted a 31.8% growth on Australian public cloud spend in 2022. Whether businesses are looking to optimise the costs of managing their data or enable their development teams to deliver apps faster – most recognise the cloud has undeniable perks.

But while early cloud adoption was largely about building apps on AWS, there is a growing importance to have the ability to embrace not just one cloud, but multiple concurrently. This is because each cloud provider has its own unique value propositions, which will only continue to expand over the next decade as investment in application services grows.

In our 2022 State of Cloud Strategy Survey, more than 80% of respondents in APAC have implemented or are expanding multi-cloud, or are planning to within the next year.

As with the technology infrastructure transitions of the past, the shift to a multi-cloud model will require embracing concepts for many businesses. The cloud operating model means transitioning from a relatively static pool of homogeneous infrastructure in dedicated data centres with physical hosts and a strong network perimeter – to a distributed “fleet” of dynamic infrastructure that is provisioned as-needed and with no notion of a physical ‘host.’’

What are the considerations before using multi-cloud?

Whilst the transition may seem daunting – the risks of not ‘keeping up with the joneses’ could be even greater, as speed to market becomes the must have for success. Indeed, many businesses in APAC are awitnessing benefits from a multi-cloud approach – an overwhelming 93% of respondents said multi-cloud was working well for them. Here are three key considerations to explore when trying to operationalise multi-cloud for your firm.

Separate and simplify against core IT roles

One of the biggest challenges associated with cloud adoption is that all four core constituents in IT—operations, security, networking, and development teams—must each internalise the implications of the cloud model. A practical place to begin is to consider each of the core roles in IT, and break down the main challenges that they will face as they shift to a cloud model.

For example, in operations teams, one core challenge will likely be around managing the scale and elasticity that comes with cloud environments – given the scale of cloud infrastructure is essentially infinite. Because each infrastructure provider has a unique provisioning model, another challenge for operations teams is to determine a strategy that gives them a consistent provisioning workflow, while leveraging the capabilities of each cloud provider.

For security teams, the challenges look vastly different and should therefore be considered separately. They, for instance, will need to rethink the core assumptions around the network perimeter while enabling development and infrastructure teams to adopt cloud for their new app workloads. This separation by core IT roles will allow businesses to distill the challenges faced into a smaller, well-defined problem set that can be turned into a practical plan.

Reassess your approach to security

When moving to multi-cloud, the complexity of managing multiple technologies and processes can create very real operational challenges. The successful deployment and management of multi-cloud infrastructure therefore comes with many important considerations, with security being top of the list. In our State of Cloud Strategy survey, 90% of APAC respondents said that security is the key driver of their cloud success.

When the shift to the cloud does occur without enhancing security, firms are left vulnerable to breaches that can cost millions. According to IBM, in 2022 the average cost of a data breach in Australia rose to roughly AUD $4.67 million. So how can organisations protect themselves while still taking advantage of the multi-cloud opportunity? While there is no silver bullet – the simplest answer is two-fold: Incorporating automated and zero trust security methods.

  • Automated security

To mitigate risk and protect their environments, many firms are choosing to leverage automated security tools. Automation is the automation of security responsibilities.

The major benefit is that the burden on security teams is reduced given administrative tasks and incident detection are automated, meaning they can better handle burgeoning cloud workloads. In our recent survey, 46% of APAC respondents said that consistent and automated tooling would improve their security and governance posture.

  • Zero Trust security

Zero trust security is based on the idea that anything or anyone trying to gain access to the network needs to be authenticated and authorised. Access is granted based on a specific set of pre-determined policies, such as user role, location, or device type. By implementing identity-based access controls, granting only least-privilege access, and issuing dynamic credentials, businesses can work towards a ‘zero trust’ environment.

HashiCorp’s approach to zero trust security focuses on using identity to secure apps, networks, and people across multiple clouds, on-premises, and hybrid environments, which reduces the attack surface and automates complex security workflows. This ensures people, machines, and services are authenticated, every action is authorised, and data is protected.

Consider a Platform Teams approach

Successful firms are using cloud and multi-cloud models to maximise agility, reliability, and security, to deliver new value to clients. But in reality – that’s only the beginning. The most mature organisations are now going one step further to scale their cloud adoption enterprise-wide by tuning their people, processes, and tools to create centralised Platform Teams.

A Platform Team is a centralised function or group with responsibility for managing cloud operations. It is instrumental in achieving the maximum benefits from a cloud operating model. Our survey showed 87% of firms in APAC already rely on cloud platform teams.

Effective Platform Teams deliver standardised workflows and a system of record for more efficient cloud adoption. They abstract complexity by standardising infrastructure services to reduce friction for developers, operations, and security teams. The firm’s cloud best practices — including security and compliance requirements — are therefore “baked in” to the platform.

This ultimately leads to greater productivity, more frequent releases, increased stability, lower risk, and optimised costs. A study by Forrester Consulting also suggests Platform Teams are critical “to mitigate people and process-themed challenges like skills shortages (41%) and siloed teams (35%).” So this approach would very likely have positive flow on effects across the business, outside the obvious multi-cloud operationalisation.

Shifting to a multi-cloud operating model isn’t without complexity or new challenges – but it is well worth the effort. Most firms in APAC are already advancing their maturity in this space.

Breaking down what adoption means against specific IT roles, and rethinking what security should look like in the cloud era are good places to start. A Platform Teams will allow you to scale your multi-cloud strategy, and ensure it continues to pay dividends in future.

Grant Orchard is the Field CTO, Asia Pacific and Japan at HashiCorp.