As working in the cloud becomes the new normal, a dilemma arises: multi-cloud governance. The public sector and private companies across many industries are using the cloud because it’s fast and enables quick delivery of value in response to changing user needs. A few years ago, organisations believed they could pick one cloud and stick with it. Now, that approach is no longer practical, and organisations are working in multiple clouds.

Why do we need cloud governance? Because it will ensure successful performance for any company using one or more clouds. Cloud governance can help organisations oversee key processes such as cost control, ensure the safety and security of their working environment, protect their work and resources, and comply with regulations. Organisations need to define how to operate, optimise and secure their share of the shared responsibility model as it applies to apps and infrastructure in the cloud.

The multi-cloud reality is here

Cloud capabilities vary according to different dimensions, such as artificial intelligence (AI), innovation and enterprise relationships. Thus, different teams in many organisations pick a different cloud for some specific reason. Some cloud environments are used for data services and AI, so data teams are using them to build machine learning applications. Others are providing better environments for innovative work, etc.

Realising that a multi-cloud reality is inevitable can be intimidating for some. The former approach — where architects selected one IT solution and declared it the standard that everyone in the organisation had to use — is no longer acceptable.

In the cloud world, everyone is using all available solutions, so cost implications become a concern. How does an organisation control costs if employees are using all the clouds? How can it ensure that employees are picking the right cloud for their use cases? How can it ensure that people don’t waste too much time and money choosing the right cloud?

How to deal with the challenge?

One approach to cloud governance is using a cloud broker, thereby putting another layer on top of the clouds you are using. However, this approach has proven to be problematic for many. A cloud broker will allow your organisation to have a common set of blueprints and some control over who gets to do what, but due to the broker’s limitations, organisations can’t use the cloud’s full potential. In his 2017 re:Invent presentation, Kieran Broadfoot, infrastructure chief technology officer at Barclays, pointed out that the broker’s limited capabilities will decrease the optimisation and innovation possibilities for organisations, i.e., limit a company’s opportunities for achieving its KPIs. Because of these problems, many organisations are calling this governance option an anti-pattern.

So, what can you do? Define what is important to your organisation and focus on that. Focus on the applications that deliver outcomes more quickly by constructing continuous delivery pipelines. That process will lead you to the answers on what services are key for consumers, and how to manage the clouds accordingly. The three essential steps for multi-cloud governance are:

  1. Safety first. App developers need to be able to consume services without crossing lines with respect to security and compliance, so building safety into the working environment is key. We’re moving from the idea of how to control the usage to how to make the usage safe. The most common problem with cloud usage is leaving data open to the public. It’s so common that a cloud newsletter, “Last week in AWS,” has a weekly negligence award for leaving the Amazon S3 (simple storage service) buckets open.
  2. Empower engineers. This step is closely related to safety. If you build safety into your environment, you can actually let the engineers do their thing.
  3. Focus on continuous delivery. Build security into continuous delivery pipelines. With cloud, it matters more that you have a pipeline and can push change through that pipeline in a safe and secure way.

Productivity and safety come before control. The engineers and environments have to be safe so that the organisations can stay secure, efficient and functional over the long run.

Ready to learn more about security in the cloud? For another perspective, read Securing the Digital Revolution.