In a multi cloud environment, a company uses several cloud services from different cloud providers simultaneously by connecting the offerings of several providers and enabling different SaaS and PaaS applications to communicate with each other. For example, a company simultaneously uses public cloud services from Oracle, Microsoft Azure and AWS for the same purpose.
The multi cloud is actually an extension of the hybrid cloud, but offers far more possibilities than the hybrid form. Multi cloud is especially relevant for multinational and large companies with many different applications and expect the full cloud benefits such as flexibility and choice.
Whether the multi cloud environment became unintentionally as part of the historical cloud journey or whether this is a strategic decision such as fear of cloud vendor lock-in, it is always a unique decision of company to determine what to do first. For some areas a single product, i.e. CRM, drives which cloud platform to select, in another area a company sees the advantage to move their whole data warehouse into the cloud, in other cases a company sees an advantage to move their data center into a private or public cloud.
Data Center Risks
The change impact is bigger when you have your own data center. The switch to the cloud is more difficult when you have your own data center and infrastructure as it needs a rearrangement of the resources to a new service provider. However, if you already have outsourced your data center, it is easier for the IT resources to learn the new technologies.
Still, the costs of a data center depend on the size, location and what kind of workloads are processed. Before moving to the cloud the different applications and the variety of workloads need to be assessed for cloud readiness as well as the number of users using these applications.
For legacy and in house applications, there may be only a few people (left) who know how to run and change these applications which are essential for business. There is a small chance that the cloud service provider will have this know-how available. For example a host in a bank and because of the underlying program language, i.e. COBOL, it is probably too risky and not cost effective to move these host applications to the cloud.
Apart from the cloud application readiness, the cloud data center is different from a traditional data center as they focus on price / performance and scalability for their customers. They are also build to process different workloads than the traditional data centers. Computing costs are high and consists about half of the cost of a cloud data center. However, labor costs and facility costs such as power distribution, cooling and air conditioning costs are far less expensive.
Another aspect is to understand current and future data center capacity requirements as this could result in higher costs when more space is required.
In a traditional data center, you are able to manage failures using a centralized service management system. In the increasingly common case where you build systems that use cloud services from multiple cloud service providers, managing these multiple systems becomes a bigger challenge.
Once moved to the cloud, companies want to remain flexible and continue to use pay as you go services in their own data centers. Companies need to pay special attention to the same services run internally or externally as they may not be the same when moved externally. Especially public cloud service providers only offer a part of their services, hence the potential gap must be evaluated before moving workloads to the cloud.
The burden is on the customer to aggregate this information from multiple providers to determine the impact of failures on their business operations.
Data Protection and Security Risks
The topic of data protection and licensing models is a huge homework and must be clarified at the beginning of the multi cloud journey. If the company operates in high regulated industries such as finance and pharmaceuticals, compliance risks and therefore related cloud service costs are higher. Especially for private clouds, where customers keep their data sensitive data insider their firewall, the vendor’s and company’s staff need to work much more closely to ensure a frictionless operation.
The cloud service provider must proof that they have experience in those industries and provide evidence to the compliance requirements, data privacy, IT security and recovery standards in case of data damage.
Performance Risks
With a versatile and multi cloud environment, a reliable internet connection is required at all times. When it comes to high volume transactions (i.e. e-commerce, B2C) during peak times such as Christmas sales, the price / performance ratio becomes vital with the cloud service provider. Companies need to compare large data volume and processing time as it may cost more when the same data volume is processed on the cloud or from a different cloud service provider. The same applies to latency time when large data volumes are sent at once and not over a certain period.
As part of the cloud strategy which consists of an inventory of applications, you need to do some design and performance regulations before moving applications to the cloud. Instead of moving applications one by one to the multi cloud, consider which applications can be eliminated or grouped together before considering the migration. If a multinational company runs for example many different CRM applications around the world, a fix and shift approach makes more sense.
Data Storage and Data Management Risks
Companies often use different SaaS applications such as CRM and HR with different private cloud providers and they are integrated in their ERP’s backbone system, often integrated in the companies’ data centers. As these different applications need to be connected to ensure full business value, the secure integration and data flow between these systems is business critical. Other multi cloud options can be that vendors run their cloud in their own data centers or public clouds where customers can access their data. Location, internet access availability and stability of where the data is hosted is important when it comes to high performance requirements or legal reasons where the data must be stored.
Using the multi cloud has a higher data separation risk exposure. The different cloud service providers share resources such as space, servers, virtual containers and other parts of the vendor infrastructure. Shared technologies inside cloud environments are more vulnerable to outside attacks which makes another security risk for companies who are in a multi cloud business model.
Location and Legal Risks
Multi cloud should be about freedom of choice of what and where to run data in the cloud. US based cloud service offerings are more and more expanding their data centers across the world. They first focused in North America and Europe and are now expanding to the Middle East, Asia and Pacific.
For example in 2020, Oracle had 25 regional datacenters and 15 were planned:
Apple, for example, selected Vilborg in Denmark for his first European Data Center location after evaluating Germany and Ireland as alternative locations. The stable Danish electricity grid was one of the reasons for choosing Denmark as the location for its data center. Apple’s services include network support and data storage such as App Store, iMessage, Siri and music streaming in Europe.
Interxion, for example, offers a connection from European locations to the Alibaba Cloud to allow customers to access the Chinese market. Multiple endpoints are available in different regions of mainland China. Leased lines are supported in regions such as Hong Kong, Singapore, and those of the United States. Once connected to the Alibaba Cloud through an endpoint, an on premises data center can access VPC networks in all regions.
Another example is the Swiss software company Temenos, which offers its core banking system Transact as a service from Alibaba’s Chinese cloud. Since they are certified for the Alibaba Cloud, their cloud independent banking platform enables banks to pursue a multi cloud strategy, especially for those institutions which aim to accelerate their go to Asia Pacific market process.
Companies which operate in a specific location appreciate the value in hosting their IT and applications in a secure external site that operate on the highest international standards like those offered from Oracle, Apple, Microsoft, AWS, Google, Alibaba and other major cloud service providers.
The location risks come with legal and price aspects.
Companies need to evaluate in which location data should be exchanged as it impacts the price. Data transmission costs time even within the same location. And it gets more time consuming when data is sent between different locations and between different providers. Prices vary between providers, distance and the services used in those locations.
From a legal perspective, companies should ensure that their multi cloud providers run data centers where these companies operate because the law remains within the country the data center is located. The problem with the US cloud act is that service providers must disclose data stored on their servers outside of the United States if requested by US law enforcement. However, this conflicts with the European GDPR. European companies using US based cloud service providers face the risk that they are violating GDPR even though their data is GDPR compliant. A local cloud service provider could be an alternative especially for sensitive data.
Contracts with a multi cloud provider should comply with GDPR also as a part of the exit strategy when a company is changing the vendor.