Analyst Report: How to define the right multi-cloud strategy for your enterprise the first time

1 Summary

The days of the single cloud are gone. Driven by the breadth of technology options, potential cost savings, and the need for business agility, more than 74 percent of businesses are already moving to a multi-cloud strategy. However, enterprises making the move face critical choices, and a failure to consider common risks can diminish or even eliminate the benefits of multi-cloud.

This report will help CIOs, application architects, and IT decision-makers identify common patterns of implementation failures and successes and provide a framework for evaluating multi-cloud environments. Key findings include:

  • The use of multi-cloud environments is exploding, providing better and more productive options for enterprise IT.
  • To manage cloud and traditional resources through a “single pane of glass” and maximize multi-cloud efficiencies, IT must embrace cloud management platforms (CMPs).
  • CMP technology varies a great deal from provider to provider, but common patterns are emerging. The use of policy-driven governance seems to be the dominant and most desired approach.
  • Those who build their own multi-cloud strategy need to first consider the business and technology requirements. This naturally leads to the cloud platforms they are likely to leverage, and that leads to the governance or CMP solution that is the best fit.

2 Introduction

As businesses decide to store and deliver more applications, business services, business data, information, and content through the cloud, it’s no longer logical to talk about one company cloud. The days of a single enterprise cloud are history. Instead most companies are gravitating toward a collection of clouds (multi- clouds) to meet all of their requirements.

Why the move to multiple cloud environments? The use of multi-clouds has evolved from patterns of architecture. Many business departments want to use cloud computing within public clouds, outside of the company firewall. Historically IT created private clouds connected to data centers. Hybrid clouds are a combination of the two models. Today we have many different types of public and private clouds that provide security, governance, and management tools to support other clouds and get combined to create a composite solution.

Enterprises move to multi-clouds for a variety of reasons:

  • Single cloud solutions typically don’t provide the breadth and depth of functionality that enterprises require for all of their cloud computing solutions, so they mix and match public and private options.
  • The rise of CMPs gives enterprises a single interface to help provision, manage, and scale complex environments.
  • Usage-based pricing makes it easier for enterprise IT to evaluate the cost of cloud computing, including show-back and charge-back services.
  • Companies that want to move applications into public clouds need a range of services, including different database, middleware, development, and compute services, and this drives the use of multi-cloud computing platforms.
  • The growing use of platforms, infrastructure, and software in the cloud results in multiple forms of clouds. Consequently, IT must often support two or more public clouds for development and operations teams that use the cloud to create new business applications and services.

A recent 2014 RightScale State of the Cloud report proved that the movement to multi-cloud is real. As you can see in the figure below, 74 percent of those surveyed stated that multi-cloud was their current strategic direction.

Screen Shot 2014-05-15 at 5.56.56 PM

However, those enterprises moving to multi-cloud face some critical choices, including the types and brands of cloud to leverage as well as the approaches and technology to manage a multi-cloud solution. The approaches that enterprises leverage seem to have some common patterns of failure as well as patterns of success.

The major patterns of failure include:

  • Little consideration of the core requirements of the business. Instead departments drive aspects of the cloud strategy without a holistic understanding of the scope of requirements. An example would be departments that leverage cloud for tactical capabilities, insist that enterprise IT take over maintenance, and thus end up with a cloud strategy by default. No strategic planning goes into this type of approach, and enterprise IT ends up with a hodgepodge of public and private clouds with no order or architecture.
  • Failure to consider fundamental technology issues—including governance, security, management, and performance, all of which are required when supporting a multi-cloud environment—creates solutions that are sub-optimal, and various aspects of the solutions will need to be addressed in the very near future.
  • Failure to consider application development and deployment, including the use of emerging devops tools, technologies, and approaches. The developers should be part of the multi-cloud strategy, including the selection of the right development and runtime cloud platforms. Indeed, development and deployment on and to multiple clouds requires a different approach to application development and testing as well as to how data is bound to the applications and distributed. Without an understanding of how to best leverage multi-cloud, developers may not be able to find the value.

Major patterns of success includes:

  • Creating a common understanding of architectural components before selection of cloud-based solutions, including database, security, governance, etc. This reduces the amount of mismatched cloud technologies that are leveraged and eliminates the need to replace those technologies in the near future.
  • Creation of a common multi-cloud management and governance strategy before attachment of the public and private cloud solutions. This means the cloud resources governance layer is established using CMPs, including resources automation (e.g., groups of cloud services automatically provisioned and de-provisioned in support of a changing processing workload).

3 Good architecture or hedging bets?

Multi-cloud architectures have their own sets of pros and cons. The core question that many enterprises ask is: How much cloud heterogeneity is a good thing? Also, when does heterogeneity bring too much complexity and risk?

Enterprises that tried to maintain homogenous on-premises IT infrastructures lost the battle a long time ago. Typical enterprise architectures have been built through years of solving tactical problems with whatever technology seemed to be right at the time. Over the years, these on-premise technology solutions became very heterogeneous and thus very complex.

Multi-cloud should not evolve the same way. Those charged with picking the right cloud technology should consider the solution patterns to fit the problem patterns and use that as a guide to select and deploy the right public and private cloud technologies. While some may find that a single cloud provider is the best solution, as we can see in the previous figure, most are driving cloud solutions using best-of-breed technology and thus end up with a number of cloud types and brands.

While this is not the first time that enterprises moving to new technology have faced the “homogeneous versus heterogeneous” question, the movement to cloud computing brings some new challenges and some confusion. Clouds are indeed platforms, but they are also platforms that provide common resources that other cloud brands may share.

Clouds take more of a service-oriented approach to architecture, and the enterprise typically ends up with a common services catalog that may link back to many types and brands of clouds. Cloud represents a collection of services that can be mixed and matched to form applications, more so than monolithic applications themselves (see the figure below).

Screen Shot 2014-05-15 at 6.02.13 PM

For instance, the ability to take storage services from one public cloud provider, mash them up with compute services from another provider, and perhaps introduce database services that are running on-premises creates an opportunity to build solutions out of best-of-breed cloud services, which is the primary driver of multi-cloud use.

That fact alone provides a solid foundation to justify leveraging a multi-cloud approach. The more clouds you leverage, the more services you have in your catalog, and thus application development becomes more of an assembly process. This allows enterprises to quickly build or change applications, providing the value of agility and speed-to-market for the business. This agility is the fundamental way that cloud computing provides value. The more clouds (e.g., multi-cloud), the more the business is able to solve problems or adjust to changes in the market, and that means more money can be made.

4 The role of cloud management platforms

There are three basic ways to manage multi-cloud architectures:

Provider native governance and management

First, businesses can manage cloud resources using the native interfaces and consoles offered by the cloud providers themselves, which are called provider native governance and management (see the figure below). This approach deals with the complexity of the cloud deployment head-on, using the cloud provider’s governance or management tools. If a business leverages many cloud providers, such as Amazon Web Services (AWS), Google, and Rackspace, it has to leverage the native interface of each.

Screen Shot 2014-05-15 at 6.03.51 PM

The provider native governance and management approach typically won’t scale, and it won’t be operationally effective over the long term. There are too many moving parts to consider, and people must manage the complications without the advantage of automation. However, enterprises often take this approach in the absence of a solid understanding of other options.

Cloud service/API governance

A cloud service/API governance approach focuses on automation and governance at the cloud services layer. Cloud services governance is a general term that refers to the process of applying specific policies or principles to the use of cloud computing services or APIs. The objective of cloud services governance, as well as tools that provide support for this concept, is to approach governance by placing policies around the services/APIs themselves, typically for the purposes of tracking, security, and management. Examples of cloud service/API management tool providers include Layer 7 (now a part of CA Technologies), MuleSoft, WSO2, IBM, and others. These are typically older tools that moved out of the service-oriented architecture (SOA) world into cloud computing.

Cloud management platforms

Businesses can manage these intricate interfaces through the use of a CMP, such as those offered by RightScale, ServiceMesh, Dell, Hewlett-Packard, BMC Software, Cisco Systems, and others. CMPs are also governance technology and methodologies but take a different approach than services governance by focusing on the cloud resources themselves, such as storage, compute, and database services, instead of just the interfaces into the resources, such as services or APIs.

There is some overlap between cloud service/API governance and CMP in terms of approaches and how they interact with certain aspects of private and public clouds. However, the primary objective of CMP technology is to make multi-cloud solutions easier to manage by placing an abstraction layer (also called a “single pane of glass”) between those who manage the multi-cloud architecture and the private and public clouds as well as the existing internal systems (see the figure below).

Screen Shot 2014-05-15 at 6.04.46 PM

Taking this CMP approach means that:

  • You place an abstraction layer between yourself and the many different interfaces into the public and private clouds, as well as other automation services, such as Puppet and Chef. The CMP can account for the differences between the CMP console and the clouds and internal systems under management.
  • You automate the use of affected resources via policy-based approaches that can work with many back-end cloud-based technologies as a single unified system. As a result, you can more easily provision across many types of clouds to manage heterogeneous information systems, perhaps using one cloud for data, another for compute, and yet another for storage.
  • The ability of the CMP approach to place these resources behind a “single pane of glass” allows you to place complexity into a single domain with good automation and good controls. This approach trumps the approach of just dealing with the native interfaces, which quickly reaches the tipping point of over-complexity and disorder.

Importance of being policy-driven

The core capability of CMP technology is its ability to build around the need to change. In other words, it’s the ability to manage complexity using centralized governance and abstraction capabilities. These governance and abstraction capabilities must allow for the management of IT resources, including devops, using a centralized and configurable system that addresses the need for:

  • Control and management
  • Governance and security
  • Abstracting complexity
  • Systems development life cycle (SDLC) management

Although each CMP tool differs in the types of capabilities they offer, enterprise IT can typically place polices around any number of IT assets. Here is a list of policy types as leveraged by ServiceMesh as an example:

  • Access policies: Role-based access to cloud services, including federated identity management
  • Entitlement policies: Limit user access to specific assets types
  • Deployment policies: Limit deployment of workloads and data to authorized environments
  • Storage tier policies: Limit deployment of data to a storage tier with appropriate service levels
  • Orchestration policies: Apply multiple layers of policies across assets and services in order to enforce configuration management standards and standard operating environments
  • Service level agreement (SLA) policies: Dynamically scale up and scale down application/platform topologies based upon compound auto-scaling rules and thresholds
  • Security policies: Enforce security zone compliance with policies that configure multiple third-party security tools and utilities
  • Life cycle event policies: Enforce policies at events that include SDLC stages, third-party systems events/notifications, and event correlations from event streams
  • Backup and failover policies: Enforce high availability and disaster recovery policies
  • Resource constraint policies: Limit the quantity of IT resources consumed
  • Lease and scheduling policies: Limit the duration and scheduling of IT resources deployed
  • Chargeback/metering policies: Limit resource consumption and meter consumption based upon customizable pricing models
  • Configuration management policies: Detect non-sanctioned configuration changes and reapply the approved configuration along with the appropriate alerts/notifications

The larger solution that a CMP brings is the ability to place an abstraction layer between enterprise IT and the resources they control. This approach will remove many of the issues around complexity without driving risky and massive changes to the IT architecture and infrastructure. However, in order for a governance system to succeed, it needs to understand how to access and control most of the major IT assets, both cloud-based and traditional. The next section provides a step-by-step approach.

Who’s leading and who’s interesting?

There are a number of CMP providers, including those from existing governance and management players such as BMC Software, CA Technologies, HP, IBM, and others. New startups such as Gravitant, ServiceMesh, CliQr, and others (see the figure below) are also gaining traction. Recently ServiceMesh and Enstratius were scooped up by Computer Sciences Corporation (CSC) and Dell, respectively, and you can expect other smaller CMP providers with traction to be on the shopping lists of the larger enterprise software and services players.

The leading players seem to be those from existing software firms that may owe their lead to the number of salespeople walking the hallways of enterprises rather than the value of their CMP technology, such as HP, BMC Software, and IBM. However, it’s the smaller players that seem to provide the more feature-rich and innovative solutions. For example, RightScale seems to be dominating the market right now, mostly by focusing on AWS, which holds the majority of the public cloud market. However, RightScale has been diversifying lately, supporting more public and private clouds. ServiceMesh and Gravitant are also gaining ground and likely to be in the top five when considering CMPs.

There are dozens of CMP players. Understand that each approaches cloud management in varying ways. Gigaom Research’s Sector RoadMap: Multi-cloud management in 2013 covered some of these variations in approach and technology. However, what’s critical to selection of the right CMP tool is the ability to understand your existing requirements and how the technology is able to address those requirements. We’ll walk you through the process of understanding your own needs in the next section.

5 Creating a multi-cloud strategy from the ground up

Creating your own multi-cloud strategy for your enterprise is a process. As part of this process, you must:

  • Understand your core business and technology requirements
  • Select the private and public clouds that are right for your requirements
  • Develop a management approach
  • Select the management technology (CMP)

The figure below depicts this process at a high level. Items for consideration depend largely upon your own needs. Hosting endpoints are where workloads will ultimately reside. In many instances, the workloads will stay where they are if the benefits of cloud computing are not apparent or are cost-ineffective.

Screen Shot 2014-05-15 at 6.08.55 PM

As part of the process of building your multi-cloud strategy, you should:

  • Understand the business, including the business values in terms of moving to the cloud and how that value should be defined (for example, cost-efficiency, agility, time-to-market, etc.)
  • Understand the infrastructure, including existing storage and compute requirements as well as future requirements
  • Understand the applications, including which applications are critical to the business. This should include the data bound to the applications as well as governance and security requirements directly related to the applications.
  • Define the targets or the hosting endpoints (as defined in the figure above), which means defining the likely private and public cloud targets for the infrastructure, applications, and data.
  • Define the distribution or how the applications, data, and infrastructure are likely to be distributed on the targets (for example, storage on AWS, compute on Google, and data that resides on a private cloud, and so forth)
  • Define security, including all security requirements at the application, data, and infrastructure levels. This should include compliance, and mapping existing approaches for security to the use of clouds, including multi-cloud. At this time, you need to begin to consider the use of cloud services and CMP technology, now that we’re beginning to understand our core requirements.
  • Define governance, including the types of polices to create and what those polices may cover. Use the list of polices as defined above. Make sure to define approaches to both service/API and resources governance (CMP), including selection of the right technology (see previous section).
  • Define implementation and operations referring to the planning required to implement your applications, infrastructure, and data on the new multi-cloud platform. This should include operations planning, such as which procedures will change, as well as roles and responsibilities.
  • Define resource management and automation, the final step in binding automation activities to the CMP and then to the multi-cloud implementation. This allows you to automate key activities, such as the auto-provisioning of servers, monitoring cost consumption, and supporting devops. This removes enterprise IT from having to manually manage multi-cloud resources.

Moving forward

Enterprise infrastructure is evolving quickly. There is the move to cloud-based platforms, public and private, and the necessity to mix and match this technology with traditional systems to provide increased business agility. This agility can only be obtained with the drive to place things that change into a configurable domain around a sound governance strategy and platform.

As enterprises move to multi-cloud deployments, the need to both create and implement a multi-cloud strategy becomes more critical. This includes understanding the core business requirements and the selection of the right technology, such as the target cloud platforms and the CMPs. If this process is not underway at your enterprise, it should begin very soon.

6 Key takeaways

  • The use of multi-cloud is exploding, providing better and more productive options for enterprise IT. While multi-cloud brings more complexity to the use of cloud, it also brings more productivity.
  • In order to make the most of multi-cloud architectures, enterprises need to leverage new approaches to governance, including cloud governance at the service levels as well as at the resource levels using CMP technology. This allows enterprise IT to manage cloud and traditional resources through a “single pane of glass.”
  • CMP technology varies a great deal from provider to provider, but common patterns are emerging. The use of policy-driven governance seems to be the dominant and most desired approach. This should include tight integration with security and automation services.
  • Those who build their own multi-cloud strategy need to first consider the business and technology requirements. This naturally leads to the cloud platforms they are likely to leverage, and that leads to the governance or CMP solution that is the best fit.

7 About David S. Linthicum

David (Dave) S. Linthicum is with Cloud Technology Partners. Linthicum is an internationally recognized industry expert and thought leader and the author and co-author of 13 books on computing, including the bestselling Enterprise Application Integration (Addison Wesley). Linthicum keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration, and enterprise architecture, and he has appeared on a number of TV and radio shows as a computing expert. Linthicum’s latest book is Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide.

8 About Gigaom Research

Gigaom Research gives you insider access to expert industry insights on emerging markets. Focused on delivering highly relevant and timely research to the people who need it most, our analysis, reports, and original research come from the most respected voices in the industry. Whether you’re beginning to learn about a new market or are an industry insider, Gigaom Research addresses the need for relevant, illuminating insights into the industry’s most dynamic markets.

Visit us at:

9 Copyright

© Knowingly, Inc. 2014. "How to define the right multi-cloud strategy for your enterprise the first time" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact