Multi-Cloud Strategy: Establishing an Organization Wide Multi-Cloud Strategy (Part 2 of 3)

BY VISHAL DESHPANDE

Companies and government agencies are increasingly benefiting from using cloud services. The proliferation of cloud services provides them options to choose the right cloud service for their specific business workload(s). However, by opting for this multi-cloud approach, organizations are faced with risks to their governance structure, data architecture and security controls. To address these challenges, organizations need to develop and implement a multi-cloud strategy. When implemented correctly, organizations can maintain their cloud instances in a single security architecture, securing the movement of data across applications, ultimately reducing cybersecurity risk. Our first article in this series highlighted the need to develop a multi-cloud strategy and helps you navigate the challenges to achieve your business and mission outcomes.  Today, in part 2 of 3 of FI Consulting’s series on multi-cloud strategy, Vishal Deshpande explores the best practices to get your organization on the road to a comprehensive multi-cloud strategy.

Establishing Organization Wide Multi-Cloud Strategy

In today’s IT landscape where cloud is becoming the common choice for their IaaS, PaaS and SaaS offerings, organizations must embrace multi-cloud strategy either in a homogenous or heterogenous setups where –

  • A homogenous cloud includes several different clouds but all from the same vendor. For example, an organization that uses the Azure public cloud for some applications and the secure Azure Gov Cloud for mission critical and sensitive data requirements is using homogenous cloud. These are separate clouds from the same vendor.
  • A heterogenous cloud includes cloud resources from two or more cloud vendors. For example, an organization using Azure cloud for its business applications tied to their MS Office suite and using AWS for data analytics and machine learning applications is considered using a heterogenous cloud approach.

Before adopting and migrating to cloud, it is important to establish an enterprise-wide strategy that would provide organizations with control structures around the cloud resource usage, cost, billing and performance. The strategy should enable enterprises to adopt new developments and service offerings from the cloud providers. One way to achieve this is to start with establishing a Cloud Center of Excellence (CoE) with enterprise-wide authority to establish protocols and control structures governing cloud resource usage for the enterprise. The CoE should include key personnel from the organization’s business units looking to use cloud resources for their applications and services and subject matter experts on the cloud platforms being used. By bringing these key stakeholders and knowledgeable experts together, the CoE is built on a strong foundation keeping the needs of the programs at the forefront while utilizing the inherent strengths of cloud systems.

Responsibilities of the Cloud CoE

  • Cloud Governance policies – Define and continuously monitor protocols for cloud resource provisioning, cost controls, budgets and billing structures and operations. Cloud governance also includes defining protocols for managing risks and security of the cloud infrastructure.
  • Data Governance policies – Define protocols for data usage across different cloud platforms, data exchange between cloud platforms and resources, and data access controls. Data governance also includes defining data retention policies and protocols for agency wide disaster recovery (DR).
  • Security Protocols – Define the minimum-security protocols that should be applied across all cloud platforms to be used in the organization, map and adapt industry standard security controls like NIST-800, FedRAMP, CJIS etc. as applicable to the organization and its applications and services.
  • Communication Protocols – Define communication protocols for information dissemination regarding the cloud control and governance structures, data access controls and usage policies and system security protocols.
  • Enablement Program – Establish protocols for cloud adoption and cloud migrations for all business units looking to deploy their applications and services on cloud.

Once an authoritative CoE is established, organizations can then proceed to developing a cloud strategy that embraces the different cloud platforms that the organization intends to use and start their cloud migration and cloud adoption process.

Join us on November 3rd for the final segment of our series on multi-cloud strategy. We will discuss how organizations can transition to cloud environments to meet their needs with centralized cloud, data governance, and security policies established by the Cloud CoE.

If you are interested in learning more about how FI Consulting can support your organization in developing a successful multi-cloud strategy, please email contact@ficonsulting.com or call us at 571.255.6900.