10 Lessons Companies are Still Learning during their Multi-Cloud Journey

Veritas Perspectives August 31, 2021

Nothing good comes easy. Virtually every company in the mature phase of their multi-cloud journey has experienced unforeseen pitfalls. The benefits companies are gaining by utilizing a combination of public, private, and hybrid clouds are obvious – getting better pricing for cloud services, gaining more workload agility, achieving greater business resilience, to name a few. But most likely more than a few enterprises that have fully adopted a multi-cloud strategy are thinking: “If I had a do-over, I might have done things differently.” If they could go back in time to when they relied heavily on legacy IT systems and on-premises infrastructure, just starting their multi-cloud journey, what would they have liked to have known then?

Let’s look at 10 examples of what would have been helpful to know then:

  1. I wish I knew that ransomware would target SaaS data. Just a few years ago, the main targets of ransomware were on-premises storage devices and file servers. Today’s ransomware makes those iterations look like child’s play. Ransomware attackers are getting bolder, targeting open-source tools, software-as-a-service applications, and VPNs. This puts more pressure on organizations with growing multi-cloud operations to have a robust data protection strategy for their SaaS-based data, prior to moving their workloads to the cloud.
  2. I wish I knew about egress fees. Cloud providers may charge anywhere from 5 cents to 20 cents per gigabyte in egress fees – charges to move your data out of their cloud. Not only does this make it more difficult, but also costly to shift data and workloads from one cloud provider to another. Many enterprises have been stung by egress fees, especially when their cloud footprint is more established.
  3. I wish I realized that I would be responsible for cloud data protection, not my CSP. Incredibly, 69% of enterprises in Veritas’ Truth in Cloud study believed their cloud service provider was responsible for data protection and data privacy. This is not only wrong, but dangerous. Buried in CSPs’ end-user license agreements is language saying that the customer is responsible for protecting their data. This can leave a significant gap in cloud-based data protection.
  4. I didn’t realize meeting data privacy and sovereignty laws would be so complicated. When storing data in the cloud, it’s not always clear where physically the data is stored. That makes it incredibly complicated to determine whether your procedures around storing and protecting cloud-based data are meeting local consumer privacy laws, like GDPR, as well as data sovereignty laws. Too many enterprises have paid compliance fines for missteps related to cloud-based data.
  5. Predicting cloud service and storage needs is difficult. It’s great to be able to scale your public cloud compute and storage on-demand, paying as you go. But you need to be able to keep adjusting your predictions of future cloud needs. Many enterprises overpay, consuming more cloud resources than they need, costing them more. This is especially true for heterogeneous, more complex multi-cloud environments.
  6. Finding people with the right skills is nearly impossible. Not surprisingly to anyone, there is a worldwide shortage of software engineers, system administrators, and others capable of building solutions using cloud-native technologies. Enterprises are doing everything they can, including upskilling and reskilling, but the skills gap continues to threaten and slows their multi-cloud journey.
  7. I didn’t anticipate the cultural change needed. Maximizing your investment in multi-cloud approaches requires that teams are constantly and dynamically adapting to the needs of the business. Teams need to work at breakneck speed and collaborate more closely to gain business advantage.
  8. Governance and control are complex. Governance was relatively easier when most infrastructure was on-premises. But in today’s complex multi-cloud environments, IT doesn’t have great visibility into which business units are spinning up which cloud services, on their own – meaning they don’t have a good sense of how those services are being used and the risks involved. Adapting real-world governance processes to include public, private, and hybrid clouds is much easier said than done.
  9. I didn’t realize how important cloud performance would turn out to be. As enterprises are increasingly dependent on cloud service providers to store their data and provide the infrastructure to run workloads, their business could be heavily impacted by a cloud outage. This is why it’s so vital for enterprises to have an effective data backup and disaster recovery strategy covering their cloud environments, so they can minimize business disruption if a CSP goes down.
  10. I wish my multi-cloud backup and data protection was more unified. With companies spreading their data across physical, legacy, and cloud workloads, many find that understanding the nuances of each CSP’s security and monitoring tools takes valuable time and effort. A unified approach to data protection identifies where mission-critical data is stored and provides a solution to recover it quickly in case of disaster.

These 10 examples are tied to good planning. Not only carefully planning the deployment of cloud workloads, but good resiliency planning to keep your cloud data protected. Those enterprises that have the right mix of people, tools, culture, governance, and resiliency planning are best positioned to minimize risk, cost, and complexity on their multi-cloud journey.

Anthony Cusimano
Sr Mgr, Product Marketing CMO
VOX Profile