Cut through the confusion! Uniform Multi-Cloud Governance and Management
For many organizations, it is becoming increasingly clear, that their digital transformation cannot be accomplished by a direct move into the cloud. Hybrid Cloud will – not always but often – be part of the journey.
The reasons for this are varied. Perhaps you are in a highly regulated industry, where strict data-governance is mandated. Perhaps you wish to reap part of the benefits of a move into the cloud, knowing that the application is not fully cloud-enabled. Perhaps you simply wish to control costs, that are known to increase if your cloud move less-well-governed.
Whatever the reasons, Hybrid tends to become at the very least a stepping stone for many organizations. The question then arises: “How do we ensure that the tools that we employ can do the job?”
Before we get to the answer to that question, however, we must first visit the term Cloud Sprawl. If you have been in the IT-industry for the past decade, you will invariably have come across “server sprawl” as a term for what happens when clusters of servers aren’t being used to their full capacity. It is an issue that most IT organization have faced to some degree during the past 10 years.
Even though cloud IT is still only in it’s kindergarten stages, and is far from reaching full maturity, one might already view Cloud Sprawl as the new Server Sprawl. Cloud Sprawl can be defined as follows:
“Cloud sprawl is the uncontrolled proliferation of an organization’s cloud instances, services or providers. Cloud sprawl typically occurs when an organization lacks visibility into or control over its cloud computing resources.”
Why is this important? It is important because without addressing Cloud Sprawl you will not be able to apply consistent tooling across your hybrid environment – and without consistent tooling you will quickly find yourself managing and governing each application in a slightly different way, which in turn will mean that your organization as a whole will be less efficient and able to capitalize less on the advantages and benefits of your digital transformation.
Principles to establish
So, with that out of the way, let’s get back to the question at hand. How do we ensure that our tooling is up to the task and is consistent across the board?
At Trifork and our cloud operations subsidiary, Netic, we employ the following principles when choosing tools for our operating environments:
- Choose your tools in such a way, that you avoid vendor lock-in
- Make sure that your tooling supports DevOps and containerization (and preferably supported by the Cloud Native Computing Foundation)
- Open Source is fine, if your policies allow it, but make sure that your security tool and your log management solution are supported
If you follow the above principles, you can end up with a tool set that lets you orchestrate your entire cloud application environment using the same tools. This is because with the tool set in hand, you can establish governance principles for your entire cloud environment, regardless whether that environment is…
- Single cloud
- Multi Cloud
- Hybrid Cloud
…or any combination thereof. You get the added benefit of being able to apply the same principles to any future applications – again regardless whether these applications are built in-house, by a 3rd party ISV or is an off the shelf SaaS solution.
What tools do we need?
For a large project in the Danish Health Care Sector that is run and operated in a Hybrid cloud environment, Trifork and Netic have chosen tools within the following categories:
These tools cover most of what your organization will need to manage and govern your entire cloud application environment. There can be niche cases, where other tools are needed, but for most needs, the above tool set is more than adequate.
So let’s talk a bit about cost. Some of the tools that are mentioned above are actually quite expensive to buy in fully supported versions. It is always a difficult decision, whether to buy software licenses to support your Hybrid Cloud environment.
As mentioned above, Trifork recommends to acquire supported versions of your security tools and you log management solution. For the other tools, it will depend on your organization. What do your policies state? Is Open Source approved in your organization?
And most importantly: How critical is the application?
If you have any questions, feel free to reach out to us.