Businesses are steadily migrating more of their information technology (IT) environment to the cloud. The cloud computing market continues to grow at an impressive rate and it’s expected to be over $940 million by 2026. The percentage of corporate data stored in the cloud continues to grow, reaching approximately 60% in 2022.

Adopting a methodical approach is the key to successful cloud migration. Whether a company wants to move its complete infrastructure or perform a limited migration involving specific applications, the following steps are essential in facilitating the move.  

Develop a Compelling Business Case 

A valid business reason for the move needs to be identified before embarking on a cloud migration project. Adopting a cloud solution simply because it is a trendy thing to do is a big mistake. Companies should be looking for migration to achieve specific goals such as cost savings or providing greater data accessibility to a remote workforce.  

Choose a Migration Strategy 

Organizations can migrate systems or applications to the cloud using a variety of strategies. In a large migration, several strategies may be implemented simultaneously to address multiple workloads. 

• Rehosting, also known as lift and shift, deploys current apps and data without modification using cloud resources. 
• Refactoring involves minimal modification to optimize the use of cloud resources and functionality.
• Revising takes current applications and performs extensive modifications to further optimize the use of the cloud.
• Rebuilding recreates a workload and tailors it to take full advantage of cloud-native services 
• Replacing a current workload with a cloud solution such as an SaaS application is also an option. 

Select a Cloud Environment 

The next choice a business needs to make is the type of cloud environment it will implement. The choices are: 

• Private cloud - a small cloud environment created within an on-premises data center;
• Public cloud - cloud infrastructure and services delivered by a commercial cloud provider;
• Hybrid cloud - a mix of public and private cloud solutions;
• Multi-cloud  - a mix of public cloud solutions from multiple vendors. 

Choose the Deployment Model 

Migration can involve implementing one or several of the following three deployment models. 

• Infrastructure as a service (IaaS) - provides cloud-based infrastructure components;
• Platform as a service (PaaS) - offers dedicated platforms built on cloud resources;
• Software as a service (SaaS) - cloud-native applications. 

The choice of deployment models is influenced by an organization’s chosen migration strategy. 

Select the Right Cloud Provider 

Cloud providers should be evaluated to determine which one offers the most effective solutions. There can be substantial differences in the offerings and pricing plans of competing cloud providers that need to be considered before initiating a migration. Taking the time to find the right provider will pay dividends in the long run.  

Understand the Provider’s Shared Security Model 

Security in the cloud is a responsibility shared by the customer and provider. These responsibilities change based on the deployment model. Customers are always responsible for certain aspects of security such as protecting individual accounts and user identities. Companies need to fully understand their role in protecting their data in the cloud. 

Planning and evaluation go a long way toward initiating a beneficial association with cloud computing. Following these six steps gives a company an excellent chance of successfully migrating its workload to the cloud.

The cloud is one of the critical parts of any business today. Most organizations are choosing to migrate to the cloud due to various advantages it offers, ranging from cost to ease of management due to the availability of qualified professionals that cloud service providers have. The cloud has the ability to provide high on-demand data storage, resources, expertise and other services proactively based on the need of the customer. This is a massive improvement from the traditional data center model which is rigid and expensive. Migrating to the cloud helps you cut costs. If you are planning to move your business to the cloud, here are a few things you need to consider.

1. Is cloud migration the right solution for you?

To ensure that the choice of migrating to the cloud is the right one, you need to first look at different options or factors that come with making a decision to move to the cloud and whether business expectations will be made. Look at your available resources, and have a clear understanding of your operations, capacity, and size that your business requires. Look at every single piece of hardware and application that you have so that you can successfully determine whether the cloud can store and process crucial data. Also, look into the applications that are ready to migrate to the cloud.

2. Public, private or hybrid cloud

When migrating to the cloud, there are three main cloud environments to choose from. You can choose from public, private or hybrid models. The public cloud is the least expensive way that allows you to get scalability and availability offered by the cloud. However, the problem is that you will share resources with other cloud users. Furthermore, the security responsibility is shared between you and the cloud provider while the provider will be responsible for the underlying hardware.

A private cloud is another model you can consider. Under this arrangement, the hardware resources are dedicated to your organization alone. However, this comes with cost implications. The good thing is that you will benefit from scalability and availability. You will also isolate your data from other cloud customers.

A hybrid cloud is a mix of private and public clouds. Clients often choose this when they want to keep sensitive components on-premise or when they want to leverage the existing server assets while still having some utility.

3. Cloud platforms

Most companies are faced with overwhelming options for cloud technology and service providers. It becomes even more confusing when CIOs fail to stick to a single provider but instead choose more than one cloud provider for a business. For your business, you can choose between the available, tried and tested cloud providers such as Amazon, Microsoft and Google among others.

4. Cloud management team

As you migrate to the cloud, you need to find out if there is a specialized cloud team to migrate and ensure that your cloud plan is executed well from start to finish. You should be in a position to contact this team directly if you come across any problem or concern. This is the team that will monitor your application as they get integrated into the cloud. The team will also fix any functionality issues and collect data and feedback from users.

5. Consider security and new challenges

When migrating to the cloud, mostly in the hybrid model, new security challenges emerge. Therefore, as you start this journey, you need to check all the security problems and the current solutions. New security challenges need new solutions to secure, detect and prevent security breaches in the cloud. When done properly, you can know the challenges and address them accordingly.

Secure Access Service Edge (SASE) is a cloud model that combines network and security functions in a comprehensive cloud service. The term is pronounced “sassy” and is intended to allow organizations to manage network and security tools in a single consolidated interface. SASE has minimal hardware requirements and operates independently of where users and resources are physically located.

What is SASE? 

SASE combines cloud-native security functionality with VPN and SD-WAN capabilities delivered as a service from a cloud vendor. The following foundational components make up a SASE offering. 

• Software-Defined Wide Area Networking (SD-WAN) - This connectivity architecture separates networking hardware from a physical control layer.  

• Zero Trust Network Access (ZTNA) - Zero trust assumes that every network connection is a potential threat that must be authenticated before allowing access. It is an essential security technique where users and sensitive data resources are located in multiple locations. 

• Cloud Access Security Broker (CASB) - This SASE component enables companies to mitigate cloud security risks by enforcing corporate data privacy and security standards. CASB allows the enforcement of security policies as users access cloud services. 

• Secure Web Gateway (SWG) - The purpose of this component is to protect online devices from malware infection and enforce an organization’s security policies. The SWG provides visibility and control of enterprise web traffic.  

• Firewall as a Service (FWaaS) - Delivering a firewall as a service enables the implementation of advanced capabilities like intrusion prevention, advanced threat protection, and web filtering.  

Why do Companies Need SASE? 

The impetus behind SASE is the evolving computing landscape that has made traditional connectivity and security measures obsolete. Focusing on security and connectivity at the data center level cannot effectively address modern, cloud-based infrastructures and the challenges of supporting a mobile workforce. Factors driving the adoption of new techniques include: 

• Users need the ability to connect securely from any location.
• Cloud services are running more workloads and handling more user traffic than traditional data centers.
• Software as a service (SaaS) applications are replacing locally hosted solutions.
• Businesses are storing more sensitive data in cloud services. 

SASE addresses these issues by offering a methodology for managing connectivity and security without relying on routing traffic through an on-premises data center. This enhances security and improves productivity. 

Benefits of Implementing SASE 

Companies can enjoy multiple benefits from a SASE implementation.  

• Network security costs and complexity can be reduced by obtaining a SASE solution from a single cloud provider.
• Enabling a ZTNA enhances security by basing access on the identity of users and devices rather than potentially spoofed elements like IP address or location. 
• Reduced latency with optimized network routing provides better performance and productivity.
• SASE promotes business agility by reducing the risk when introducing new applications and services. Companies can capitalize on emerging trends without undue security concerns.
• Greater security is enforced when providing network access to remote and mobile employees. 
• Security is managed centrally and enforced locally with the SASE architecture for more consistent results across an organization. 

The scalability and agility required by modern businesses are driving the adoption of SASE solutions. Companies need to ensure security while providing customers with the best user experience. SASE provides an SaaS solution for secure remote connectivity. 

Businesses looking to optimize their cloud computing investment are increasingly turning to a multi-cloud approach. This strategy enables them to implement the most attractive and business-impacting offerings available from public cloud service providers (CSPs). Adopting a multi-cloud approach provides businesses with several advantages that enable them to be more competitive.

What is a Multi-Cloud Solution? 

A multi-cloud solution involves a company deploying products or services from more than one public CSP. The concept of multi-cloud is often confused with the hybrid cloud model, but they are very different. A hybrid cloud is built with public and private cloud components. Multi-cloud solutions only employ offerings from public cloud vendors. 

In a multi-cloud environment, an organization centrally manages specific products and services chosen from pubic CSPs. The ability to choose the best offerings from multiple options results in more effective solutions to address business objectives. 

Advantages of a Multi-Cloud Approach 

Companies adopting a multi-cloud strategy stand to enjoy benefits not possible when limiting themselves to a single CSP. The ability to select specific products from multiple vendors provides a company with the following benefits. 

• Access to cutting-edge technology - Competition is fierce between CSPs intent on developing new technologies. A multi-cloud approach provides companies with the opportunity to implement the latest and greatest developments from any vendor. 

• Enhanced business agility - Changing business trends can often be more effectively addressed by working with multiple CSPs. A dynamic environment can adopt targeted solutions that meet distinct business objectives. 

• Increased resiliency - A multi-cloud approach separates applications and infrastructure components in the data centers of several vendors. This results in increased resiliency and protects a business if one vendor experiences serious problems. 

• Improved customer experience - Meeting customer trends and exceptions is essential in competitive businesses. The multi-cloud mindset allows decision-makers to deploy solutions that improve the customer experience and grow the business. 

• Cost savings - Organizations can evaluate offerings of multiple CSPs and select the most cost-efficient solutions. Similar products or services can be priced very differently and provide substantial financial savings. 

Challenges of a Multi-Cloud Approach 

Organizations implementing a multi-cloud environment face several challenges. Navigating these difficulties efficiently is necessary to achieve the potential benefits. 

• There is increased complexity involved with managing services and licensing from multiple vendors.
• Security vulnerabilities can be introduced by spreading data across multiple infrastructures.
• It may be difficult to integrate products from multiple vendors to produce the desired results for the business.  

The Bottom Line 

Today’s competitive business landscape demands creative thinking throughout an organization. The decisions made when selecting and implementing information technology (IT) solutions can make a huge difference in a company’s ability to compete.  

A multi-cloud approach provides the agility and access to technology a business needs to thrive. While it may present a few challenges, the benefits of a multi-cloud computing environment make it an attractive option for companies attempting to extract the maximum value from the diverse offerings of public CSPs.

Being an IT manager means that you must stay on top of the game at all times. It means that you know what is going on and anticipate the needs of your end users, in addition to solving issues before they arise. With this, users can perform better, and the business can flourish. One of the things you must be aware of as an IT manager is cloud computing. In recent years, there have been growing talks on cloud computing and what it can do. With businesses going digital, perhaps now is the right time to better understand this technology. The entry of the cloud has immensely increased the growth of businesses and their efficiency. As we move into a new era technologically, there are questions regarding how the cloud will change the business landscape. Here are some cloud computing trends for the new decade:

1. Companies will deploy more workloads to the cloud

According to Gartner, businesses will deploy 95% of their new digital workloads on cloud-native platforms by the middle of the decade. By doing this, they will embrace technology more and more, move their organizations forward, and commit to modernizing them for the long term. However, this means that they have to know the information needed so that they can reap benefits. Organizations must constantly update their workloads to match the changes as the cloud continues to evolve fast. 

2. Multicloud and Hybrid

There is a growing number of solutions that offer agility, customizability and non-compromizability in the market starting in 2022. With the past cloud services, you could only choose between private and public solutions. Cloud solutions offered accessibility and pay-as-you-go services, while the private cloud, on the other hand, offered more security for data storage. With the availability of hybrid solutions such as Microsoft Azure, you can keep certain types of data on public servers. The data you can keep on public servers include the ones customers need to access often. You can also store sensitive data on private servers to control and monitor it as you deem fit. 

3. Artificial intelligence

As Artificial intelligence continues gaining fame, consumers expect new software platforms to incorporate it. Therefore, 2022 going forward, will see an increase in the number of technologies to meet customer demand. Cloud computing must adapt to deliver the said services to the consumers. According to Verified Market Research, the market value for AI will be over 850 billion by 2028. AI platforms will require more processing power and bandwidth to support this. This is where cloud computing will come in to help AI projects succeed. 

4. Serverless cloud technology

Every IT manager dreams about streamlining workload and ensuring efficiency. Serverless cloud technology may be the thing you need to achieve this. With this technology, you can automate some tasks you consider tedious. This helps you maintain your server infrastructure in the best possible way. Between 2022 and 2026, there will be a high demand for serverless technologies, according to research by Motor Intelligence. The research indicates that serverless computing will rise by 22.6% between 2022 and 2026. With this, users do not need to invest in resources and capital. 

5. Cloud Security

Implementing the cloud in an organization is one of the most powerful steps you can ever take. However, all is not well until you consider the security of your data and systems. You must first consider ways of mitigating risk and implementing data security procedures to prevent bad actors from causing havoc. As cloud computing takes over the information landscape, developers will increasingly work on projects that improve cloud security. There will be a possible increase in the adoption of Secure Access Software Edge (SASE). Gartner reports that at least 40% of companies will create commitments to include SASE in their toolkit. 

If you work in an IT department or an executive position in an organization, you have probably heard of how enterprises are investing in cloud computing and taking their computer systems and applications to the cloud. As an organization, if you want to transition from on-premises infrastructure to a multi-cloud, hybrid cloud or both of them, you should know that this is the single most significant shift that your company will face.

Whether you are looking to migrate your applications or infrastructure to the cloud or shut down the on-premises data center, here are a few practices you should abide by. 

1. Make a cloud-first commitment

All applications should be moved to the cloud unless there is a compelling reason to remain on-premises. This is what cloud-first commitment means. However, there can be compelling reasons like cost, security or governance challenges and concerns that may force you to keep some applications in a data center within your organization. Ensure that public and private cloud integrates easily. Regardless of the circumstances, prioritize a cloud-first strategy so that you can reap maximum benefits of the cloud.  

2. Understand your cloud economics

Understanding the economic side of the cloud may appear simple. However, most organizations do not take the time to understand the needs of their businesses and what it takes financially to move to the cloud. By building a business case, your organization will gain valuable insights to enable you to understand cloud economics. Understand aspects like current costs, and the cost of the entire package. Other costs like hardware, networking, disaster recovery, downtime, upgrades and service level agreements should also be understood.

3. Decide the cloud services to use

Given the many cloud services available, businesses must identify the ones that suit them and the ones they plan to deploy. This will reduce the chances of running more services than necessary or than can be managed appropriately. Furthermore, it may result in failing to determine the right way which cloud services are best fitted to the workloads. The right services may vary from one workload and business to another. Businesses must generally consider factors like the cost of each type of cloud service, how hard or easy it is to deploy workloads on a cloud service, how a service can be managed and monitored, or the security risks that a particular service can create.

4. Understand what should not be migrated to the cloud

Businesses should know that certain workloads may be better if left out of the cloud migration plans. For instance, applications that depend on local networking configurations can be difficult to replicate in the cloud. Other applications may need direct access to the hardware, which can be difficult to achieve or can be costly to be done in the cloud. Identification of these apps should be made early in the cloud transition. Develop steps for modification of those applications to suit the cloud or commit to keeping those apps out of the cloud.

5. Find out security risks

Migrating to the cloud is not free of security challenges. Therefore, before migrating your data, applications and infrastructure, ensure you know that the cloud can be a source of various concerns. Because of the connection of the cloud to the internet by default, it can be easy for attackers to locate and exploit weaknesses in cloud resources. The complexity of the cloud and possible misconfigurations that emerge from it, like allowing public access to sensitive storage, can have unprecedented implications concerning security. Therefore, you must assess how to mitigate the identified security risks as part of the cloud transition plan.

Excited for your doctor to resemble a robot in a sci-fi movie? With the arrival of cloud computing into the healthcare industry, not only are robots on the way, but automated, internet-connected medical solutions are already a reality. Cloud connectivity within healthcare connects, synthesizes, and analyzes health-related data within the cloud — and delivers it to the provider or the consumer. 

Connecting to the cloud  increases efficiency, enhances privacy, reduces costs, and even saves lives. The cloud’s influence on healthcare is made clear when you consider that the global cloud computing market for healthcare is growing by 20% a year. 

Check out five of the ways that cloud computing is creating better healthcare.

Remote Surgery Performed Around the World

With new technologies that provide hyper-low latency, tele-surgery is now a reality. Instant signal transmission and VR advancements enable surgeons to operate remotely, safely and  globally. Patients who live in remote areas can have access to the same medical care as those who live in a city.

IoT Connected Medical Devices React Instantly

IoT-connected medical devices have revolutionized personal healthcare.These instruments track patients’ health 24/7 and react instantaneously to any issue by constantly sending the patient’s data to the cloud, where the information is stored and connected to relevant medical professionals.

Smart Ambulances Provide Treatment En Route

Countless lives are lost in the ambulance between the home and the hospital. Smart ambulance technology can reduce these casualties. EMTs could communicate with ER doctors in real time, using VR technology to transmit patient information and administer treatments. 

Electronic Patient Records Improve Medical Practice 

Healthcare centers now store their patient data on the cloud, as it’s simple and forms a virtual shared network. Doctors can see the medical history of each patient, even if they were under the care of a different doctor. 

Preventing Global Health Crises with De-identified Data

Digital medical data can be anonymized and analyzed. Cloud computing allows for this data to be compiled and used to create powerful algorithms. These algorithms can learn to diagnose illnesses or track epidemiological trends, hopefully preventing another global pandemic.

Bringing the cloud to the realm of healthcare has enormous potential. There are many innovative cloud solutions with the power to both reform the healthcare system and save human life. Ridge’s distributed cloud, with its hyper-low latency and endless scalability, as well as its ability to run workloads on any infrastructure in any edge location, is uniquely prepared to support cloud computing in healthcare.

 “There is no business strategy without a cloud strategy”. So said Gartner in a recent symposium. By 2025, over 85% of organizations will embrace a cloud-first approach and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies. 

But as more and more workloads move to the cloud, businesses are realizing that no single static cloud architecture offers consistently great application performance for all users. There is a clear need in the market for a flexible cloud that can be rapidly adapted to specific needs.

There are many reasons why centralized cloud infrastructure is not appropriate for some businesses: 

For some, it’s about where their data resides. For others, it’s their preference for maintaining existing commercial arrangements. For still others, it’s about governance and regulations. And for applications with strict response time requirements — such as AR, telemedicine, and robotics —it’s latency and throughput which can’t be effectively supported by a data center, even if operated by a hyperscaler, if it is located many miles away.  

Flexible Does It  

After more than a decade in which cloud computing was synonymous with a large public cloud, businesses are discovering that one size does not fit all. A desired computing strategy may be partially on-premises, partially bare-metal, and partially co-located, but also fully hybrid across multiple continents. These application owners need a cloud provider that offers architectural flexibility to build a cloud customized for their needs. 

To address this demand, a new cloud paradigm has emerged: the Unified Distributed Cloud (UDC), in which workloads can be spun up in 1000s of locations across the globe. In this architecture, existing local data center and on-premises capacity is transformed into modern PaaS offerings, such as managed Kubernetes and object storage. 

Until now these modern, cloud-native services were only available from the hyperscalers. No longer. On the Unified Distributed Cloud, application owners can enable desired configurations and states to be implemented on physical resources anywhere they need them to run. This is accomplished programmatically through modern APIs, allowing business-critical applications to run in specific locations.

Love the Cloud You’re With

A UDC enables computing resources to be wherever you need them to be. Whether the need  is for proximity, commercial reasons, or data constraints, in all cases cloud workloads will seamlessly mesh with existing infrastructure. It’s the best of two worlds: the agility and ease-of-use of the public cloud together with the high performance, high throughput and full data control of localized infrastructure.  

A UDC is designed to be fully interoperable with any private, hybrid, or multi-cloud architecture. As a result, enterprises can create an optimized cloud computing strategy, taking advantage of existing and available infrastructure in the location — or multiple locations — of their choosing.  

Think Globally, Cloud Locally

As an alternative to the traditional public cloud model, the UDC enables application owners to utilize a global network instead of relying on compute resources in a specific location. Interoperability with existing infrastructure empowers enterprises to deploy and infinitely scale applications anywhere they need. While the large public cloud benefits from economies of scale, a UDC takes advantage of the economies of locality and distribution. 

With the growing adoption of cloud-native applications to serve new markets, the Unified Distributed Cloud’s flexibility helps businesses customize a cloud strategy which is right for them.

Jonathan Seelig, is co-Founder and Executive Chairman of Ridge, the world's most distributed cloud. He works with early-stage technology companies as an investor, advisor, and board member. He was previously co-founder of Akamai, the world’s first CDN. Mr. Seelig is a frequent speaker at cloud industry events.

The Army is accelerating its move to the cloud, reports Breaking Defense.

Expect to see noticeable, swift movement over the next year from the Army when it comes to migrating to the cloud, the service’s deputy chief of staff for command, control, communications and computers (G-6) said today.

Read the article Breaking Defense

According to VentureBeat, there are ways to avoid overspending in the cloud.

Optimizing spend is a number one priority for organizations when it comes to the cloud, according to Flexera’s 2022 State of the Cloud report — and migrating more workloads to the cloud is a close second.

Read the article VentureBeat

According to Popular Science, you don’t need the cloud to sync your files.

Here’s a secret: you don’t need the cloud to sync files between your devices. Services like Dropbox, Google Drive, and Apple’s iCloud are all free until you use up a certain amount of space, which is how they get you.

Read the article Popular Science

According to InforWorld, legacy databases are in danger in the cloud.

You can be forgiven for believing Oracle is the world’s largest database vendor

Read the article InfoWorld

The big cloud providers all want your business and are constantly rolling out new offerings designed to attract and retain customers. In this article, we are going to look at some of the flagship products and services available from the largest public cloud vendors ranked by revenue in mid-2021 as determined by Statista. 

Microsoft Azure

Azure is the leading cloud vendor based on revenue and offers a wide variety of products and services addressing the needs of small, medium, and large businesses. The company has capitalized on the installed Windows operating system customer base and prioritizes integration with legacy systems.  

The combination of legacy support and cutting-edge tech logic make Azure a viable choice for enterprises migrating workloads to the cloud or operating hybrid environments. Cloud-managed instances of the popular SQL Server relational database provide just one example of the specific solutions available from Azure.

Amazon Web Services (AWS)

Amazon may lack the enterprise relationship onramp enjoyed by Azure but makes up for it with its constant innovation and quality of its products and services. Some of its distinctive offerings include its analytics and data lakes, machine learning, and extensive storage options for everything from disaster recovery to long-term archiving.  

Amazon offers free trials of many solutions such as Amazon Lightsail, used to launch and manage virtual private servers, Amazon EC2, providing virtual cloud servers, and SageMaker, to build and train machine learning models. AWS is also the only major cloud provider to offer macOS virtual server support. 

IBM Cloud

The offerings of the IBM cloud are tailored to meet the needs of the company’s large and medium-sized enterprise clients. IBM concentrates on PaaS and IaaS solutions. Acquiring Red Hat in 2019 demonstrates a commitment to an open and hybrid approach to cloud infrastructure. 

IBM’s cloud offers extensive analytics, artificial intelligence, and machine learning solutions that make use of the company’s Watson supercomputer.  As hybrid environments continue to propagate throughout the IT world, IBM’s migration and management tools provide customers with a viable path when moving from on-premises data centers to the cloud.   

Salesforce

Some readers may be surprised at Salesforce’s inclusion in the top cloud vendors, but the company’s array of SaaS solutions is impressive. From its beginnings as primarily a customer relationship management (CRM) solution, Salesforce has expanded its offerings to encompass many cloud-based enterprise software solutions.  

Its Slack-first Customer 360 combines sales, service, marketing, commerce, IT, and analytics solutions to provide small and large businesses with an innovative way to work while employing digital workflows. Salesforce concentrates on SaaS offerings and is not the right cloud vendor if you are looking for cloud storage or infrastructure solutions.  

Google Cloud Platform

Google’s cloud strategy strongly supports cloud-native solutions based on open source and open systems. This makes it attractive to companies looking to add specific capabilities to multi-cloud environments. Google offers machine learning support with vision, speech, and natural language APIs. Google’s advanced technical capabilities make it a viable choice for solutions in the field of data analytics, AI, and machine learning. 

This is just a sampling of the incredible diversity of cloud offerings available to customers in 2021. Virtually any organization can find a solution that helps them meet their business objectives. It’s just a matter of selecting the right cloud.

According to the Register, Microsoft testified to a House Committee that it receives numerous secrecy orders per day.

The US House Committee on the Judiciary met on Wednesday to hear testimony on the government's practice of secretly subpoenaing cloud service providers, and Microsoft was happy to oblige.

Read the article on The Register

Organizations that choose to take advantage of public cloud services often find themselves with their resources spread amongst multiple vendors. This situation can arise for several reasons including:

• The evolution of enterprise workloads and the search for the most cost-effective solutions;
• Sprawl resulting from the ease with which departments can migrate systems;
• New offerings not available from current vendors;
• Simply being dissatisfied with a service or vendor and riding out the length of the contract.

Regardless of the underlying factors that led to a multi-vendor cloud environment, its management presents decision-makers and technical support staff with additional layers of complexity. Adopting a set of best practices will help organizations successfully implement a hybrid and multi-vendor computing environment. 

The following best practices will assist in the successful management of a multi-cloud environment.

• Use hybrid cloud management tools - Make use of hybrid cloud management tools to address multi-cloud environments. These tools can provide features such as self-service functionality for end users, service aggregation, deployment orchestration, and cost management. 

• Optimize costs across vendors - Companies should regularly review the comparative costs of their various vendors and be willing to migrate if a move is dictated by the economics. Cloud service brokers may be able to evaluate resources and suggest ways to optimize spending. 

• Focus on disaster recovery and reliability - Recovering a diverse multi-cloud environment in a disaster scenario demands a well-planned and documented strategy. Leveraging cloud vendors may be possible by backing up resources from one to the other. 

• Prioritize security and compliance - Ensuring data security and compliance is more challenging in multi-cloud implementations. Identity and access management (IAM) tools are necessary to ensure only authorized users can get to data resources. Customer and vendor roles regarding maintaining regulatory requirements need to be fully understood to avoid gaps and failed audits.  

Concentrating on these four areas will help organizations manage their multi-cloud environments.  

Using the Right Tools Matters

Commercial and open source software tools are available to assist in the management of multi-cloud environments. These applications focus on big picture items that affect the entire cloud infrastructure and help decision-makers identify the right solution from among the alternatives and keep the complex environment running smoothly. 

Morpheus is a commercial product providing integration and automation functionality across multiple clouds and on-premises environments. It is designed to facilitate compliance, cost optimization, and application modernization.  

OpenStack is an open source solution that offers a set of software components providing common services for cloud infrastructures. It enables large pools of cloud resources to be managed centrally through dashboards or APIs. 

On a more granular scale, dedicated tools can help minimize the strain on technical support teams when systems are spread across multiple on-premises and cloud platforms. A case in point is an application like Idera’s SQL Diagnostic Manager for SQL Server. It employs a unified interface from which to monitor SQL Server performance on physical and virtual machines located on-premises or housed with major cloud vendors. 

The potential benefits of multi-cloud environments can outweigh the challenges of dealing with their complexity. Following some basic best practices and deploying the right tools will enable organizations to take advantage of the offerings of multiple cloud vendors without incurring any undue risks. 

Taking advantage of the benefits of cloud computing is not restricted to organizations operating in the private sector. In the United States, local, state, and federal governments make extensive use of public cloud resources. As is customary for all types of government contracts, some assessments and approvals must be obtained before the offerings of a cloud service provider (CSP) can be used by specific agencies. Government contracts can be very lucrative and service providers who want a piece of the business need to demonstrate that their products meet all requirements surrounding security and functionality.

All CSPs that wish to do business with the U.S. federal government need to be assessed and approved by the Federal Risk and Authorization Management Program (FedRAMP). The program’s goal is to protect the data of U.S. citizens when it is in the cloud and is the most rigorous security framework in use by the government. 

FedRAMP was created to address the problem of different and potentially conflicting requirements for each agency working with cloud providers. FedRAMP provides standard security baselines and processes that simplify the process of obtaining cloud services for both providers and government agencies. Once a CSP achieves FedRAMP approval for an offering, it is listed in the FedRAMP Marketplace to gain visibility across the government.

Navigating the FedRAMP Authorization Process

CSPs that want authorization to provide services to federal agencies need to follow a process comprised of three complementary phases.

In the pre-authorization phase, CSPs should complete FedRAMP training which includes modules that define the baseline security plan. Education can be accessed via online courses, webinars, or in-person training events. A request from the CSP will result in a consultation with government subject matter experts set up by the FedRAMP Program Management Office (PMO). To successfully get through this phase of the authorization process, a CSP needs to: 

• Document agency interest in their offering and establish partnerships with agency customers.
• Establish a partnership with an approved third-party assessment organization. 
• Ensure that the service implements the required security controls.

During authorization, a CSP is responsible for developing a package that includes the completion of the System Security Plan. The plan is then assessed by the third-party assessment organization and findings are presented to the CSP for remediation. When all risks have been successfully addressed, the CSP attains authorization and status as a FedRAMP authorized vendor.

In the post-authorization phase of the process, the CSP is required to provide monthly monitoring deliverables to the agency using its service. Failure to provide these documents can result in the service losing its authorization.

The purpose of FedRAMP is to eliminate any confusion regarding the ability of individual agencies to use cloud services. By publishing authorized services on the FedRAMP Marketplace, the authorization process only needs to be done once for each offering. Once approved, it can be used with confidence by any federal agency that wants to use the service. 

This appears to be an example of government working efficiently by reducing the duplicate work that would ensue from individual agencies or departments authorizing CSPs. In a subsequent post, we will take a closer look at the FedRAMP Marketplace and the agencies that use its authorized services.