Inside the Briefcase

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

8,434 adults were surveyed to gauge consumer awareness of...

FICO Scales with Oracle Cloud

FICO Scales with Oracle Cloud

Doug Clare, Vice President at FICO, describes how Oracle...

Is Your Enterprise IT the Best It Can Be?

Is Your Enterprise IT the Best It Can Be?

Enterprise IT is a driver of the global economy....

The IoT Imperative for Consumer Industries

The IoT Imperative for Consumer Industries

This IDC white paper examines current and future...

How to align your visual brand guidelines and create consistently on-brand content

How to align your visual brand guidelines and create consistently on-brand content

In this ebook, we’ll explore the various themes leading...

IT Briefcase Exclusive Interview: Should you put your “eggs in one cloud basket”?

April 19, 2017 No Comments

Multi-cloud is a topic that has been discussed within the cloud industry for some time now. Some practitioners believe it’s the most suitable solution because using a multi-cloud deployment model gives organizations the ability to mix and match the best-of-breed solutions and services from different cloud providers. However, there is still some confusion about where it fits within hybrid, public and private cloud, which is likely exacerbated by vendors that have created services locking customers into using only one cloud option.

Taking a picture of the current cloud landscape and offerings available, Carson Sweet, CTO and co-founder of CloudPassage, has evaluated why a provider might push for one cloud environment deployment option and how secure migrated data might be in those environments:

  • Q: What are cloud providers doing and why are they trying to lock customers into their ecosystem?

A: Customer retention is an important issue for IaaS providers, especially with services becoming more commoditized. Most providers can gain customer retention by providing more and easier-to-use services, which can entice customers to depend on the provider for more application components.For example, using a cloud provider’s compute service to host an application is less “sticky” than using the cloud provider’s compute, DNS services, load balancing services, and database platform services.

The term “lock-in” was demonized early on because a small handful of unscrupulous cloud service providers would “lock the customer in” by not allowing them to extract their data. That sort of “dirty trick” wasn’t the norm then, and isn’t the norm now. Retention in most of the major cloud providers is achieved by crafting a value proposition that entices users to use more services on a broader scale. The idea now is to get customers to the point of being “all-in” of the customer’s own volition… buyers have largely evolved well beyond getting “tricked” into lock-in.

  • Q: Why is this a bad thing (or a good thing) for security?

A: If an IaaS provider does their part of the security equation better than an enterprise, that’s good for the customer’s security and good for the provider’s customer retention. Most IaaS providers make security investments vastly greater than any single enterprise; all customers of that cloud service benefit from these investments. So an enterprise can enjoy the “high water-mark” that’s going to be maintained regardless of what the customer themselves might require.

  • Q: Should enterprises use multiple cloud providers? What should they consider and how can they avoid traps?

A: I wouldn’t call it a trap. The big cloud providers are transparent about the entire service lifecycle, so the customer can make informed decisions. Most multi-cloud scenarios involve different applications running discretely in different clouds, so lock-in isn’t really a concern. Some customers will have true multi-cloud deployments for DR or availability purposes, and in these cases the application architects should be thoughtful about what services are universally available from and interoperable across multiple IaaS providers – essentially an intersection analysis. This should inform decisions as to what components will be delivered by the IaaS providers, and what components the customers will develop / deploy / operate independently from the IaaS providers.

The phrase “don’t place all your eggs in one basket” is equally applicable to cloud environments. Spreading risk across multiple platforms minimizes the possibility of downtime and allows businesses to make the most of public cloud cost savings without being locked into one vendor. With a multi-cloud disaster recovery plan, businesses become more resilient than ever. The ability to experience failover and move from one public cloud provider to another means a business can still carry on as usual, even in the unlikely scenario of one provider being unavailable.

Carson Sweet headshot 150x150 IT Briefcase Exclusive Interview: Should you put your “eggs in one cloud basket”?

 About the Author

Carson Sweet is co-founder and chief technology officer for CloudPassage. As founding CEO, Carson led the team that created Halo, a patented security platform for infrastructure protection and compliance. Carson’s information security career spans three decades and includes a broad range of entrepreneurial, management and hands-on technology experience.


Leave a Reply




Gartner IT Operations

SuperCharge Your Cloud

American CISO

IBC 2018

ITBriefcase Comparison Report

We have updated our Privacy Policy. Click here to preview.