IT Briefcase Exclusive Interview: Should you put your “eggs in one cloud basket”?

Multi-cloud is a topic that has been discussed within the cloud industry for some time now. Some practitioners believe it’s the most suitable solution because using a multi-cloud deployment model gives organizations the ability to mix and match the best-of-breed solutions and services from different cloud providers. However, there is still some confusion about where it fits within hybrid, public and private cloud, which is likely exacerbated by vendors that have created services locking customers into using only one cloud option.

Taking a picture of the current cloud landscape and offerings available, Carson Sweet, CTO and co-founder of CloudPassage, has evaluated why a provider might push for one cloud environment deployment option and how secure migrated data might be in those environments:

• Q: What are cloud providers doing and why are they trying to lock customers into their ecosystem?

A: Customer retention is an important issue for IaaS providers, especially with services becoming more commoditized. Most providers can gain customer retention by providing more and easier-to-use services, which can entice customers to depend on the provider for more application components.For example, using a cloud provider’s compute service to host an application is less “sticky” than using the cloud provider’s compute, DNS services, load balancing services, and database platform services.

The term “lock-in” was demonized early on because a small handful of unscrupulous cloud service providers would “lock the customer in” by not allowing them to extract their data. That sort of “dirty trick” wasn’t the norm then, and isn’t the norm now. Retention in most of the major cloud providers is achieved by crafting a value proposition that entices users to use more services on a broader scale. The idea now is to get customers to the point of being “all-in” of the customer’s own volition… buyers have largely evolved well beyond getting “tricked” into lock-in.

• Q: Why is this a bad thing (or a good thing) for security?

A: If an IaaS provider does their part of the security equation better than an enterprise, that’s good for the customer’s security and good for the provider’s customer retention. Most IaaS providers make security investments vastly greater than any single enterprise; all customers of that cloud service benefit from these investments. So an enterprise can enjoy the “high water-mark” that’s going to be maintained regardless of what the customer themselves might require.

• Q: Should enterprises use multiple cloud providers? What should they consider and how can they avoid traps?

A: I wouldn’t call it a trap. The big cloud providers are transparent about the entire service lifecycle, so the customer can make informed decisions. Most multi-cloud scenarios involve different applications running discretely in different clouds, so lock-in isn’t really a concern. Some customers will have true multi-cloud deployments for DR or availability purposes, and in these cases the application architects should be thoughtful about what services are universally available from and interoperable across multiple IaaS providers – essentially an intersection analysis. This should inform decisions as to what components will be delivered by the IaaS providers, and what components the customers will develop / deploy / operate independently from the IaaS providers.

The phrase “don’t place all your eggs in one basket” is equally applicable to cloud environments. Spreading risk across multiple platforms minimizes the possibility of downtime and allows businesses to make the most of public cloud cost savings without being locked into one vendor. With a multi-cloud disaster recovery plan, businesses become more resilient than ever. The ability to experience failover and move from one public cloud provider to another means a business can still carry on as usual, even in the unlikely scenario of one provider being unavailable.

 About the Author

Carson Sweet is co-founder and chief technology officer for CloudPassage. As founding CEO, Carson led the team that created Halo, a patented security platform for infrastructure protection and compliance. Carson’s information security career spans three decades and includes a broad range of entrepreneurial, management and hands-on technology experience.