Most companies are moving to multicloud—about 92%. The latest Flexera State of the Cloud report shows that 92% of enterprises have a multicloud strategy and 80% have a hybrid cloud strategy. Old news.
The new news is that most enterprises are attempting to make devops or devsecops work together with multicloud and are running into pretty tough obstacles—namely having to deal with the complexity of the target platforms and considering deployment and cloudops.
This manifests as a bunch of problems, such as misconfigurations, over- or underprovisioning, not using the right native services, and even security and operational issues that have to be resolved after deployment. At the end of the day, there are just too many moving parts that developers and operators must consider, and huge mistakes are being made.
So, how do you deal with these devops and multicloud issues without driving more risk and cost into the processes? I have some general guidance:
First, leverage IaC (infrastructure as code). This means shifting from monolithic approaches to more fine-grained ones, such as microservices, and from mostly using VMs to choosing cloud-native patterns.
The idea with IaC is to couple the platform configurations to the applications and the data bound to those applications. We’re defining what we need within a specific platform, such as compute and storage, as we deploy to that platform.
This puts the configuration of the target platforms in the hands of the developers and not those who configure cloud and noncloud resources in hopes that they will work well. Developers can better define the system configurations as IaC, so the systems are closer to being optimized, versus taking a least common denominator approach, trying to use one configuration for many applications, which is always going to be underoptimized.
Second, use common services. One of the issues around having an agile process and a layer of devops technology to support that process is that developers can make things complex pretty quickly.
When using multicloud, developers have more choices, including services from three or more public cloud providers. If they all use different security systems, governance systems, databases, etc., the number of things that needs to be run over time goes way up, plus needed skills and supporting tools. This increases complexity and will get you into trouble quickly.
My recommendation for this issue is twofold:
First, provide guidance to developers, including devops engineers, about choosing common services. If we have implemented IaC as an approach and technology, then we can define common services in templates that must be used as a starting point. Enforcing common security, ops, governance, etc., reduces the overall complexity of the deployed systems.
Second, provide a path for special cases. In some instances, developers will need something that’s not standard or common to the enterprise, and exceptions need to be made. I’m not a fan of blindly enforcing rules or standards while paying developers to be innovative and creative. But we need to understand the trade-offs before making exceptions.
Devops and multicloud are going to have to work together moving forward, and we’ll learn some hard lessons in the process. Hopefully, this guidance will keep you somewhat out of trouble.