Issue 1

BIOS Multi-Cloud

Managed Services across the region’s leading cloud

Multi-Cloud Blogs

Addressing the challenges of Multi-Cloud and unlocking its benefits

The growth of Hybrid Cloud

Global Cloud adoption is growing at a breath taking pace changing forever the way enterprise think about how they deploy and manage their IT. Gartner recently said Cloud would become a 300B industry by 2022. However, companies still in general keep part of their IT infrastructure On Premise, usually in a heavily virtualized or private cloud environment. This approach is known as Hybrid cloud and almost all businesses are now adopting it.

The rapid emergence of Multi-Cloud

As companies grow more confident in using the public cloud and begin to realize the huge cost saving advantages, speed to deployment and scalability they increasingly become cloud first when thinking about how to deploy new IT infrastructure or use applications. What has become apparent to most companies is that different clouds have different advantages for different circumstances and at different costs. This has lead companies to use several clouds and this is known as Multi-Cloud. Gartner says by 2022, 80% of companies leveraging the cloud, will have a Multi-Cloud approach.

What does this mean for the Middle East?

It used to be that there were few options for in-region cloud computing. In 2014 when we committed to focusing on being a managed Cloud Service Provider, there were none. We had little choice than to build our own cloud, CloudHPT, a Cisco powered VMware cloud. And we are glad we did as it is now one of the largest cloud offerings in the Middle East. However, times are changing and a new exciting era of cloud computing is being ushered in, First with the announcement of AWS Bahrain, due to launch in 2019 and then with the announcement of Azure UAE, due to launch any moment now. Customers will soon have multiple clouds to choose from, each with various advantages at various costs and different billing mechanisms.

Why might someone use Multi-Cloud?

Hyper-scales come with great technology and innovation, such as Big Data Analytics, AI, Superb ecommerce development tools or perhaps state of the art Unified Communication. However, hyper-scalers also usually charge a premium and the costs can be difficult to understand as there is not only the cost of the workload but also other costs such as data ingest and usage costs. So if certain workloads don’t need these high end features, which often many do not, they can be hosted on more cost effective alternatives, some with all-inclusive billing. Using a Multi-Cloud approach allows companies to have access to the most advanced technology available at a price, but only where they need it.

5 challenges when using a Multi-Cloud approach

While multi cloud undoubtedly offers most businesses considerable advantages, such an approach does not come without risks that are important to address. Namely;

  1. Lack of visibility- can lead to cloud sprawl.
  2. Unpredictable billing- which can lead to ‘Bill shock’
  3. Governance- across multiple clouds can be a challenge.
  4. Management- is complicated if not unified across multiple clouds
  5. Security is perhaps one of the most important considerations. As applications and data migrate outside a company’s firewalls they become more vulnerable than ever if not properly secured.

Addressing the challenges of Multi-Cloud and unlocking its benefits

Luckily, there is a solution.

BIOS Multi-Cloud is a unified portal that will show you where all your workloads are located regardless of which cloud they are on. Allow you to deploy workloads on any clouds you use, define custom hardened workloads, see the prices of these workloads on various clouds and also ties into our Management and Security platform.

Download the ‘The CIO’s ultimate guide to Multi-Cloud to find out more’ or reach out to us for a Demo.

The Benefits of using a Multi-Cloud Strategy

First of all, let’s start with the basics, what is Multi-cloud?

This one is pretty simple, multi-cloud is the concept of using of multiple cloud computing and storage services in a single architecture.

How did it evolve?

Well first came the concept of cloud, as companies became conformable with it and began to realize the benefits, much as the elimination of capital expenditure, the ability to scale up and down and the agility to provision workloads almost instantly. Today almost every company we speak to is using some elements of the cloud to run their business on. With that came concerns about governess and security and companies began to develop a hybrid cloud approach. Keeping some works loads on their premise and even building private clouds and using the public cloud for the rest. This then developed to a cloud first approach for many companies, where the preference became to use the cloud, be it private or public as the first choice for any application. Now businesses are beginning to use multiple public clouds due to the advantages this approach brings. Namely;

1. Freedom of choice

One key of the key advantages of a Multi-Cloud approach is it provides businesses with the freedom of choice. Cloud-hosting providers come in all different and shapes and sizes, but one shape and size does not fit all. Features like, billing, location, upload speed, size requirements and more influence what makes the most sense for each of your business needs. Rather than bend their business processes to fit a specific provider’s cloud provider, companies can choose the right provider for the right need.

2. Reliability

It doesn’t happen often, but it does happen, clouds can go off-line. Whether it be to technical glitches, ISP issues, DDoS attacks, hacks or a range of other things, it has been known to happen. Depending on how critical a particular application is, some companies wisely host them in multiple clouds. Ecommerce for example or any customer facing tool. Cross cloud Disaster Recovery is another obvious choice. Multi-cloud make reliability achievable by eliminating single points of failure.

3. Flexibility

No business looks the same today as it did a 3 years ago. That includes their cloud requirements. As your business increases in size, expands to new locations or launches new units it may need different clouds that are best suited to those needs. For example, Hyper-scalers usually don’t make a point of answering the phone to provide advice. By employing a Cloud Managed Service Provider like BIOS, you can effectively develop a mix of private and public clouds to match your needs to the solutions that fit the best, and alter them as the needs change.

4. Eliminating Vendor Lock in

Imagine a company goes all in. It builds its entire IT Platform on one cloud. Using that clouds controls and security. Now that business realizes there’s a better solution or they become unhappy with the support or the costs become much higher than they initially thought (there’s an actual term for this called ‘bill shock’ and it’s the number one reason why companies move onto a cloud and then move back of it). Now that business has boxed itself in. It is now both time-consuming and expensive to move systems anywhere else. They have effectively put themselves in the position of having to accept any sort of restructuring of agreements or price schedules from that provider because they are locked into doing business with them. Multi-cloud prevents this.

Cost

This is the big one. Hyper-scalers come with great technology and innovation, such as Big Data Analytics, Ai, Superb ecommerce development tools or perhaps state of the art Unified Communication. However, hyper-scalers also usually charge a premium and the costs can be difficult to understand as there is not only the cost of the workload but also other costs such as data ingest and usage costs. So if certain workloads, like file and print servers, don’t need these high end features, they can be hosted on more cost effective alternatives, some with all-inclusive billing. Using a Multi-Cloud approach allows companies to have access to the most advanced technology available at a price, but only where they need it.

It is these advantages of Multi-cloud that have lead Gartner to predict that by 2022 almost 80% of companies will have a Multi-Cloud strategy. But Multi-Cloud is not without its considerations namely;

  1. Lack of visibility- can lead to cloud sprawl.
  2. Unpredictable billing- which can lead to ‘Bill shock’
  3. Governance- across multiple clouds can be a challenge.
  4. Management- is complicated if not unified across multiple clouds
  5. Security is perhaps one of the most important considerations. As applications and data migrate outside a company’s firewalls they become more vulnerable than ever if not properly secured.

Addressing the challenges of Multi-Cloud and unlocking its benefits

Luckily, there is a solution.

BIOS is a Cloud Managed Service Provider. With a 24x7 NOC and SOC in Dubai and Bangalore serving the Middle East. We not only help companies assess their cloud needs, help them migrate but also offer a full Managed Service Wrap around. We have also developed BIOS Multi-Cloud. BIOS Multi-Cloud is a unified portal that will show you where all your workloads are located regardless of which cloud they are on. Allow you to deploy workloads on any clouds you use, define custom hardened workloads, see the prices of these workloads on various clouds and also ties into our Management and Security platform. However, this is just the surface of the solution. Behind it sits a dedicated Cloud Managed Service company offering 24x7 support and a Security Operations C.

Download the The CIO’s ultimate guide to Multi-Cloud to find out more’ or reach out to us for a Demo.

Security in the cloud

While cloud opens a new world of scale and agility, there are some serious risks that need to be mitigated if moving to the cloud is to be a success. The chances are, if a company is using cloud, it is because they want to be closer to their customers and to have more interaction. This means exposing data that would traditionally sit behind a corporate perimeters that was locked down to the big world. This can be done safely but it needs planning and managing.

Security considerations in a Multi-Cloud world.

Once companies embrace the cloud and reaps its benefits it is almost inevitable that they will become Multi-cloud users. You may think that a multi-cloud environment may look like a CIO purchasing implementations from HPT, AWS, and Azure. What it actually looks like is different business units buying six different cloud solutions.

Each cloud will have its own native security tools, plus 3rd party firewalls, event management, Av, Anti Malware, authentication, serve build standards… The more tools, the more skill set required, the more chances of mistake and the more complicated to monitor. Sound familiar to on premise?

In a cloud environment, it’s also important to look for behaviors – things like suspicious or malicious actors connecting, outbound data flows and user behavior.

How we approach it

  1. We use BIOS Multi-Cloud, a single pane of glass to see our customers cloud estate, whether it be on Azure, HPT, AWS or over 100 other clouds. We use this platform to provision workloads and new workloads are automatically added to our Assured and Secured platforms. This allows us to see what is out there, to create standard server builds that incorporate policy and governance as per our client’s standards.
  2. We use BIOS Secured which includes our SIEM-as-a-Service across multiple clouds to see all connections in and out of a customer’s environment so see suspicious activity and stop it in real time. We also perform continuous vulnerability scanning so we are aware as soon as software vulnerabilities emerge.
  3. We also standardize on one AV and Anti Malware and tie it into our alerting and ticketing platform and password protect it. It includes behavior analysis and we alert for things like multipole failed logins.
  4. We never have our backup on the same domain, or even the same cloud if we can help it. As long as data is recoverable, the business can survive an attack. If it is not, chances are the recovery will be very difficult.
  5. Authentication is always done with 2FA. One bit of advice we can give is for passwords; use a random password generator, so many companies rely on their Admin to come up with a password and inevitably they often choose a series of words they can remember. These are simple for hackers to crack.

Effective Cloud Security Means Using Cloud-Native Tools

Traditional security tools aren’t designed to handle the challenges of protecting multiple clouds. When you try this approach, the results tend to become siloed. For example, one security tool in one cloud may detect an attack. You can mitigate this attack and think you’re safe, only to miss the fact that your security tools on different clouds have missed the same kind of intrusion attempt.

BIOS Multi-Cloud offers a cloud-native security approach. With BIOS multi-cloxsud, users can deploy any workload onto any cloud – meaning that they can deploy the same security tools across multiple clouds, gathering uniform security data. With our support, administrators can standardize their security approach across every platform they use, making it that much easier to catch and mitigate intrusion attempts. For more information, check out our white paper on The Emergence of Multi-Cloud today!

How do Companies Get Started with Multi-Cloud?

There are two ways to get started with Multi-Cloud – by accident or on purpose. By accident means that people start using different clouds for different things with no roadmap for a common management, security, compliance, or cost-optimization strategy. Aiming for multi-cloud on purpose means having these ducks in a row.

Let’s not focus on people who have a strategy, however. If anything’s clear, it’s that many more organizations end up with multiple clouds by accident then walk into it with their eyes open. How does this happen, and how do you rescue yourself when it does?

Accidentally Stumbling into the Multi-Cloud

The average company uses six cloud computing services – and it’s highly likely that many of those clouds aren’t chosen via any kind of directed strategy. Cloud services are now so easy to consume that many purchase decisions are now made by business unit directors, not CIOs. A 2016 survey by Ernst & Young shows CIOs and IT directors now only make 75% of software purchasing decisions – and that they expected their purchasing authority to decline to 66% within 3 to 5 years.

In a nutshell, multi-cloud environments get started when one business leader purchases one SaaS app, and then realizes they need to get that app’s data onto another app. Neither app connects to each other natively, but they can both connect onto one of the “big 3” clouds – AWS, Azure, or Google.

So, now they have a Multi-Cloud environment where one application backs up its data to a cloud where it’s then passed on to another app.

Righting the Multi-Cloud Ship

In the example above, you have a sketch of a Multi-Cloud environment that technically “works,” – but it doesn’t consider:

  • Who has ultimate control of the data being passed between clouds?
  • Whether unauthorized third-parties can see this data?
  • Whether this data is sensitive under PCI-DSS, HIPAA, or the GDPR?
  • Whether you could be paying less money for a different solution that works as well?

What’s more, the people purchasing and consuming this environment aren’t compliance, security, or networking experts – there’s no guarantee that anyone will look at these questions before they turn into problems. How can IT experts intervene?

IT professionals have traditionally been concerned with two things, as far as SaaS in concerned – making sure that they keep the total number of vendors as low as possible, and then making sure the applications don’t violate policy. “Giving business units exactly what they want” has taken a back seat to those priorities.

What’s clear, however, is that business units can now purchase exactly what they want regardless of what IT would prefer. To create a secure environment with a low cost of ownership, it may become necessary for IT to reverse their priorities. First, they should let business unit’s purchase the applications they need to become successful, and then they should figure out how to make it all functional, secure, and compliant. In other words, IT needs to accept a larger number of vendors in order to exert a larger amount of control.

Source: BIOS