Going Fast Vs. Going Far on Your Cloud Journey
For many years now, we have observed a steady rise in companies declaring “end-of-investment” in their on-premises environments in favor of more flexible cloud environs. These companies cite many reasons for why public cloud environments are appealing: scalability, a variety of consumption options that can yield cost savings, and improved agility, to name a few. However, whether an organization is migrating existing applications, building a scaled operation for new applications hosted in the public cloud, or both, the architectural approach taken can make or break the business case. Savvy companies are now proactively architecting in flexibility and choice of multiple platforms.
The Pitfalls of Going Fast at the Start of Your Cloud Journey
A common mistake many organizations make at the start of their public cloud journey is to over-prioritize speed, leveraging exclusively cloud-native services (services offered by cloud providers as part of their platforms). Whether as an explicit top-down declaration or implied as part of a “cloud-first” strategy, this approach misses important distinctions between applications, the data those applications generate or process, and the services that are used to secure and deliver the applications. Many organizations that take this “cloud-native first” approach inevitably encounter several costly consequences, including:
1. Diminished Security & Compliance
A 2021 report from 451 research found that 23% of companies cited security concerns and the lack of viable security measures as a major factor in their decision to shift in to reverse gear and move apps away from public cloud providers in the next 12 months. Many security teams, having comprehended and navigated the cloud provider's shared security responsibility model (whereby the cloud provider secures the cloud infrastructure, and the cloud tenant secures their own cloud network, apps and data), find they are not able to replicate the security controls and efficacy of their on-premises environment with only cloud-native security solutions in their arsenal.
Despite this, in pursuit of speed and simplicity, many organizations at the beginning of their cloud adoption journeys elect to forgo the advanced security and compliance solutions they’ve implemented on-premises in favor of public cloud-native services—ultimately to the detriment of their security and compliance posture.
2. Platform Lock-in
While most companies try to avoid vendor lock-in where possible, it is in some cases being justified as a trade-off to access the significant benefits cloud computing affords. The shortcomings of this trade-off are usually only realized when the need for expansion arises. Unsurprisingly, being tied to a single platform or set of tools makes it much more challenging to adopt another cloud ecosystem where the use of those same native services is not possible and domain knowledge is non-transferable. As an example, an organization operating a native Web Application Firewall (WAF) to protect their apps on AWS would be unable to move those apps to Azure and enforce the same protection using an Azure-native WAF due to disparities in the policy or signature semantics, configuration options, and feature sets. A more future-proof, adaptable, and ultimately cost-effective approach for such services that live in the grey zone between infrastructure and applications is to standardize on a few platform-agnostic capabilities (WAF for example) that span your on-prem and cloud environment(s).
3. Unanticipated, Surging Costs
Beyond the expected costs associated with initially migrating to the cloud (e.g., cloud infrastructure, data transmission, application refactoring), cloud costs frequently exceed planned spend as cloud dependence and usage escalates. According to Andreessen Horowitz, the estimated annual committed cloud spend for well-established, cloud-based companies can be equal to around 50% of their cost of revenue, with this figure exceeding 80% for some software companies.
Bearing this in mind, the use of native solutions can end up being a significant (and often unexpected) contributing factor to all-up cloud costs. While the pay-as-you-go, consumption-based licensing model for native services provides flexibility and scalability when you first deploy, as application usage begins to ramp up, so too do the costs.
A further inevitable cost comes as a result of acquiring the talent and building competency in operating multiple infrastructure environments. Expertise is required to monitor and triage the day-to-day operational support of application security and performance. It’s rare that the teams handling on-premises data center operations have the complete skillset necessary to undertake this task in the cloud, which often leads to operational overheads being duplicated.
Once one or more of these issues surface, organizations typically follow one of two paths (and occasionally both) in an attempt to remedy them. Path 1 is to migrate workloads back to their on-premises data centers to cut costs, improve security, and regain control. Path 2 is to move part of their app portfolio into new cloud environments to access desired functionality and more competitive pricing.
Regardless of the remediation path chosen, the journey is considerably more difficult when organizations have built up their entire architecture around cloud-native services—primarily due to them being non-transferable. Fortunately, however, with thoughtful, upfront planning and the right architectural decisions at the start of a cloud journey, this is an entirely avoidable predicament.
Tips for Going Far and Succeeding in the Distributed Cloud
Appreciating that cloud journeys are often dynamic and unpredictable, you can set yourself up for long-term success and greater value creation by following two simple principles:
Future-Proof Your Decisions and Investments – As best you can, plan well beyond your initial foray into the cloud and make decisions that will set you up for success regardless the route your cloud journey takes, whether that ends up being use of a single cloud or multiple clouds. This includes:
- Standardizing on cloud-agnostic application security and delivery solutions that are transferable between environments and offer both architectural flexibility and migration acceleration. Utilizing third-party software such as BIG-IP Virtual Edition and NGINX, or fully-managed solutions like Shape Enterprise Defense, can reduce platform vendor lock-in and enhance the benefits of a multi-cloud architecture.
- Operating cloud-agnostic infrastructure across environments where possible to build out a consistent platform upon which to deploy and manage applications. For a consistent platform for any on-premises, cloud, or edge deployment consider F5’s Volterra platform. Doing so will not only simplify your operating model, but also make it considerably easier to extend to new environments in future.
- Consolidating and simplifying your solution portfolio. In other words, instead of procuring best-of-breed security solutions (WAF, L4 FW, DDoS, etc.) from distinct vendors, consider a best-of-suite approach to reduce operational complexity and costs, as well as improve visibility and trouble-shooting capabilities.
- Collecting and mining as much telemetry across the data path of a customer’s experience—including across clouds—as your cloud-based repository can take in. The more information that can be gathered, the more valuable it will be to the system searching for patterns and relationships that uncover actionable insights that improve both the customer experience and business performance. Even if you aren’t ready to embrace AI or machine learning now, take the first step to start collecting these signals using tools and solutions that would make it easy to unlock data currently trapped in different siloes.
Foster an Application-Centric Mindset – Your apps are undoubtedly your most valuable assets in the digitally obsessed world we live in, meaning that all cloud decisions should be made with their best interests in mind. This includes:
- Making decisions on a per-app basis since all workloads are unique and have specific requirements. Not all apps are necessarily good fits for the cloud, and some might favor one cloud over another because of proximity to data, application type, or the unique capabilities of the cloud. Don’t let your choice of infrastructure environments compromise the performance, security, or user experience of your applications.
- Prioritizing application security and security efficacy. With the fast-evolving application threat landscape, it’s critical to implement advanced security solutions like F5’s Advanced WAF and NGINX App Protect that can protect your applications and data from the more sophisticated cyber-threats—and do so consistently for any type of application deployed in any environment.
- Taking a zero-trust approach to multi-cloud application access, ensuring that regardless of application type, or deployment location, all user requests are authenticated and authorized to prevent bad actors from accessing sensitive workloads and data. Employing this “never trust, always verify” mentality will not only keep apps secure as you branch out and deploy in new environments but—when enforced via sophisticated access solutions like BIG-IP Access Policy Manager—can also result in a more seamless and superior user experience for customers and employees.
Whether you’re just starting to kick the cloud tires or already a mature cloud connoisseur, key design choices now will make a big difference down the line. Devise a strategy and implement solutions that meet your current requirements, but that will also ensure success regardless of which path your cloud journey takes. If you’re ready to discover how F5’s products, technologies and global cloud specialists can help get you on your way to achieving this, then contact F5 today.
______
Research Articles and Additional References:
Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 23% in 2021
Cloud Repatriation: What It Is, What It Isn't, and Why It's Not Going Away