This article first appeared in Digital Edge, The Edge Malaysia Weekly on January 10, 2022 - January 16, 2022

Why should companies opt for multiple vendors when it comes to their cloud services? IBM Malaysia managing director Catherine Lian says that when it comes to cloud solutions, one size does not fit all.

As most of us know, no two organisations are the same, with different requirements, infrastructure and workloads. Therefore, IBM has provided the following five easy steps to figure out which cloud solution makes the most sense for the specific needs of your organisation.

Know your workload through and through: The first step to finding the right cloud solution is to know your organisation’s current workload requirements and those it may have in the future. A few questions to ask: What are the security requirements for the workload? Is it a service that can be run in-house, or would it be more cost-effective elsewhere? Is the service appropriate for your business?

Collaboration is key: Just as information can no longer exist in silos, neither can IT or business. In fact, research shows that the most successful cloud deployments are those in which business and IT come together and collaborate during the early stages of adoption.

Analyse your infrastructure: Whether your cloud deployment is private or public, each has specific requirements in terms of SLAs [service-level agreements], security, response time and scalability. 

Consider your process requirements: To find the right cloud solution, you also need to consider key business processes for managing end-to-end services, vendor activity and performance, plus overall compliance with your organisation’s standards for cloud deployment.

Match it up and go: Once you have the questions above answered, match the right cloud solution and configuration with the right workload — it may be private, public or even a hybrid solution.

According to the results of the IBM Institute for Business Value (IBV) study on cloud transformation, there has been a drastic shift in business needs as only 15% of respondents in Malaysia reported using a single private or public cloud in 2021, down from 60% in 2019, establishing the opportunity for hybrid cloud as the IT architecture in the country.

Working with clients, we have seen that a ‘one-cloud-fits-all’ approach doesn’t work. Companies want flexibility to run their critical workloads across any platform without having to rewrite everything as they go. They are choosing multiple cloud providers and platforms to best meet this broad range of needs, from building banking solutions to running airline reservation systems to responding to seasonal capacity demands. 

At IBM, we have learnt that every company’s journey to the cloud is unique, with efforts focused on specialised application tasks, workloads, security and compliance requirements, along with specific industry and customer needs. 

When a new IT architecture emerges and spreads, it changes everything. It rewrites the basic behaviours and assumptions of IT and redefines how organisations create and deliver value, work, compete and transact. 

IBM’s hybrid cloud approach is at the epicentre of this swift and massive transformation. It allows organisations the flexibility to balance the need to keep some workloads on-premises or in a private cloud while taking advantage of the speed and flexibility of the public cloud (hybrid cloud essentially connects multiple type of clouds — such as public cloud, private cloud and on-premises IT — before providing orchestration, management and application portability among them to create a single, flexible, optimal cloud infrastructure for running computing workloads, regardless of vendor).

The IBM study showed that the one-vendor approach to cloud computing would slowly disappear. Nearly 66% of respondents in Malaysia said workloads being completely portable with no vendor lock-in is important or extremely important to the success of their digital initiatives. At the same time, 84% said vendor lock-in is a significant obstacle to improving business performance in most or all parts of their cloud estate.

Calculating cost is one of the most challenging aspects of cloud migration. There is a tendency to underestimate the expenses incurred for the full process. With that in mind, make sure to not only consider the cost of migrating workloads but also the tools and services involved in the transition.

Other considerations include investments in network connectivity to handle increased bandwidth demands and post-migration costs to run workloads in a cloud environment. While cloud migrations reduce upfront costs when adding new technology, the cloud-based model of technology consumption generates new and ongoing costs that require planning and budgeting.

Financial planning is critical to successful cloud migration. When setting a budget, be sure to factor in current costs associated with the workloads being moved as well as the expense of moving those workloads and running them in the cloud. Proper budget planning also benefits from clearly defining project goals and setting a realistic timeline for migration.

Many organisations have found it beneficial for effective budget planning to work closely with consultants, cloud providers and financial experts to conduct the necessary assessments and prepare accurate cost projections.

At the beginning of their cloud journey, many companies dabbled with several clouds, which created complexity and disconnected parts, potentially opening them up to major security threats. Our findings reiterate that security, governance and compliance tools must run across multiple clouds and be embedded throughout hybrid cloud architectures from the onset for digital transformations to be successful. 

Infrastructure or network complexity is creating cracked doors that cybercriminals are exploiting. According to the IBV study, 83% of respondents in Malaysia said data security being embedded throughout the cloud architecture is important or extremely important, in most cases, to successful digital initiatives. 

IBM recommends focusing on security and privacy by weighing which workloads should move to the cloud, ascertaining the data that should work for an organisation, setting a tactical approach and, most importantly, determining the right team for the job ahead of making critical decisions.

While more organisations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity. Organisations must also focus on testing, practising and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and accelerate the time it takes to contain an incident.

IBM Security X-Force suggests cloud users implement a multi-phased approach for preparation and response to cloud security incidents. Recommendations include adopting a zero-trust philosophy and putting into place strong access control practices, including multi-factor authentication and the principle of least privilege for cloud identities. 

Additionally, the team advises enterprises to conduct scope penetration testing projects to identify vulnerabilities and engage in adversary simulation exercises, using cloud-based scenarios to train and practise effective cloud-based incident response. There is also an emphasis on using an open and integrated security approach to help connect the dots between security data that reside across a fragmented cloud environment. It is essential that businesses double down on modernising their hybrid cloud infrastructure. They must treat their cloud environments as one single architecture, taking an open and integrated approach to get in front of these preventable and, today, anticipated risks.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.