Navigating Your Path To Smart Cloud Migration
Through elasticity, increased agility and pay-as-you-go models, the cloud offers a true utility model for information technology (IT) services. While the benefits are compelling, applications that rely on legacy technology are not readily portable to the cloud.
To overcome this shortcoming, migrating these applications requires use of one of the 5 Gartner Rs: re-host, refactor, revise, rebuild or replace. Despite the adoption of these strategies, the process of migration to the cloud makes customers heavily dependent on the cloud service providers (CSPs). Many enterprises feel compelled to do what they consider “safe” -- entering the cloud by single sourcing to one of the well-known giant cloud service providers at punitive costs. Alternately, they might turn to private cloud developers for their mission-critical systems; however, in so doing, they sacrifice benefits such as rapid innovation, one of the hallmarks of large commercial CSPs. In either instance, there is a risk of becoming locked-in to a single vendor.
Demand
The good news is that for a few federal customers, the cloud has become mainstream technology as agencies look to the cloud to modernize, reduce costs and maximize operational efficiencies. Some, however, remain hesitant due to a perceived lack of options for the varying “as a service” options -- infrastructure, platform and software. Defense and intelligence customers, for example, have few options to choose from, which has stymied innovation for some and made others adverse to long-term commitments.
Supply
During an era when the government seeks “agnostic,” i.e., technologically independent solutions that play well together, no matter the vendor, CSPs seem to be moving in the opposite direction -- on a proprietary-focused path.
History Of Cloud Interoperability
From cloud’s inception, attempts to standardize the ecosystem yielded nominal results and single-vendor dominance led to a broad acceptance of large CSPs for customers’ cloud migration, for no better reason than that the choices were limited. Since 2013, multiple vendors have unsuccessfully tried to launch the idea of an “open cloud architecture.”
Agencies such as NASA, which created the OpenStack open source cloud computing project, have advocated for open cloud standards. After a rough beginning, OpenStack has earned some market share, but compared to others, it is negligible. The equation disparity grows by the day. Last year alone, the largest CSP released more than 4,000 new services or changes to existing services, with its two closest competitors reporting similar figures.
The Current State Of Interoperability
One obvious potential driver of competition in the CSP marketplace is interoperability -- the freedom to choose any CSP solution with the assurance that it will integrate with alternate cloud options and still operate at peak performance and cost efficiency.
The Institute of Electrical and Electronics Engineers (IEEE) and the National Institute of Standards and Technology (NIST) are working on this much-needed missing link: interoperability cloud standards. The Cloud Native Computing Foundation steadily works to create cloud-native yet vendor-agnostic technologies. Another organization with a similar objective is the Cloud Security Alliance, but all those noble efforts are still in their “early days.”
As a foundation and alliance contributor, ManTech continuously reviews definitions of cloud-native approaches to the CSP marketplace, but as of this writing, no final definitions have emerged. Uniform cloud interoperability standards remain a work in progress.
In the meantime, CSPs’ ironclad focus remains on technologies that lock-in customers. True, an entire movement around microservices and containers is emerging as a potential solution to the interoperability issue. While the movement is picking up speed, it is far from becoming a mainstream reality for a diverse variety of essential business applications.
Challenges And Risks
Among the foremost challenges to government customers, different ecosystems present multiple connection technologies at the network level -- a major challenge to customers who are forced to support them all.
That scenario leads to another challenge: investment in training workforces in the full array of technologies specific to each cloud vendor.
While racing to address these challenges, customers and CSPs face yet another: ensuring that security is factored in from the start. Just one hitch: The notion of shared security responsibility can quickly devolve into a rat’s nest of issues when it involves multiple cloud environments and numerous vendors. Small wonder, then, that until last year well-publicized reports by Upguard, Google and RedLock about cloud data breaches meant that customers shied away from the cloud.
Cloud Security And Trust
Until 2017, cloud security was still a concern among top executives, and while confidence in the space has grown significantly, as indicated by survey (registration required) results from MIT and Google, despite the growth in cloud confidence, 44% of businesses and IT leaders think security is the top concern.
One method to abate some concerns involves using cloud access security brokers (CASBs), which create cross-cloud visibility and give customers more control. That said, few mature CASBs exist in the market today. CSPs are building native tools to manage security within their ecosystem, but security professionals implementing “zero trust security” with “identity as perimeter” find it difficult to use. The security tools ecosystem built its entire life cycle behind the rapidly developing cloud technologies, and it might be high-time to close the gap between cloud services and cloud security tools.
What’s Next?
From supply and demand to vendor lock-in, the IT landscape is changing rapidly in cloud computing. Customers are increasingly seeking to balance cost, flexibility and availability of service. Thus, the move toward interoperability is a growing trend. In fact, there is a common consensus among experts that the future landscape will be comprised of multicloud and hybrid cloud environments.
While there is a natural tension between a few top vendors luring customers in their direction, within a few years we should expect this market to become more competitive, with widely recognized standards.
