Building a hybrid multicloud strategy

Updated on: March 15, 2023

At Pluralsight’s 2022 Navigate event, Howard Holton, CTO for the analyst organization GigaOm, shared his strategies and tactics for building a hybrid multicloud practice. With 35 years of IT experience and 15 years in the CxO seat, Howard knows what it takes to set up a hybrid multicloud practice that drives your people and your organization to success.

A hybrid multicloud strategy is one where an organization has some on-premises resources and cloud resources hosted in multiple, regionally dispersed public cloud providers. It’s a hybrid cloud strategy with a little multicloud thrown in.

Why wouldn’t you pick just one? Hybrid multicloud strategies reduce technical debt and add agility to your organization. They also reduce risk and costs. But only if you rethink your architecture and deployment to use the most modern standards possible in the process.

Hybrid multicloud strategies combine the benefits of multicloud and on-premise environments. You get the control and privacy of on-premise strategies with the scalability and performance benefits of multicloud strategies. But the top benefits of a hybrid multicloud strategy are:

Hybrid multicloud strategies combine multicloud’s top security and compliance features with on-premise consistent security and compliance controls so you can deploy and scale data or workloads in a secure, compliant way.

With hybrid multicloud strategies, you have choice about where, how, and when you deploy resources. You can weigh the benefits of individual services against each other to develop the most cost-effective, secure, flexible, and innovative solution for your unique circumstances.

Lifting and shifting your entire infrastructure to this type of strategy won’t provide any of those benefits. It takes a concerted effort, a dedicated strategy, and time to see the real benefits of a hybrid multicloud strategy. Here’s what it looks like to build a hybrid multicloud strategy in 90 days.

Defining scope includes identifying all your applications, business units, tools, and partners and how a cloud migration might affect them. You should also think about your customers—those individuals your activities will affect. In this way, the scope includes your technology and operations. 

By the 30 day mark, you should:

• Determine the scope of what you’re trying to accomplish with your strategy

• Identify relevant tools and partners

• Establish a governance framework

Once you’ve identified your scope, partners, and tools, it’s time to establish a governance framework. This doesn’t mean the policies, procedures, or minutiae of governance. That takes longer than 30 days. A governance framework is how to govern everything that falls within the scope of your strategy. At this stage, you should ask questions like:

• Who are the members of the governance council?

• What is the goal and scope of governance?

At 60 days in, it’s time to create standards. This requires you to define processes within the technology teams. Consider the following:

• Who is going to own what?

• What will the handoffs look like?

• Where are the friction points? 

• Is the friction necessary? 

• Can we eliminate any friction by changing who owns what and why?

Governance issues often create unnecessary friction points. You may need someone to sign on something, but they’re not an owner. You can eliminate friction by transferring ownership to the correct person.

By the 90-day mark, you’ll focus on training and key performance indicators (KPIs). Transferring ownership to the proper roles and teams is helpful here so their associated KPIs and management by objectives (MBO) directly reflect the amount of friction that’s been added to (or removed from) the process. 

When thinking about KPIs, consider agility and risk specifically. Instead of measuring how many machines have been moved, focus on KPIs associated with the outcome of those applications. Ask yourself, “How much risk can I measure, and how can I document the reduction in risk?” 

From there, you’ll develop your training plan—how you’ll train the people that will use your applications, especially as they change throughout the modernization process. To successfully train your people, identify your champions within the organization early. Your champions are the people within the business unit others look to as leaders. They should be involved in the process as soon as possible so that they’re trained before launching the official training. 

It’s also helpful to identify the people who may be the least supportive of the changes. Giving them a position of perceived authority can turn your biggest detractor into your biggest champion.

With any technical strategy, there are risks. A hybrid multicloud strategy is no different. It’s up to each leader to identify the larger organizational outcomes and the strategy that gets them there faster. With hybrid multicloud environments, there are three main risks that leaders need to understand and mitigate when designing their strategies.

Hybrid multicloud strategies, by nature, distribute data and workloads across multiple cloud platforms. That automatically creates higher security risk that organizations, especially those subject to compliance regulations, must prepare for.

One of the biggest multicloud challenges is understanding the unique tools, services, and processes across platforms. Adding an on-premise function to this already complex environment makes management even more difficult for technical teams.

Hybrid multicloud strategies give teams greater control over how and when they spend money on their infrastructure. The struggle is finding systems and processes to effectively manage the costs of the on-premise and cloud solutions and adjacent costs like personnel and other resources.

Security is the most critical change organizations usually make when carrying out a hybrid multicloud strategy. The communication around security changes is also essential. Lean into Zero Trust as your security framework. 

Compliance is another key factor, and you can get ahead of it by designing General Data Protection Regulation (GDPR) compliance into your framework. The European privacy and security law applies to anyone who targets or collects data from people in the European Union. You should also evaluate the effects of the California Consumer Privacy Act (CCPA). Ultimately, you need to consider compliance from the viewpoint of consumers. In other words, “If you’re going to hold my data, you must be a good custodian of that data.”