Building a hybrid multicloud strategy

November 28, 2022

At Pluralsight’s 2022 Navigate event, Howard Holton, CTO for the analyst organization GigaOm, shared his strategies and tactics for building a hybrid multicloud practice. With 35 years of IT experience and 15 years in the CxO seat, Howard knows what it takes to set up a hybrid multicloud practice that drives your people and, therefore, business to success. 

What is a hybrid multicloud strategy?

A hybrid multicloud strategy is one where an organization has some on-premises resources and some cloud resources hosted in multiple, regionally dispersed public cloud providers. So it’s a hybrid cloud strategy with a little multicloud thrown in.

Why wouldn’t you just pick one? Hybrid multicloud strategies reduce technical debt and add agility to your organization. They also just happen to reduce risk and costs. But only if you rethink your architecture and deployment to use the most modern standards possible in the process. 

How to build a hybrid multicloud strategy

Lifting and shifting your entire infrastructure to this type of strategy won’t provide any of those benefits. It takes a concerted effort, a dedicated strategy, and time to see the real benefits of a hybrid multicloud strategy. Here’s what it looks like to build a hybrid multicloud strategy in 90 days:

30 days: Establish benchmarks for your hybrid multicloud strategy

Defining scope includes identifying all your applications, business units, tools, and partners, as well as how they’re all likely to be affected by a cloud migration. You should also be thinking about your customers—those individuals who are going to be affected by your activities. In this way, the scope includes your technology and operations. 

By the 30 day mark, you should:

  • Determine the scope of what you’re trying to accomplish with your strategy

  • Identify relevant tools and partners

  • Establish a governance framework

Once you’ve identified your scope, partners, and tools, it’s time to establish a governance framework. This doesn’t mean the policies, procedures, or minutiae of governance—that takes much longer than 30 days. A governance framework is how to govern everything that falls within the scope of your strategy. At this stage, you should ask questions like:

  • Who are the members of the governance council?

  • What is the goal and scope of governance?

60 days: Create standards

At 60 days in, it’s time to start creating standards. This requires you to define processes within the technology teams. Consider the following:

  • Who is going to own what?
  • What will the handoffs look like?
  • Where are the friction points? 
  • Is the friction necessary? 
  • Can any friction be eliminated by changing who owns what and why?

Governance issues often create unnecessary friction points. You may need someone to sign on something, but they’re not an owner. You can eliminate friction by transferring ownership to the correct person. 

90 days: Training and KPIs

By the 90 day mark, you’ll focus on training and key performance indicators (KPIs). Transferring ownership to the proper roles and teams is helpful here so that their associated KPIs and Management by Objectives (MBOs) directly reflect the amount of friction that’s been added to (or removed from) the process. 

When thinking about KPIs, consider agility and risk specifically. Instead of measuring how many machines have been moved, focus on KPIs associated with the outcome of those applications. Ask yourself, “How much risk can I measure, and how can I document the reduction in risk?” 

From there, you’ll develop your training plan—how you’ll train the people that will use your applications, especially as they change throughout the modernization process. In order to successfully train your people, identify your champions within the organization as early as possible. Your champions are the people within the business unit that others look to as leaders. They should be involved in the process as soon as possible so that they’re trained before launching the official training. 

It’s also helpful to identify the people that may be the least supportive of the changes. Giving them a position of perceived authority can turn your biggest detractor into your biggest champion.

Where do security and compliance fit into a hybrid multicloud strategy

Security is the most critical change organizations usually make when carrying out a hybrid multicloud strategy. The communication around security changes is also essential. Lean into Zero Trust as your security framework. 

Compliance is another key factor, and you can get ahead of it by designing General Data Protection Regulation (GDPR) compliance into your framework. The European privacy and security law applies to anyone who targets or collects data from people in the European Union. There are also the effects of the California Consumer Privacy Act (CCPA) to consider. Ultimately, you should consider compliance from the viewpoint of consumers. In other words, “If you’re going to hold my data, you must be a good custodian of that data.”