All insights

A Favorite Recipe for Optimizing and Securing Your Hybrid Cloud

Krishnaprasath Hari Krishnaprasath Hari
Vice President, Cloud Engineering, Hitachi Vantara

June 10, 2021


Enterprises are quickly evolving from a posture that approached the cloud as a kind of playground to one that goes all in to achieve cloud-first, cloud-native IT. With this transition from free-for-all to mature-business-service architecture, usually involving multiple public cloud providers, comes the need to answer some thorny questions. It’s no longer sufficient to endlessly pile on additional cloud services to a growing hybrid or distributed cloud infrastructure. Organizations need reliability, not at the level of individual cloud services, but in broad terms of how their entire environment runs.

In a broader perspective, there needs to be an operating model that considers four critical measures — control, security, cost and resiliency — that together make it possible to set high-level policies. Such policies are then implemented, monitored and enforced consistently throughout the life cycle of operations.

The following is a collection of recipes that are the foundation of an impressive cloud infrastructure banquet: a coherent operating model for establishing, governing and managing the hybrid or distributed cloud effectively. The objective is not only to rein in cloud technology but also to re-envision the approach to cloud infrastructure. The result is a dynamic, event-driven system that can be relied on to continuously and reliably meet business needs.

A House Recipe for Control

The right control layer for the cloud is one that provides visibility into what’s happening across the entire ecosystem. It is one that sees all clouds as a whole, and makes it possible to sanction services and set policies to keep all your varied clouds within the guardrails of your business requirements. This control plane is a rich amalgam of mindset, processes and engineering approach that combines the best practices of each domain.

The key to establishing a cloud control plane is to decouple the process, orchestration and tool ingredients from the policies that define the desired end state. This makes it possible for your organization to then create your own kind of unique secret sauce that enhances agility. Every organization is different. There is no one solution that will fit all. Moreover, the tools of the cloud evolve constantly. If you force-fit a tool into a rigid, tightly articulated control plane, it would be necessary to rewrite the recipe every time a tool becomes obsolete or a new tool offers opportunity. Policies become the high-level recipe.

Policy-based recipes empower your organization to set declarative, top-level directives, which can then be translated automatically into appropriate mechanisms for each cloud. And then, let’s say something changes. Well, you just change the implementation of that policy. By decoupling the various elements, it is possible to tweak the recipe as your enterprise’s tastes change, without having to change the policy itself. This is only possible by avoiding the creation of a brittle, monolithic, hardcoded control plane.

Zero Trust Makes It Possible To Relish the Cloud Feast

The recipe for security is a foundational one that, once prepared, is present in all others. The main ingredient is a zero-trust security model that automatically enforces authentication, identity, governance and privileges across all cloud interactions, regardless of location, device or network. Again, it is imperative that your organization be able to establish uniform policies that apply across the entire hybrid or distributed cloud footprint, including both people and technology.

Delicious Cost Optimization

Customers report that only about 70% of their spending on the cloud is effective. The other 30% is the bill for underutilized, underperforming or misaligned services. That’s a recipe for indigestion. What’s needed is a layer that makes it possible to set policies and have the visibility to act on that guidance, to optimize for capacity and needs. These are programs within your enterprise to govern cloud metering, chargeback and other economic considerations so that your organization’s cloud spending is driven by desired outcomes. By automating cloud spend analysis and evaluating the variability of cloud resource consumption, you make it possible to behave in a more cloud-native, cost-conscious fashion.

The Backbone of the Meal Is Resiliency

To make the most of a cloud-native infrastructure, you need a recipe that infuses that notion of reliability and security across the entire ecosystem. Scalability, resilience and security are never achieved fully as afterthoughts. DevSecOps thinking must be present from the moment an application is released all the way through full automation, with undercurrents of proactive and reactive reliability behaviors. Establishing reliability and resiliency within operations requires having the ability to capture and understand the right metrics and behavior.

Resiliency begins with capabilities in the control plane. It also considers cost. Resiliency is embedded into DevSecOps products, enabling applications to be self-service and to make services that are self-declarative. Resiliency is a sophisticated recipe that requires some experimentation if you are to have confidence that the resulting systems are able to stand up to the unexpected.

Serving Up the Hybrid Cloud

How do you bring these varied recipes together to create a feast that makes it possible to manage the environment independent of any specific cloud? It will take more than just the core processes outlined above. It requires people, too: a cloud center of excellence that brings together knowledge, leadership and execution. The center of excellence must be empowered to support all four mechanisms we’ve cooked up and to work with stakeholders across the enterprise, including product management, operations, service design or architecture groups, and business units.

This center of excellence must have a mandate to scale operations based on capability rather than capacity. The center’s job is to look out for the functions needed to enable cloud engineering, so that, for example, it is possible to quickly support a new business or service by provisioning cloud services from day one. When you achieve that capability, you’ll see that your enterprise has realigned itself to face the cloud and embrace the cloud, and not just use the cloud.


Krishnaprasath Hari

Krishnaprasath Hari

Krishnaprasath (KP) Hari leads the global cloud engineering practice supporting clients with their cloud strategy, adoption, migration, modernization, transformation and operations journey. He has also supported industry verticals including media, telecom and manufacturing.