For many years now, we have observed a steady rise in companies declaring “end-of-investment” in their on-premises environments in favor of more flexible cloud environs. These companies cite many reasons for why public cloud environments are appealing: scalability, a variety of consumption options that can yield cost savings, and improved agility, to name a few. However, whether an organization is migrating existing applications, building a scaled operation for new applications hosted in the public cloud, or both, the architectural approach taken can make or break the business case. Savvy companies are now proactively architecting in flexibility and choice of multiple platforms.
A common mistake many organizations make at the start of their public cloud journey is to over-prioritize speed, leveraging exclusively cloud-native services (services offered by cloud providers as part of their platforms). Whether as an explicit top-down declaration or implied as part of a “cloud-first” strategy, this approach misses important distinctions between applications, the data those applications generate or process, and the services that are used to secure and deliver the applications. Many organizations that take this “cloud-native first” approach inevitably encounter several costly consequences, including:
1. Diminished Security & Compliance
A 2021 report from 451 research found that 23% of companies cited security concerns and the lack of viable security measures as a major factor in their decision to shift in to reverse gear and move apps away from public cloud providers in the next 12 months. Many security teams, having comprehended and navigated the cloud provider's shared security responsibility model (whereby the cloud provider secures the cloud infrastructure, and the cloud tenant secures their own cloud network, apps and data), find they are not able to replicate the security controls and efficacy of their on-premises environment with only cloud-native security solutions in their arsenal.
Despite this, in pursuit of speed and simplicity, many organizations at the beginning of their cloud adoption journeys elect to forgo the advanced security and compliance solutions they’ve implemented on-premises in favor of public cloud-native services—ultimately to the detriment of their security and compliance posture.
2. Platform Lock-in
While most companies try to avoid vendor lock-in where possible, it is in some cases being justified as a trade-off to access the significant benefits cloud computing affords. The shortcomings of this trade-off are usually only realized when the need for expansion arises. Unsurprisingly, being tied to a single platform or set of tools makes it much more challenging to adopt another cloud ecosystem where the use of those same native services is not possible and domain knowledge is non-transferable. As an example, an organization operating a native Web Application Firewall (WAF) to protect their apps on AWS would be unable to move those apps to Azure and enforce the same protection using an Azure-native WAF due to disparities in the policy or signature semantics, configuration options, and feature sets. A more future-proof, adaptable, and ultimately cost-effective approach for such services that live in the grey zone between infrastructure and applications is to standardize on a few platform-agnostic capabilities (WAF for example) that span your on-prem and cloud environment(s).
3. Unanticipated, Surging Costs
Beyond the expected costs associated with initially migrating to the cloud (e.g., cloud infrastructure, data transmission, application refactoring), cloud costs frequently exceed planned spend as cloud dependence and usage escalates. According to Andreessen Horowitz, the estimated annual committed cloud spend for well-established, cloud-based companies can be equal to around 50% of their cost of revenue, with this figure exceeding 80% for some software companies.
Bearing this in mind, the use of native solutions can end up being a significant (and often unexpected) contributing factor to all-up cloud costs. While the pay-as-you-go, consumption-based licensing model for native services provides flexibility and scalability when you first deploy, as application usage begins to ramp up, so too do the costs.
A further inevitable cost comes as a result of acquiring the talent and building competency in operating multiple infrastructure environments. Expertise is required to monitor and triage the day-to-day operational support of application security and performance. It’s rare that the teams handling on-premises data center operations have the complete skillset necessary to undertake this task in the cloud, which often leads to operational overheads being duplicated.
Once one or more of these issues surface, organizations typically follow one of two paths (and occasionally both) in an attempt to remedy them. Path 1 is to migrate workloads back to their on-premises data centers to cut costs, improve security, and regain control. Path 2 is to move part of their app portfolio into new cloud environments to access desired functionality and more competitive pricing.
Regardless of the remediation path chosen, the journey is considerably more difficult when organizations have built up their entire architecture around cloud-native services—primarily due to them being non-transferable. Fortunately, however, with thoughtful, upfront planning and the right architectural decisions at the start of a cloud journey, this is an entirely avoidable predicament.
Appreciating that cloud journeys are often dynamic and unpredictable, you can set yourself up for long-term success and greater value creation by following two simple principles:
Future-Proof Your Decisions and Investments – As best you can, plan well beyond your initial foray into the cloud and make decisions that will set you up for success regardless the route your cloud journey takes, whether that ends up being use of a single cloud or multiple clouds. This includes:
Foster an Application-Centric Mindset – Your apps are undoubtedly your most valuable assets in the digitally obsessed world we live in, meaning that all cloud decisions should be made with their best interests in mind. This includes:
Whether you’re just starting to kick the cloud tires or already a mature cloud connoisseur, key design choices now will make a big difference down the line. Devise a strategy and implement solutions that meet your current requirements, but that will also ensure success regardless of which path your cloud journey takes. If you’re ready to discover how F5’s products, technologies and global cloud specialists can help get you on your way to achieving this, then contact F5 today.
Research Articles and Additional References: