Navigating Complexity: Best Practices for Deploying an Enterprise Cloud Platform

Public, private, or hybrid cloud: Your organization is almost certainly using at least one of these deployment models as the basis for your IT infrastructure and business operations. The cloud’s convenience has helped it achieve widespread use in organizations but, at the same time, has introduced significant challenges in the area of governance, which is critical to larger organizations. Given constant IT transformations, infrastructure migration and modernization projects, and the introduction of new services, governance policies and standards are easily lost in the shuffle since speed of delivery often trumps security and compliance.

To address the above-mentioned challenges, the concept of the enterprise cloud platform has been introduced. Unlike focusing on the deployment type (private or public) or type of cloud service offerings (IaaS, PaaS, or SaaS), this concept is about bringing the benefits of one or more cloud platforms in alignment with the governance and operational compliance of the business.

Summary of best practices for enterprise cloud platforms

Best practice	Description
Choose the right deployment models	The enterprise cloud concept is business-driven. Existing infrastructure, strategic direction, and market trends should be considered when designing the right cloud deployment model (public, private, hybrid, or multi-cloud).
Leverage global connectivity	An enterprise and its infrastructure can span multiple infrastructures and regions. Leveraging SD-WAN and SASE solutions can help unify the user experience.
Establish a governance model	A common compliance and governance framework must be established to span across multiple environments and provide clear guidelines for users and developers.
Choose automation platforms and tools	The control of an enterprise cloud requires platforms that are scalable and support growth plans without exploding operational costs.
Prioritize cost management in planning	An enterprise’s cloud journey involves complex financial intricacies. Merging budgeting and  technical planning ensures sustainable growth and optimization.
Reduce complexity	An enterprise cloud can be a complex ecosystem. It is preferable to have building and designing complexity than operational complexity.

What benefits can an enterprise cloud platform bring to your business?

The public cloud brought the ability to instantly get access to virtually unlimited computing and storage services without significant planning. With the abundant selection of cloud providers, organizations have almost limitless capabilities to accelerate their digital transformation and product market readiness. 

On the other hand, this fast-paced adoption has the potential to lead to undesired long-term bumps in the road that a business would rather avoid. Examples include public cloud security misconfigurations leading to reduced security posture and a lack of proper cloud financial management planning sometimes resulting in expensive migration projects. Additionally, when transitioning from one platform to another—especially with different paradigms (like the private data center and the public cloud)—a one-to-one mapping of existing policies and governance practices between these platforms might prevent companies from getting the most out of the new platform.

Let’s explore what benefits the enterprise cloud platform can bring when aligning your business IT strategy.

Elevating the user experience

People prefer the path of least resistance, and that applies to anyone from a seasoned software engineer to an application end user. If an organization is making it difficult to understand what data needs to reside on which infrastructure platform or whether the provisioning process has holes in it, chances are that the result is not going to meet the business’s expectations. 

If a business has decided to run one part of its infrastructure on its on-premises platform and another part on a cloud provider, the experience of using both should at the very least be comparable. If that’s not the case, the more user-friendly platform will be the first choice for end-users, even if requirements dictate otherwise. 

If one platform requires one set of tools to operate (e.g., Terraform for provisioning resources on the AWS cloud) and new virtual machines in the local data centers are created using Ansible, perhaps these two approaches do not need to be reworked, but rather integrated together and presented as the same process by an umbrella management platform. 

Having the ability to simplify the provisioning process, present a clear path to achieve a task that has been assigned to an employee, and prevent undesired outcomes by policy enforcement are some of the core duties of an enterprise platform.

Improving security and compliance 

As if one infrastructure provider is not complex enough, the majority of global organizations are moving beyond just the private cloud or just one public provider. Inevitably, the security and compliance paradigms—or, at least, their execution across them—will be different. Their alignment with the business requires an additional overlay that can tie in these differences.

The enterprise cloud platform serves as this overlay, ensuring that compliance is not left unattended as new and not completely familiar platforms are adopted.

Maintaining control over your data

Data sovereignty is a topic that has gained a lot of attention over the past few years. It is fueled by the legal ambiguities of data residency in the public cloud and cloud providers’ efforts to fulfill the requirements of even the most demanding customers. Nonetheless, there still are situations where the data residing in the cloud provider’s infrastructure might not be desirable. In fact, data control has traditionally been one of the main reasons that organizations maintain a private data center presence.

It is recommended to set up your enterprise cloud to allow you to have clear visibility into data locality obligations without creating too much management overhead in trying to govern two distinct infrastructures.

Having the option to choose the best possible solution

There is no single recipe for building the best cloud infrastructure. The purpose of an enterprise cloud platform is to utilize all the available resources to help you meet your business IT goals and not be limited to a single platform or provider that is not always able to meet the requirements 100%.

Architecting for the enterprise cloud

The enterprise cloud platform encompasses multiple elements. In this chapter, we look at the architectural considerations when designing for such complex scenarios.

Choose the right deployment models

Whenever an organization commits to making a significant change as part of its IT transformation, this comes from certain needs. We have covered some of the reasons to embrace an enterprise cloud platform. Before starting to build one, it is crucial to know which of these reasons are the primary drivers and what is the starting point:

• What does the current infrastructure look like? 
• Is there just a single on-prem infrastructure that lacks governance?
• Is the public cloud being adopted?
• Is a second cloud provider planned? 
• Is a merger or acquisition in place with IT platforms being integrated?

Even if no significant changes are currently in progress, planning for future growth is a great motivator to begin embracing the enterprise cloud platform. Having the ability to define the requirements and start designing before there is an urgent business demand allows enough time to investigate what local data center upgrades (if any) could be needed to support new developments and what off-the-shelf or custom solutions are required in terms of automation capabilities. Additionally, perhaps a particular cloud provider offers better pricing, services, or geographic locations for your goals. One may already have some blueprints to start the adoption process and avoid the most common pitfalls.

Leverage global connectivity 

An enterprise cloud is often about operating with multiple providers and multiple geographic locations, which has multiple implications. The first is ensuring global connectivity between these locations since business applications might span multiple infrastructures. Traditionally, such connections were formed using either dedicated MPLS-based circuits or site-to-site VPN connectivity.

With the emergence of software-defined networking and, specifically, its subset of software-defined WAN (SD-WAN), these complex topologies with highly available paths can now be implemented much more easily and with more flexibility. While SD-WAN leverages VPNs and dynamic routing—technologies that have been at the disposal of network engineers for decades—their packaging, simplicity of use, and troubleshooting capabilities make SD-WAN a welcomed addition to an already complex multi-environment networking landscape.

The vast backbones of public cloud providers also can play an important role even when only a limited number of your workloads are on these providers. The cloud provider’s network can be used for high-throughput connectivity with the controllers of your preferred SD-WAN solution being deployed on their infrastructures, helping to span across any cloud infrastructure.

The second implication for cross-platform network connectivity is the ability to have the same level of network security controls and insights without choosing suboptimal paths in moving the application data and jeopardizing customer experience. And this is where the concept of Secure Access Service Edge (SASE) comes into play.

SASE combines the above-mentioned network connectivity concepts with security features that span across multiple environments. Having a consistent set of security measures to be applied across environments becomes crucial if multiple public cloud environments are being adopted or when a hybrid environment is being constructed. These are situations where the available security measures in the public cloud are significantly more advanced than the ones that were used on-premises.

Besides the SD-WAN components, a SASE solution typically includes:

• Modern Layer 7 (next-gen) firewall capabilities
• Cloud Access Secure Broker for IT policy enforcement
• A secure web gateway for protecting web-based applications hosted on any environment
• A Zero Trust Network Access (ZTNA) component to enable strict but convenient authentication and authorization, moving away from the paradigm of perimeter security

In addition, SASE offerings provide interfaces and APIs to allow integrations and automation to integrate easily into your business processes.

Establish a governance model

As we have already established, the enterprise cloud platform is very much a concept of unified governance over different platforms. An organization might have already established a set of policies for their private IT infrastructure and in-house developed applications and the cloud providers offer their own frameworks, so mixing and matching these is what creates the most friction and gaps.

There are a few distinct sections that contribute to uniform governance practices:

• Unified identity and access management (IAM): A multi-cloud environment allows enterprise organizations to reliably build their businesses on a centralized and cross-platform authentication and authorization platform that is able to support modern web applications as well as classical systems if they are still being used by the business. There are plenty of such solutions—including cloud-native IAM offerings like Google Identity or Microsoft Entra ID and third-party offerings like OKTA or Keycloak—that allow the use of the same identities across multiple platforms.
• Adherence to common security frameworks: The cloud providers offer compliance policy sets corresponding to industry standards such as NIST 800-53 or CIS, making it easier to pursue compliance across public cloud platforms. If you are already supporting a certain standard on your local infrastructure and plan on expanding to the public cloud, there’s a good chance that the existing policies will make it easier to stay compliant in the cloud. If you’re looking to expand your compliance onto your private cloud infrastructure, that might involve more planning. However, configuration management with tools like Ansible or third-party tools can help with configuring the desired security workloads and maintaining their compliance and security over time.
• Financial tracking: It is very common for organizations to face increased expenses when moving to the public cloud. This can often be attributed to unoptimized workloads or due to treating the public cloud as just another data center, underutilizing more efficient PaaS and SaaS services there. Ensuring full insight into the spending for infrastructure, especially once transitioning to a more OPEX-driven model, can prevent running into overspending.
• Control for the resource type and locality: Certain workloads might be more suited to run on one platform than another or might even require a specific platform. Being able to apply the right policies to your development teams would typically leverage either significant development investments or the use of a cloud management platform.

Choose automation platforms and tools

Implementing all of the points in the previous section has obvious benefits to IT governance. However, the problem is that even developers and cloud engineers sometimes struggle to have a complete grasp of the complexities of such enterprise environments. Where a single environment could have been covered and maintained by their custom CI/CD pipelines and infrastructure code, spanning to a multi-cloud environment and maintaining a uniform governance model is a challenging task, to say the least.

To tackle this on the software development side of things, the concept of platform engineering has emerged, where an internal development platform is being created just to aid the software development teams in abstracting some of the complexities and providing them with a somewhat standardized catalog of IT services.

As for the entire enterprise organization, there are not many options but to either build or adopt a cloud management platform like CloudBolt, which can bring together the convenience of infrastructure automation, self-service, financial operations, and security compliance across multiple public and private cloud providers.

Prioritize cost management  in planning

Modern cloud strategies demand more than technical expertise. The foundation of most successful cloud endeavors lies in striking the right balance between technical agility with financial planning. While deploying a workload is one aspect, understanding the cost footprint throughout its lifecycle—including storage charges, data transfer fees, and scaling costs—is equally vital.

As businesses integrate cloud solutions, it’s essential to:

• Deep dive into operational costs: A successful transition or integration into the cloud isn’t just about the move but also about understanding the costs associated with the entire lifecycle. This encompasses the initial setup, ongoing operational costs, potential scaling, and even eventual migration or deprecation and disposal. Whether you’re considering the public cloud or an in-house data center, you must report on direct expenses, such as infrastructure and software licenses, and indirect ones like manpower and training. The costs must then be allocated to cost centers, projects, or departments so that operations teams can manage to budget. 
• Intelligent orchestration with cost in mind: Automation and orchestration are vital in the modern enterprise cloud environment. However, it’s paramount that these processes don’t just focus on auto-scaling based on the growing workloads but also adhere to budgets. This means making decisions on workload placements, scaling strategies, and service selections with a continuous evaluation of their financial ramifications. 
• Forecasting and budgetary preparedness: Looking at the enterprise cloud through a financial lens also means forward-thinking. Utilize tools and methodologies that allow you to forecast potential costs based on your architecture. This proactive approach not only ensures that there are no unexpected financial surprises but also positions the organization to be agile, adapting to changing needs without being hampered by budgetary constraints.
• Strategic workload placement: Financial outcomes often hinge upon the initial choices you make related to your workloads—architecture, placement, and configuration. On the contrary, the broad sentiment among IT leaders often considers workload location as inconsequential compared to factors like performance and security. While the public cloud may be the go-to for many enterprises due to its feature-rich offerings, it’s not a one-size-fits-all solution. An upfront evaluation of Total Cost of Ownership (TCO) must be a guiding principle for effective decision-making. Assess all associated costs—resource and hosting, ongoing maintenance, software licensing, and contractual commitments. Don’t get influenced by vendors promising more than you need; instead, validate claims through testing. Also, consider workload behavior. If your workload experiences consistent high utilization, on-premise solutions might often be more cost-effective. Aligning these considerations at the outset not only helps control immediate costs but also align with long-term financial and operational goals.

CloudBolt recognizes the convergence of finance and technology in shaping today’s cloud strategies and has implemented integrated features that marry cost reporting and optimization with orchestration and automation. The platform champions this holistic approach, underscoring its integral role in ensuring organizations not only embrace the cloud but do so in a manner that aligns with their financial health and goals.

Reduce complexity 

It is quite obvious that an enterprise cloud platform is a complex ecosystem. While IT managers tend to ensure consistent service delivery to their customers, automate their deliveries, and unify their cloud strategy across platforms, this results in significant overhead.

It is often tempting to build custom solutions to fulfill parts of these requirements. However, while there are corporations that have the expertise to implement and later maintain such platforms end-to-end, this creates a long-term operational obligation to maintain a solution that is simple and elegant from the end-user’s perspective. If only parts of the solution are taken care of, this will result in significant complexities in daily operations and might result in a complete failure to adopt.

It is common for organizations to focus on polishing their self-service catalog on their ITSM platform to allow customers to quickly get new infrastructure resources (like virtual servers). While this is fairly simple to implement and much more efficient than having an operations engineer provision the server manually, a single server is still just a small piece of the entire application infrastructure. Multiple resources will have to be provisioned similarly and then integrated, requiring significant operational activities. In addition, later maintenance of such infrastructure of non-uniformly provisioned resources would require classical operational practices rather than relying on GitOps. 

On the other hand, spending more engineering time on creating repeatable solutions, while more time-consuming in the first place, will lead to significantly less operational complexity over the lifecycle of the application.

In the end, when building a complex system to fulfill a business need, the complexity of development and implementation is always preferred to the complexity of operations. Quality off-the-shelf offerings tend to deal with this aspect very well.

Conclusions

An enterprise cloud platform is a major project and can be a great business enabler. The complexity of the current IT infrastructure landscape has made it a very relevant concept for multi-cloud enterprises aiming to maintain control of their infrastructure. However, its complexity should not be underestimated because reluctant adoption of the enterprise cloud might not yield the desired outcomes.

Apart from the right strategy that aligns IT with the business goals, the selection of the right set of tools to achieve this is crucial. CloudBolt’s robust management platform helps you achieve efficiency, security, and the right level of governance for your enterprise without having to undertake a complete overhaul of your IT teams.