As organizations continue to modernize and rely on modern apps and components and APIs, the number of workloads in and complexity of their portfolios has increased. This increases the challenge-level of securing and scaling these workloads because modern apps and APIs may be subject to the same kind of attacks, but the services needed to protect against them must fit in with more modern architectural constructs. For example, when scaling a container cluster, you’re probably going to use an ingress controller and not a plain old load balancer. When protecting APIs, you’ll likely skip the traditional web app firewall (WAF) and look to an API protection option instead. Or perhaps you’ll migrate from WAF to web app and API protection (WAAP) to handle both in one option.
Oh, and don’t forget that some of those app security and delivery services will be in the core (on-premises) and others in the public cloud, and, increasingly, some will be at the edge. Few of them are the same, which means an increasingly diverse set of consoles, APIs, policies, languages, and capabilities. Don’t forget the capabilities. After all, that’s why you use them – to provide capabilities like security and optimization and scale that applications, regardless of architecture, aren’t built to include.
Every organization will (soon) be a multi-cloud organization with a diverse portfolio of applications that span architectural styles. We already see workloads and the app services that secure and deliver them spread across every environment, and nearly 9 in 10 (88%) of organizations today operate apps comprising all five core architectural styles: monoliths, client-server, three-tier web app, mobile, and container-native distributed across core, cloud, and edge.
This poses a problem for operations. Aging apps in traditional architectural styles were not instrumented to offer visibility. Monitoring these applications is accomplished via agents – additional software that adds to an already overloaded operations team. Consistency of security across services and software designed to secure different architectures? Only in PowerPoint slides.
So, it’s no surprise that two of the most common – and long-standing – challenges associated with operating in a multi-cloud organization involve consistency and visibility.
- Shifting Security. 44% percent struggle to achieve consistent security across applications
- Mismatched Monitoring. 45% are frustrated by a lack of visibility into performance and security
But we do see a path forward toward addressing these challenges by modernizing ops.
Modernizing ops means shifting the burden of day-to-day, mundane tasks to technology and leveraging human expertise to focus on the big picture: the digital experience. That means changing the focus of ops from individual applications and systems, no matter where they are, to a systems-level focus that evaluates performance and security based on its impact to business outcomes.
Did it disrupt the user experience? Then it’s not a big deal. Did it prevent a customer from making a purchase? That’s a huge problem.
But before you can get to that level of operations, you have to put some things in place. That’s the process of modernizing ops. You’ll need:
- Observability. Enabling end-to-end digital experience visibility is critical and no simple feat. Given the state of monitoring today and the lack of consistency across environments and systems, this is a monumental task. Open Telemetry is currently the best option for enabling visibility across any part of the stack in any environment. Instituting policies that make telemetry generation a requirement for all devices, systems, software, and applications is a good way to start modernizing monitoring. This addresses the challenge of mismatched monitoring.
- Tooling. Once you have the data enabled by an observability strategy, you need the ability to analyze and act automatically on it. That means tooling, both in the form of a digital operations platform and across the app security and delivery domain. A digital operations platform should be able to ingest, process, and analyze data and produce actionable insights based on business objectives, a.k.a. Service Level Objectives (SLOs). App security and delivery services should be automatable and harnessed to toolchains that allow for automated adjustments to their policies across all environments based on those SLOs. This can address the issue of shifting security by encouraging standardization across the app security and delivery domain that reduces the variability in policies, language, and APIs.
- People. There is no way you can modernize ops without people and their expertise. It is not just their domain expertise or device expertise, but their ability to connect business outcomes to operations expertise. People, too, are ultimately necessary to make the big decisions that should never be delegated to a system. Should you shut a site down? That's a human decision. Should you move workloads from one environment to another? Probably a human decision. And ultimately, there will be conditions that machines cannot resolve that require the kind of thinking only people bring to the table.
Bringing together observability, tooling, and skills can be grouped into what is today known as site reliability engineering (SRE). Not only is modernizing operations through the adoption of SRE practices increasing across the globe, but we’re also seeing real impact for organizations that have done so. From the ability to migrate apps across clouds to being faster to embrace the emerging edge, those who have adopted SRE practices are showing signs they are overcoming the challenges of multi-cloud.
Multi-cloud is unavoidable. Modernizing ops is one of the best ways to move forward and put an organization on the right footing to be able to operate successfully – and securely – and avoid succumbing to multi-cloud madness.