In 2023, a 451 Research survey, commissioned by Oracle, found 98% of respondents were using at least two cloud providers, while 31% were using four or more. But multi-cloud has become a double-edged sword for IT leaders, as they struggle to ensure their resilience and data management strategies align most effectively with their multi-cloud setup.
This topic was the focus of a recent webinar hosted by ActualTech Media, supported by Cohesity. Experts Genny Gordon, senior product marketing manager at Cohesity and Melissa Palmer, technology analyst and VMware certified design expert discussed the benefits and challenges of multi-cloud, some of the chief difficulties businesses face when first moving their data into the public cloud, the tried and tested methods for embracing multi-cloud, and how it can bolster a recovery strategy.
Advantages and challenges of multi-cloud backups
There are many benefits to a multi-cloud approach, including reduced risk, cost, and scalability.
When it comes to reducing risk, some enterprises turn to a multi-cloud approach, in which their data and workloads are stored across multiple public cloud instances for data security and improved uptime. Cloud flexibility can feed directly into a company’s disaster recovery strategy, ensuring that when the worst happens, they’re ready to stand up critical services once again.
Multi-cloud setups also help organizations spread their workloads across the clouds where they’ll be most effective and reduce running costs. Companies can set up critical processes quickly and keep data access consistent if the demand suddenly spikes.
However, while many enterprises split workloads across their multi-cloud environment based on personal preference, such as using AWS for databases and Microsoft Azure for other apps, according to Palmer, others can also unintentionally find themselves having to handle a multi-cloud approach because of distributed tools. This can cause data silos, which leave organizations vulnerable.
Gordon underlined the importance of maintaining one’s visibility over a multi-cloud environment, stating that while additional clouds come with better guarantees for uptime they also increase a business’ attack surface.
“How am I supposed to protect everything if I don’t even know where it is or what it's doing?” she asked. “And I think that when I've seen people get burned in the cloud, it's because they didn't go in with the right mindset and the right planning.”
To address this, enterprises can work with data backup, recovery, and mobility solutions providers, like Cohesity, to ensure that their data and workloads are protected no matter how they are divided across their multi-cloud environment.
Another challenge is lack of adequate cloud observability, with some CIOs indicating that their cloud complexity is incompatible with security demands. In recent months, organizations have also registered alarm at the detrimental effect of cloud complexity on incident response times. This can negate some of the inherent benefits of multi-cloud when it comes to dealing with cyber attacks.
Without strong recovery point objectives (RPOs) and recovery time objectives (RTOs) many organizations have struggled with cloud workloads, Palmer said. This means businesses are setting themselves up for failure.
“The worst thing I've ever heard in my life was someone tell me that they had to be out of their data center into a cloud within six months because the CTO would not get their bonus unless they had evacuated the data center.
“So they were taking all the shorts of shortcuts. You better believe they were not backing that stuff up when they got it because their only concern was getting out of the data center.”
The anxieties driving multi-cloud adoption
Whether you choose a multi-cloud strategy or not, you still need a plan in place to protect your data.
Ransomware has long been the bane of enterprise security teams, with big-game ransomware on the rise again, and Palmer notes that this is a major consideration for enterprises investing in data backup and recovery across multiple cloud providers.
Ransomware provokes anxieties on multiple fronts for businesses in 2024. Gordon points out that the true cost of ransomware attacks doesn’t end at potentially paying attackers to restore data – with customer churn, reputational damage, and extensive recovery payments all piling onto the final bill.
“You can’t be offline for one day, or even one hour before it becomes difficult,” Gordon says, adding that simplicity and scale are key to recovering quickly and without lasting effects from cyber attacks.
Gordon claims Cohesity DataProtect delivers the fastest recovery of any data management provider, with the aim of getting businesses back on their feet following an attack within minutes or hours, instead of days. Cohesity works with six of the Fortune 10 and 40% of Fortune 100 companies.
She adds that, unlike other data management providers, Cohesity allows companies to back up data directly into their chosen cloud including AWS, Azure, and Google Cloud.
If one’s data is spread out across multiple clouds, it can be far easier to find clean data and use that to roll systems back to a usable level – provided they are using an appropriate backup tool.
Take the recent example of UniSuper, an Australian pension fund worth $135 billion, which was thrown into disarray in May 2024 following the accidental deletion of its entire Google Cloud account including backups. The firm was only able to keep operating because it kept backups with another provider – and experts within the sector have used the accident as an argument for a multi-cloud approach as standard in the modern business environment.
Spreading backups safely across multiple providers makes it easier for leaders to recover from incidents, including the most catastrophic imaginable, without the need for IT to work round the clock or any requirement to negotiate with attackers.
“So this really underscores the need for that clean backup copy and how important it is to be able to readily access it, in the case of an outage or attack,” Gordon adds.
Keeping an eye on every corner of one’s cloud is also paramount to ensuring you follow data protection policies. If you don’t know which provider is hosting which of your workloads, or even your critical data, you can’t know that it’s being looked after or handled properly per legislation such as GDPR.
Cloud providers operate shared responsibility models – sometimes called shared fate – in which customers carry the final responsibility for their own data protection.
“At the end of the day, the cloud is just someone else's data center,” says Palmer. “It’s not this magical thing in the sky that everybody thinks about, you do still have responsibilities in the cloud. And data protection is absolutely one of them.”
Click here to watch the free webinar now.