EAM for better planning and management of multi-cloud solutions

The right cloud service for every use scenario, no vendor lock-ins, a high degree of reliably at the best possible level of performance – companies undergoing the digital transformation are increasingly recognizing the benefits of heterogeneous cloud environments. A white paper produced by the Cross-Business-Architecture (CBA Lab) explains how EAM can help with the effective planning and management of such environments.

The introduction of cloud solutions is often accompanied by a paradigm shift: Instead of defining long-term target architectures, enterprise architectures are adapted over time on the basis of expanding knowledge and experience and through the use of iterative approaches. Traditional project organizations and hierarchical structures are pushed to their limits in such a setup, which means a new organization needs to be established.

“In the past, enterprise architecture focused on controlling risks through ever more precise planning,” says Björn Oestrich, Coordinator of the Cloud Guide III workstream, which produced the aforementioned white paper. “However, in the future, the decisive factor for ensuring the viability of a company will no longer be risk avoidance or risk prevention but instead adaptability – and adaptability also requires rules and guidelines. Enterprise architecture management will be expanded to include cloud management elements, which means it will have to become more agile. In addition, EAM will need to be able to effectively address uncertainties.” Nevertheless, the main tasks of enterprise architects will not change – i.e. they will still mainly be responsible for the transparent planning and implementation of the business and IT strategy, as well as the provision of a corresponding architecture.

CBA Lab member companies consider the following aspects to be most important when making a decision to pursue a multi-cloud approach. The relevance of these aspects and the weight they are assigned depends on the specific cloud strategy of the company in question.

  • Risk distribution with regard to
    • Vendor lock-ins (e.g. through migration opportunities)
    • Restrictions on availability
    • Compliance restrictions (e.g. due to the place of jurisdiction of the cloud service provider (CSP))
  • Reaction capability in terms of costs (not as a strategic driver),
  • Integration capability, integration complexity, and interoperability of cloud services in the company’s own IT landscape
  • CSP quality of service as regards
    • Availability
    • Security
    • Compliance
  • Support capability of the CSP in terms of
    • Automation and
    • Support with the connection between the cloud and the company’s network
    • Migration of applications to the cloud and
    • Use and integration of cloud services
    • Availability of cloud services in relevant geographical regions,
  • Support capability of the company’s own organization with regard to certain technologies and architectures that need to be considered when selecting a CSP
  • Feature portfolio – e.g.
    • Innovative cloud services (e.g. for artificial intelligence, Internet of Things, advanced analytics)
    • Transformation support (e.g. for migration services for servers and databases; for mass data transfer)
    • Security (e.g. key management, support with ensuring auditability; defending against attacks)
  • Expanded recruiting opportunities due to the broader range of services made available by the use of different CSPs
  • Availability of skills and an ecosystem for CSP on the market
  • CSP degree of maturity

Even though the multi-cloud approach involves using the services of different selected cloud service providers (CSPs), planning should not initially focus on being able to shift around applications easily. What’s more important is the ability to choose from among all selected CSPs the cloud services that offer your company the most added value. For example, a digital e-commerce initiative might require the use of a cloud platform designed for maximum scalability, while another initiative could involve transferring an extremely heavy analysis workload to a cloud platform developed especially to accommodate large storage pools.

The advantage offered by this multi-cloud or “best of the best” approach is that companies can utilize the innovative capability of each provider while also diversifying their risks. At the same time, the decision to use multiple providers should never be made on the basis of a single project. “Project-related decisions lead to a situation in which there is no structured incorporation of the CSP into the required cloud management processes, which in turn results in the creation of an uncontrolled component of the company’s IT system,” Oestrich explains.

Multi- cloud environments do have certain pitfalls, which in particular can affect the management of technological complexity, as well as data integration, accounting models, and data security, and this presents enterprise architects with new challenges. Consider DevOps, which require agile project management – i.e. efficient and close cooperation between development, operational, quality assurance, and security units.

In order to be able to manage the complexity of a multi-cloud strategy and overcome the associated challenges, enterprise architecture management (EAM) also needs to pay attention to the business benefits cloud services offer the company – rather than just focusing exclusively on technical aspects. Decisions must be reviewed regularly to determine whether they are compatible with the cloud strategy. Unlike the case with outsourcing, IT expertise absolutely has to remain within the company. At a minimum, this is required for the management of the CSP relationship, for integration, and for EAM, even if the company has no in-house application development unit.

The knowledge a company needs in order to be able to implement and utilize cloud services increases in line with the complexity of the solutions created with the CSP services. If only IaaS is to be used, less knowledge is required than is the case with PaaS, or if the entire portfolio of a CSP is to be used.

The use of SaaS has special implications for a company’s IT system. Many SaaS providers that have been on the market for a long time have not yet adapted their applications to the challenges posed by cloud integration and digitalization. Such applications are still geared toward outsourcing activities from the past and have monolithic architectures, which means that the individual business functions of a solution often cannot be accessed as services via dedicated APIs and that compartmentalized integration into the company’s IT system is not possible. In such a situation, it is also not possible to create open value chains in which IT support for the value chain is not under the control of a single company end-to-end but instead consists of the partial solutions or partial processes of a community of business partners.

When selecting SaaS providers, attention therefore needs to be paid to ensuring that business functions, data, and possibly also the user interface of a solution can be integrated into the processes used at the company. All criteria described for the selection of CSPs apply here as well. The risk of a vendor lock-in in the case of SaaS is generally viewed as being higher than the risk of the same with CSPs.

Because many companies now face the challenge of incorporating the services of various cloud providers into their IT systems in an ordered and scalable manner, it makes sense to compare how CBA Lab member companies are addressing these integration issues. The Cloud Guide III workstream white paper therefore examines the network and communication level, the application and service level, and the data level.

In the area of network security, for example, the majority of the member companies utilize one of two approaches – on-premises control or cloud control, whereby the choice depends on their IT strategy, their goals, and the capabilities of their cloud provider. Integration with large providers such as Azure from Microsoft or AWS is usually implemented using the cloud control approach, since not doing so would lead to too much network-automation potential being left unused.

With regard to the data level, the choice of the integration approach depends heavily on the degree of protection the data requires. By definition, there is of course no approach that can be used with data that absolutely may not leave the company. In terms of data with lower protection requirements, the options are full integration into the cloud, partial integration, and encrypted integration.

Conclusion reached in the white paper

Cloud providers are becoming more and more interchangeable in terms of the basic services they offer. Companies should therefore first define their strategy and then look for two cloud service providers whose strengths best fit that strategy. Proceeding in this manner also limits the number of integration approaches to be considered and used. Once again, the company strategy must be defined in advance if such a procedure is to be used successfully.

Download the white paper


Björn Oestrich, Workstream Coordinator

In the future, the decisive factor for ensuring the viability of a company will no longer be risk avoidance or risk prevention but instead adaptability.