F5 CLOUD SOLUTIONS

MULTI-CLOUDTHE GOOD, THE BAD, AND THE UGLY

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

2

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

INTRODUCTION

1 https://interact.f5.com/2018_SOAD.html

87%OF ENTERPRISE ORGANIZATIONS SAY THEY OPERATE IN MULTIPLE CLOUD ENVIRONMENTS.

WHILE MULTI-CLOUD OFFERS UNDENIABLE BENEFITS OF SPEED AND SCALABILITY, IT ALSO COMES WITH SOME DOWNSIDES.

It’s a multi-cloud world, according to the F5 State of Application Delivery 2018 survey. Eighty-seven percent of enterprise organizations say they operate in multiple cloud environments and plan to continue to do so.1 As cloud platforms further evolve and offer more robust services, organizations find themselves selecting the best provider for each application or category of applications, which means they have apps in several clouds. In other cases, multi-cloud deployments are less a matter of strategic planning than acceptance of reality. Acquisitions, mergers, side projects, and management decisions to let developers choose their own tools and environments all lead to a proliferation of cloud providers and unique configurations within those environments.

While multi-cloud offers undeniable benefits of speed and scalability, it also comes with some downsides, including architectural complexity and lack of consistent application services across

platforms. It’s clear that multi-cloud is here to stay, so let’s take a look at the good, the bad, and the ugly of this brave new world—and then review some tips on how you can make multi-cloud work best for your business.

It’s clear that multi-cloud is here to stay, so let’s take a look at the good, bad, and ugly of this brave new world.

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

3

THE GOODMulti-cloud architectures offer significant business benefits.

ACCESS TO INNOVATION

FLEXIBILITY

TIME TO SERVICE

COST CONTROL

The major cloud providers are competing among themselves to provide services around machine learning, artificial intelligence, database management, voice control, serverless computing, and more. These services enable powerful new solutions and customer care models, which can directly contribute to business revenue. Allowing developers to select the best solution for their project regardless of provider increases the potential for innovation.

Supporting multiple cloud environments gives developers the flexibility to select the tools, features, and workflow they need, when they need it—instead of forcing them to adapt to a corporate model.

Some applications and work processes are easier to move to specific environments. For example, organizations can speed deployment and streamline management by moving Microsoft-based apps to Azure.

Cost models vary among providers. The ability to select the most appropriate provider for specific applications can yield significant savings.

4

Every environment increases the breadth of your threat landscape. While cloud providers do a good (often better than most organizations) job of securing the underlying infrastructure, attack vectors are not limited to infrastructure. According to the 2017 Verizon Data Breach Investigations Report, the leading cause of data breaches was web application attacks.2 Exposing your public IP across each cloud provider—each with different levels of application protection and features, different ways to deploy rule sets, and different policies—increases the risk of attackers getting to your most important asset: your data. Providing consistency and avoiding human error leading to misconfigured policies is challenging. Ultimately, customers are responsible for securing the applications that run in each of the cloud platforms they leverage.

THE BADThere are drawbacks to supporting multiple cloud platforms. For some organizations, the negatives are strong enough to standardize (or attempt to standardize) on a single provider. Most organizations, however, simply need to understand the negatives within the context of their application and cloud strategies and create a plan to mitigate.

2 http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/

Every cloud environment is managed differently, each with its own set of APIs, management consoles, and tools to monitor and log the health of applications and perform updates. Getting a holistic view of your applications’ health and security across clouds can be challenging. Security is complicated due to inconsistent or out-of-date policies that have to be updated on different enforcement engines. Having numerous security controls also adds operational burden on SecOps having to learn, understand, implement, and monitor each set of controls. Moving apps between cloud providers to take advantage of differing cost models becomes even more challenging. Also, the gaps in security controls and implementations complicate compliance and audits due to having to rationalize the differences.

The more services you build in different environments, the more specific domain expertise you must acquire and maintain.

SECURITY CONCERNS

OPERATIONAL COMPLEXITY

SKILL SET GAPS

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

5

The truth is that moving workloads to the cloud and embracing DevOps practices impacts far more than IT budgets. Organizations need to find ways to break down organizational silos, automate manual processes, and become service providers rather than ticket takers for their organizations. For large organizations with decades of entrenched processes and technical debt, this is a difficult and messy transition.

Many IT leaders will tell you that technology is not their biggest challenge; culture and skills take the top spots. Experienced IT operations professionals need to update their skills to learn not just cloud environments but automation tools and DevOps practices. The more environments and tools your organization supports, the more complex the challenge. On top of that is the reality that skilled IT professionals with DevOps and automation skills are in high demand, increasing turnover and costs.

THE UGLY

THE MORE ENVIRONMENTS AND TOOLS YOUR ORGANIZATION SUPPORTS, THE MORE COMPLEX THE CHALLENGE.

6

In the face of these challenges, organizations need to focus on the things they can control. From a tools perspective, that means standardizing wherever possible. Getting the balance right is tricky. Standardize too much and you lose flexibility. Standardize too little and operational agility becomes operational chaos. The upfront effort involved in making these changes will pay dividends for years. Automation is key to scale and automation requires standardization.

So, what should you standardize on? F5 application services can be deployed in every cloud consistently. These services include advanced security, intelligent traffic management, analytics, and easy-to-deploy per-app policies. The F5 BIG-IP platform is available in every major cloud provider—AWS, Azure, Google Cloud Platform, OpenStack and IBM—and in purpose-built hardware for on-premises and colocation data centers. That means that the proven F5 application services businesses rely on in the data center are all replicated in the cloud. Standardization on F5 application services not only ensures consistent security, performance, and availability; it simplifies training and improves manageability, visibility, and control.

ADVANCED SECURITYF5 Advanced Web Application Firewall (WAF) protects against the latest automated web attacks via bots, account takeover via credential-stealing malware, and L7 DDoS. The F5 centralized access control and federated identity management solution provides single sign-on, simplifies and consolidates your authentication infrastructure, and prevents fraudulent access to your applications. WAF and access policies can be replicated across environments, which means you can define and manage your policies once and enforce them everywhere.

INTELLIGENT TRAFFIC MANAGEMENTEnsure the availability and performance of your traditional and cloud-native apps with advanced load balancing methods and protocol support, granular local and global traffic redirection, TCP optimization, visibility and control of encrypted traffic, and high-speed DNS caching/resolving.

PROGRAMMABILITY AND API-DRIVEN INTEGRATIONSZero-day security threats, application vulnerabilities, and network issues can come out of nowhere to threaten your applications’ performance, security, and availability. Organizations that standardize on BIG-IP have access to powerful real-time mitigation options, enabling you to keep your application running in a crisis while solving the underlying issue over time. This is because the full-proxy architecture of the BIG-IP platform enables operators to inspect and make changes to the network traffic before it reaches the application or as it leaves the application. Integration with external third-party tools and orchestration systems, private and public cloud, container platforms is accomplished through REST APIs, SDKs, and dedicated connectors/plug-ins, all supported by F5.

GETTING THE MOST OUT OF YOUR CLOUD INVESTMENTS

STANDARDIZATION NOT ONLY ENSURES CONSISTENT SECURITY, PERFORMANCE, AND AVAILABILITY; IT ALSO SIMPLIFIES TRAINING AND IMPROVES MANAGEABILITY, VISIBILITY, AND CONTROL.

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

7

In the face of all the challenges presented by the accelerating pace of application development and ever-expanding options for deployment, IT organizations are changing how they deliver services. Traditional manual approaches are simply too slow to keep up. Yet, when application teams attempt to circumvent IT in order to speed up deployment, security, performance, and long-term manageability suffer.

To get the most out of your multi-cloud deployments, you need to fundamentally rethink how you deliver the right application services that meet current and future needs, consistently across every cloud. Standardization is key. If too much is changing too quickly, start with standardization. As your organization evolves, you will be better positioned to take the next step in making those standardized services accessible to developers through the automation toolchains they rely on.

CONCLUSION

TO GET THE MOST OUT OF YOUR MULTI-CLOUD DEPLOYMENTS, YOU NEED TO FUNDAMENTALLY RETHINK HOW YOU DELIVER THE RIGHT APPLICATION SERVICES THAT MEET CURRENT AND FUTURE NEEDS,

MULTI-CLOUD: THE GOOD, THE BAD, AND THE UGLY

To help customers navigate these changes, F5 has developed free, lab-based training that we continue to test and improve through hundreds of customer engagements. The Super-NetOps training program teaches NetOps professionals how to define and build a declarative service catalog, and deliver those

services in a continuous delivery and deployment pipeline. Ultimately, the efficiencies you gain will enable you to focus less on IT constraints—and more on developing and delivering innovative products and services that drive the business forward.

SUPER-NETOPS TRAINING PROGRAM

LEARN MORE ABOUT SUPER-NETOPS AT F5.COM/MULTICLOUD.

With cloud, the options have multiplied and so has the complexity. Ensuring every app works flawlessly in every environment is a big ask. You need to scale, you need consistent security, you need to automate and simplify operations to do it faster. You need to move

apps freely between clouds with consistent services. You need the freedom to deliver any app, anywhere with confidence.

To learn more, visit f5.com/multicloud.

UNLEASH YOUR APPS WITH MULTI-CLOUD FREEDOM

US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 | 888-882-4447 // Americas: info@f5.com // Asia-Pacific: apacinfo@f5.com // Europe/Middle East/Africa: emeainfo@f5.com // Japan: f5j-info@f5.com ©2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the irrespective owners with no endorsement or affiliation, expressed or implied, claimed by F5. EBOOK-CLOUD-200680426 | 3.18