The difficulty of scaling a Frankencloud

Let’s talk about the cloud (because who isn’t?). Over the last several years, we’ve seen cloud adoption skyrocket as organizations work to find the most efficient and cost-effective way of operating their business. Whether the cloud environment be public, private, hybrid or multi-cloud, this worldwide growth has led to a steady increase in available cloud services, their providers, and configurations.

Back in 2019, 81% of public cloud users reported using two or more providers (pre-pandemic, so you can imagine how much that number has grown), and while the benefits of cloud use far outweigh the risk, it can come with some glaring challenges as you try to grow your business.

As a small organization, running a handful of services and applications, and deploying workloads all with a single cloud provider makes cloud management seem simple. But the story is very different for a growing enterprise with assets and workloads across multiple cloud providers, complex data lakes, services hosted in various geolocations, and an array of tools that don’t offer support for every piece of your cloud estate.

This complicated cloud amalgamation (Frankencloud, if you will) is often a result of initial cost efficiency or acquisition, but whatever the case, scaling that convoluted architecture as your business evolves is hard.

Cloud scaling challenges

When your business started, the idea of cloud adoption was an easy one to wrap your head around. It’d simplify a number of your business processes, increase data accessibility, improve efficiency, and reduce overall operational costs. In theory, cloud computing would make scaling your organization as it grew much easier. And it did!

But, alas, the ease has passed since your business took off. You now have a multitude of cloud instances running services and workloads across three major providers in an attempt to cut costs and avoid vendor lock-in, acquired a small firm using a private cloud hosted in the EU with new regulations to adhere to, and have more tools to help manage it all than you can count on two hands. Simply put, it’s gotten overwhelming and now you’re trying to figure out how to scale up.

The fact of the matter is, the more complex your environment gets, the more difficult scaling is going to be. Let’s take a look at some of these challenges and what they could mean for your business.

Configuring your Frankencloud across providers

Configuration for your applications, infrastructure and workloads are not going to be the same across cloud providers. Each provider has its own way of provisioning, deploying, and managing instances, and it’s your responsibility to ensure the correct configuration of your resources.

It can be tempting to rush through the configuration process (because going through the motions multiple times takes ages and you have a million other things to do), but it’s endlessly important to make sure you’ve configured your resources correctly and are rechecking them frequently as things change to avoid compliance and security risks.

A misconfiguration could mean non-compliance associated with regulatory fines or, heaven forbid, a security breach, and scaling too quickly without keeping your configurations in check could cost you. Like, a lot.

According to IBM’s Cost of a Data Breach Report 2021, the more complex your environment is and the more you’re failing compliance checks, the more likely you are to pay up to $2.3M more in the event of a breach.

This brings me to the next challenge of…

Securing your Frankencloud

With the Shared Responsibility Model largely leaving the onus on the customer to secure their own cloud environment, there’s not a whole lot that comes built in to work with. This means that hardening your environment, implementing security controls, refining privileges and identities, and identifying and remediating vulnerabilities are now consistently at the top of your cloud scaling to-do list. And since the responsibilities vary for each provider, you must figure out what’s required for each provider.

There are guidelines to help you achieve some of this on your own, like the AWS Well-Architected Framework Security Pillar or CIS Benchmarks, and a plethora of cloud security vendors ready to help you pick up the slack, but the trouble is rolling out these security measures for your entire cloud estate in a way that ensures complete coverage from end-to-end.

This is especially challenging because very few cloud security vendors offer support for multiple cloud providers, and the ones that do often have a very limited toolset designed for a particular use case. This has resulted in security teams compiling several tools between multiple security vendors in an attempt to cover all the bases (FrankenSec?), but these disconnected and siloed systems typically do not integrate and can only deliver pieces of their whole cloud security picture, leaving blind spots.

The blind spots between solutions can allow threat detection signals to go unnoticed because related security events could be happening in two different systems, but the disconnected security solutions aren’t able to correlate them as suspicious. In this case, the only way to discover the events are related is to manually triage every detection across each system and discover their connection yourself. But between the volume of detections you may receive (a number of them being false positives) and the increasing problem with alert fatigue, the margin for error is quite high and you may still miss it anyway.

Observing your Frankencloud

Similarly, with securing your Frankencloud, getting full visibility of your entire cloud estate is a major challenge. You’re faced with the same difficulty of disparate solutions that leave you with an incomplete picture of your cloud environments and resources.

Without complete visibility into where your cloud data is, which applications interact with which services, and who has access to what, you could be oblivious to misconfigurations, threats, overspending and non-compliant policies.

Understanding how different resources, identities and services interact with one another helps you to prioritize configuration fixes, control privilege escalation, and perform audits, ultimately improving resource performance and reducing security risk. The larger your cloud estate gets with gaps in visibility, the harder it’s going to be to do those things effectively.

Summary: Scaling your cloud creation

Your Frankenstein cloud creation has made scaling a bit of a nightmare (pun intended), but you’re not alone. While no two cloud environments look the same, these challenges are faced by any organization operating in a complex cloud environment. You can find some comfort in knowing that it’s probably not a result of anything you’re doing inherently wrong.

To scale a complex cloud environment effectively without creating new headaches for yourself down the road, you’ll need to be able to:

  • Monitor everything that’s going on across cloud providers, including asset relationships and privilege allocation.
  • Ensure end-to-end security with no blind spots from disconnected tool sets.
  • Discover misconfigurations as you evolve to avoid compliance failures and vulnerabilities.

Having a single, unified solution that can help you address these challenges all in one place will largely reduce the amount of time, overhead and stress that accompany a complicated cloud scaling project.