Multi-cloud? What it really means?  Is it really another approach towards risk segregation towards ensuring resilient IT infrastructure? We have seen a lot over last few decade. How IT evolved and we realised that enough is not enough. And indeed, data has been never got so important role to play. It used to be one of the factors and now we see in every walk of business it has become the core and is driver of the business decisions and organisation goals and objectives.

Prevailing wave of the Data protection laws, and Privacy laws being framed by almost all the nations globally this going to shape up the business prerequisites and our IT infra should be aligned and well architected to meet the requirements when it comes to operations.

Going Multi-cloud is obvious; however, the challenge is how to choose the right set of cloud vendor what are the parameters we should look for? Does the biggest player in industry is right fit for my business? Does regional presence matters? Lot of questions which gets floored.

Answer is Yes, we must be open to opt multi-cloud and should focus on the following pointers while choosing our cloud service providers CSPs.

  1. Data Privacy and Regulatory Requirements: Data Privacy requirement is very specific to our nature of business, type of data we handle/manage/process/own or are custodian of. The geography we are present at and what are law of land around it. It has been covering the all the aspects and where the data is being fetched from, being processed at, stored at. Also, there are different set of regulation towards data crossing the international boundaries. Data localisation has been one of major clause which impacts this decision making. Also, geo-political influencers e.g. (Russia-Ukraine war) countries which are banned. Bilateral political/trade/preferential agreements countries may have.


  1. Best of BreedTechnology/Service/Support/Uptime History/Outreach/Expanse While choosing cloud vendors we must consider the technological architecture of the cloud service providers and organisations appetite to identify a right match. What are service offerings, and which are advantageous proposition compared to other players. How the services being delivered, how is support availability, and clear and transparent escalation matrix. What has been the history of the vendor, how many outages they have faced, how resilient they are and how reliable. Do they have strong presence in the geographies where the organisation is operating? As every vendor has some regions either left or just a single edge in the region. Here it is very important to consider their upcoming locations availability zones in the region of operations.
  2. Potential Cost Benefit – Different Pricing models, one size doesn’t fit all, tenancy vs/compute-based billing. There are different pricing models, and it appears deceptive at times the pricing terminologies so it must be sized and assessed appropriately in terms of utilisation as always pay as you go may not be the right fit. Instead, it must be based on other factors in terms of overall utilisation, uptime required, pattern of traffic etc.
  3. Risk Diversification: This is one of the factors which makes it vital and increases the sustainability and resiliency of the business. It is and age-old saying don’t put all your eggs in one basket. Same applies here and with the incidents/outages we have seen in recent past it makes us realise the if there is cloud then there is possibility of cloudburst. Hence it is always better to be multi-cloud to ensure businesses are always sustaining and resilient. Another facet of it can be associated to geo-political situations as well.
  4. Ease of Administration/management/support/skill/resource availability: This is one of the prime factors as we see acute shortage in skilled resources in our industry and it is widening every passing day. As result of that while choosing a cloud service provider we must analyse what is the availability of resources also, how can we train resources quickly to manage and support the delivery and operations.
  5. Vendor Selection: Picking right services from right vendor based on their capabilities and strength. When we think about multi-cloud strategy the thought process has to be result driven and best suited for a specific use case and different vendors can be chosen to provide SAAS, IAAS, PAAS, DRaaS, BackUpaaS, SECaaS, FWaaS Compute, logging, storage etc to name a few.
  6. Cloud Management: Cloud management is not primarily the Management of Cloud infra but the CSPs and in accordance with the compliance frameworks and responsibility matrix.
  7. Optimal outcome: To carve out the optimal outcome from the cloud investment it very important stay with the basics and implement the policies of role-based access which grants access to the required resources from anywhere at the same time restricts unwanted browsing of stuffs which may result in unknowing data exposure/spillage. Vendors need to be compliant with the different industry standards organisation is following and must have their offering well attested for Service organisation Controls according to applicability.


  1. Managing Data Protection and Privacy: Data Protection and Privacy Laws of different geographies of operations needs to take into consideration to meet the legal requirements and compliance adherence.
  2. Avoid Vendor Lock in – Vendor agnostic multicloud development strategy for the developers helps developing a solution which can be deployed in any cloud across platforms. This makes the solution portable and easy moving also organisation can always leverage the benefit of easy migration and lower OPEX considering the cloud vendor keep giving discounts in new regions and acquisitions from rivals.10449346678?profile=RESIZE_400x
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)