Hybrid multi-cloud is a mess to clean up, not an innovation to excite

Long before the comms

"one of them misses out on an important piece of security or governance and suddenly you’re asking the PR team to implement its crisis comms plan"

Long before that you should have been implementing a crisis prevention plan to avoid the need for "crisis comms". I'm wondering where the incredibly dumb idea that a third party service provider will ensure your security without your intervention came from. However I suppose the source was the same as the prevalent view that the fundamental axioms of probability have no bearing on infosec risk assessment -- a lack of enthusiasm for taking personal responsibility for anything that might backfire.

Adequate infosec is at least as much a matter of attitude as it is of technologies.

I seem to recall writing this same article 15 years ago....

We Did This Already

"The cloud" is nothing more than a server farm. We did this already back in the '90's. The only difference is it's someone else's server farm.

Meanwhile, the mainframe humming along quietly in corner of the room is still running the world.

One of the fundamental duties of a solutions architect is to control the technical complexity. If you don't instead of getting pools of expertise and pockets of ignorance you mostly get pools of ignorance.

Hybrid cloud means there is more than one thing but different enough to require more knowledge as to how to secure, maintain and develop in it.

Forget egress charges. Even if horrendous it pales into insignificance next to the duplication of effort required for the extra staff and staff time to look after it.

CFO Long pockets is going to hate waiting for their staff to produce a cost for cloud report.

The quarterly visit from the auditors, what fun. If you automate the collation of information for the auditors in one cloud then you'll have to do it all over again but differently in another because the mechanisms for doing so are different.

Let's suppose you've gone multicloud for the shiny-shiny. All the gear and no idea! How does that translate into better customer experience, retention and sales?

Multicloud means multi feudal kingdoms.

Basically multicloud is a massive CTO egowank

Good article, broadly agree with the premise.

There are a couple of legit use cases for deliberately not going entirely all in on a single cloud vendor. One is uptime monitoring: if I'm hosting websites on AWS, it would be a good idea to use a non-AWS vendor to monitor their uptime. That way I'm less at risk of common cause failures (like big problems across all of AWS) that take out both my websites and the services that monitor them, at the same time.

One small nitpick about this specific paragraph:

> Public cloud wasn’t for everyone, or every workload, but it was undoubtedly a welcome innovation and alternative. Few adopted it begrudgingly.

Quite a lot of people begrudge it intensely. It seems that they all hang out here, on The Register's comments section. ;)