How to excel in multicloud: The new checklist

Several years ago, I wrote a multicloud readiness checklist and discussed the advantages of hybrid multicloud. Today, the vast majority of medium-sized businesses and large enterprises diversify with multiple hyperscalers, operate private clouds, deploy to edge infrastructure, and manage data across a sprawl of SaaS, low-code, and other platform services.

The question today is not whether to support multicloud operations but how to excel at it. IT operations must deliver business value through agility, speed, efficiencies, cost savings, and risk reduction. Given these challenges, I asked experts how they and their teams are excelling in multicloud operations. The following checklist distills their best practices.

Communicate where multicloud provides business advantages

There are many reasons why businesses operate in multiple clouds. Understanding past decisions is important, but it is even more critical to communicate a vision statement of objectives and how new investments drive business advantages.

“The question isn’t whether companies are ready for multicloud; it’s whether they’re ready to compete against those already ahead because of it,” says Jon Alexander, SVP of product in cloud technology at Akamai. “AI is accelerating this divide, automating configurations and predicting infrastructure needs in ways that give multicloud-native companies an increasing advantage. What sets them apart is building on infrastructure that moves with the business, not against it.”

When communicating business advantages, provide metrics that quantify business value and create a narrative on the competitive impacts. Look for inspiration in the news, especially when strategic shifts in technical capabilities or a vendor’s business strategy help explain IT’s objectives.

“The Broadcom-VMware fallout shows what happens when critical infrastructure is locked into a single ecosystem,” says Sharad Kumar, entrepreneur and investor. “True multicloud readiness means designing for portability—not just for performance, but to protect against pricing shocks, licensing changes, and ecosystem consolidation.”

Other aspects of the vision statement and IT’s cloud operations plan should focus on business and compliance requirements.

“Multicloud is a response to constraints, such as data residency, mergers and acquisitions, or vendor lock-in avoidance,” says Jimmy Mesta, co-founder and CTO at RAD Security. “Technically, multicloud makes sense if your workloads demand it, for example, GPU-optimized regions, proximity to partners, or specific service availability.”

Checklist recommendations

Develop and update a cloudops vision statement, services roadmap, and operations review at least twice a year.

Establish a cloud center of excellence to define best practices and establish governance.

Align multicloud operations with genAI objectives

Most enterprise cloud strategies were developed before the generative AI era. A cornerstone of today’s multicloud strategy should focus on the enterprise’s objectives in generating business value from genAI and updated digital transformation strategies.

Nandakumar Sivaraman, SVP and chief architect of enterprise data at Bridgenext, notes that “AI/ML introduces new drivers for multicloud adoption.” It goes “beyond traditional resilience or lock-in avoidance to strategic access,” he says, “by enabling organizations to tap into specialized AI services, diverse foundation models, and region-specific data capabilities.”

“Every aspiring IT leader must consider how they will harness new technology, especially genAI, to drive innovation and create lasting impact within their organization,” says Michael Ameling, chief product officer of SAP Business Technology Platform and member of the extended board. “Overarching business success comes from leveraging emerging tools in the IT space to unlock value, fuel growth, and bolster efficiency.”

Checklist recommendations

Catalog and track genAI models from cloud providers such as AWS Bedrock, Azure OpenAI, and Google Vertex AI.

Review how AI agents from enterprise SaaS platform providers use zero ETL and other data integration strategies with hyperscalers and private cloud technologies.

Secure high-performing cloud-to-cloud networks

Some organizations may have stumbled into multicloud architectures with minimal architecture planning through mergers and acquisitions. Others opted for innovation, speed, or flexibility when defining cloud architectures rather than looking holistically at operations, performance, and security. One place to address gaps is in understanding cloud-to-cloud integrations and reviewing options to optimize networking.

“Most organizations use multiclouds, yet the ability to seamlessly and securely interconnect these environments remains a significant challenge,” says Bratin Saha, chief product and technology officer at DigitalOcean. “Cloud providers are increasingly offering native interconnect solutions to simplify secure, high-performance connectivity across multicloud environments, enabling customers to establish private connections across cloud providers or on-premise data centers.” By bypassing the public Internet, such solutions “enhance security, reduce latency, and optimize multicloud and hybrid-cloud networking,” he says.

Checklist recommendations

Evaluate dedicated cloud interconnect options such as AWS Direct Connect, Azure ExpressRoute, Google Cloud Interconnect, as well as partner colocation facilities and offerings from network service providers.

Design redundant network paths, end-to-end encryption, and network segmentation based on zero-trust principles to improve resiliency.

Unify identity management and security across clouds

Provisioning infrastructure and locking down access is far simpler for businesses that standardize on one cloud and perform little application development work. However, multicloud enterprises have devops teams modernizing applications, data science teams developing AI models, and business teams looking for integrated workflows. Centralizing identity, entitlements, and security monitoring is essential for organizations to avoid risks and to secure the full lifecycle, from development through production.

“Without federated identity, unified telemetry, and real-time policy enforcement, you’re flying blind,” says Mesta of RAD Security. “Architect for observability across cloud lines, including network, data, and identity, and automate least privilege across providers. Make sure your detection, incident response, and compliance workflows don’t break when an asset lives in the wrong cloud.”

Checklist recommendations

Centralize identity and access management across clouds.

Establish consistent security monitoring, logging, and threat detection across platforms.

Optimize work placement for performance, cost, and compliance

As of this writing, AWS has over 850 EC2 instance types. Azure has six types and 19 families, and Google Cloud has thousands of combinations of machine families, series, and types. Then, there are dedicated versus reserved instances, serverless computing options, and edge deployments to consider. These are all choices architects and IT engineers must consider when deploying applications and must optimize for performance, cost, compliance, and other considerations.

“A key driver of this evolution to hybrid and multicloud environments is the rise of edge functions, which enable code to run closer to end users via content delivery networks,” says Avishai Sharlin, division president of product and network at Amdocs. “Edge functions reduce latency and support real-time, location-based updates. For industries such as IoT, telecommunications, and media where low-latency performance is critical, these capabilities will foster faster innovation and more responsive services.”

Checklist recommendations

Develop work placement selection criteria around performance, cost, compliance, resilience, and innovation drivers.

Review where workload portability is required or advantageous and consider containerization, cloud-agnostic frameworks, and other abstraction layers.

Evolve a data governance strategy for genAI opportunities and risks

AI agents and private LLMs are forcing technology leaders to develop AI governance plans and evolve their data strategies. Multicloud enterprises need to create policies, integrations, and operations to ensure critical data is labeled, secured, and accessible to enable the development and deployment of AI capabilities.

“To demonstrate the effectiveness of data governance, security, and operations, track key performance indicators like the percentage of data covered by access policies, the reduction in data breach incidents, and the improvement in data accessibility for authorized users,” says Bart Koek, EMEA field CTO of Immuta. “These metrics illustrate business value by showcasing reduced risk, improved compliance, and enhanced data-driven decision-making, justifying further investment and fostering a data-centric culture.”

As the business demand for AI capabilities grows, organizations operating in multiple clouds should consider AI governance platforms, data fabrics, and data security posture management.

“Establishing an offensive security strategy through data and AI governance starts with real-time, continuous IT visibility,” says Tim Morris, chief security advisor at Tanium. “Enterprises should prioritize visibility into not just how these IT services are performing but also how and why they’re being used and who is using them through contextual data and metadata. This will give organizations a clearer view into the usage, effectiveness, and profitability of tools, leading to cost savings and investment in other technologies.”

Checklist recommendations

Ensure backup and disaster recovery strategies span across multicloud environments.

Classify data by sensitivity, residency, retention, and other confidentiality and privacy requirements.

Accelerate agile architecture practices

Consider the sizable gap between the hyperscaler infrastructure options and the technical debt and backlog of app modernizations facing many organizations. IT should adopt agile solution architecture practices and leverage genAI in app modernizations to avoid issues with lift and shift migrations.

“While enterprises rapidly adopt AI for development, operational management lags across SDLC, devops, ITSM, and IT operations,” says Vikram Murali, VP of application modernization and IT automation at IBM. “Teams struggle to manage complex applications with outdated tools, creating debt that undermines AI initiatives. GenAI can enhance automation and data interpretation, helping teams shift from reactive to predictive operations and reducing technical debt.”

Checklist recommendations

Create observability standards, feature flagging capabilities, and canary release strategies when migrating to cloud-native architectures.

Invest in automated and continuous testing on mission-critical applications and others with continuous deployment.

Establish finops as a core competency

Multicloud architectures have an inherent cost in procuring technologies and developing operations that span multiple networks, tools, and service providers. Multicloud strategies require finops practices to track costs and enable better decisions around performance tradeoffs.

“Integrating finops practices early in development can prevent cost debt accumulation,” says Ananth Kumar, leadership at ManageEngine. “To keep workload costs accountable, use right-sized environments, automated tagging, and usage alerts during the development and testing phases. This shift-left methodology guarantees scalable choices without causing unprecedented cloud expenditures in the future.”

Checklist recommendations

Forecast and measure each application’s typical versus peak usage periods to optimize infrastructure and automate autoscaling.

Monitor resources for inactivity and automate ramp-down to save costs and reduce carbon emissions.

Drive transformation in ITops with AIops

AIops is a critical capability in multicloud environments as it can correlate alerts and improve IT’s time to resolve incidents. Today’s applications are increasingly complex, with transactions that span many APIs, microservices, and SaaS endpoints.

The increased complexity makes managing service-level objectives challenging for SREs. Monitoring services and resolving incidents will become more important as organizations deploy AI agents and agents become integrated with standards like the Model Context Protocol.

As agentic AI continues to evolve, “AIops platforms will become increasingly autonomous, taking action rather than purely advising operators,” says Jonathan LaCour, CTO of Mission. “With the reduced operational load, IT engineers will be able to spend more time leveraging their most valuable capabilities—critical thinking, problem solving, and automation. By working in collaboration with AI, IT departments will be able to rapidly accelerate automation, including threat detection, cloud management, and day-to-day operational activities.”

Checklist recommendations

Deploy centralized monitoring of workloads, AIops capabilities, and automation with platforms that work across cloud providers.

Continuously improve the robustness of CI/CD pipelines, infrastructure as code, and container orchestration, especially on workloads hosted across multiple clouds.

Establish a learning culture that challenges assumptions

Many IT professionals will struggle to keep up with the rapid changes in cloud and AI capabilities, along with security and regulatory constraints. So, even though lifelong learning appears last on this checklist, it may be the most important requirement for organizations committed to digital transformation as a core competency.

“In order to be most effective with genAI capabilities, professionals working in operations roles must develop a mix of technical and analytical AI skills, including learning the basics of AI, machine learning, and deep learning,” says Anant Adya, EVP at Infosys Cobalt. “Organizations must continue to upskill their employees and provide a plethora of internal resources for ops professionals to understand better how AI can enhance their work.”

Checklist recommendations

Promote cross-functional collaboration between development, security, ITops, and finops.

Foster a learning culture through skill development, learning experiences, workshops, labs, hackathons, certifications, and gamification.

The new multicloud checklist

Multicloud has its advantages and challenges. IT leaders should take a proactive approach to defining IT’s strategy for delivering business impacts and standardizing on an approach that simplifies operations. The complete “Excelling in multicloud” checklist is a good place to start.

Develop and update a cloudops vision statement, services roadmap, and operations review at least twice a year.

Establish a cloud center of excellence to define best practices and establish governance.

Catalog and track genAI models from cloud providers such as AWS Bedrock, Azure OpenAI, and Google Vertex AI.

Review how AI agents from enterprise SaaS platform providers use zero ETL and other data integration strategies with hyperscalers and private cloud technologies.

Evaluate dedicated cloud interconnect options such as AWS Direct Connect, Azure ExpressRoute, Google Cloud Interconnect, as well as partner colocation facilities and offerings from network service providers.

Design redundant network paths, end-to-end encryption, and network segmentation based on zero-trust principles to improve resiliency.

Centralize identity and access management across clouds.

Establish consistent security monitoring, logging, and threat detection across platforms.

Develop work placement selection criteria around performance, cost, compliance, resilience, and innovation drivers.

Review where workload portability is required or advantageous and consider containerization, cloud-agnostic frameworks, and other abstraction layers.

Ensure backup and disaster recovery strategies span across multicloud environments.

Classify data by sensitivity, residency, retention, and other confidentiality and privacy requirements.

Create observability standards, feature flagging capabilities, and canary release strategies when migrating to cloud-native architectures.

Invest in automated and continuous testing on mission-critical applications and others with continuous deployment.

Forecast and measure each application’s typical versus peak usage periods to optimize infrastructure and automate autoscaling.

Monitor resources for inactivity and automate ramp-down to save costs and reduce carbon emissions.

Deploy centralized monitoring of workloads, AIops capabilities, and automation with platforms that work across cloud providers.

Continuously improve the robustness of CI/CD pipelines, infrastructure as code, and container orchestration, especially on workloads hosted across multiple clouds.

Promote cross-functional collaboration between development, security, ITops, and finops.

Foster a learning culture through skill development, learning experiences, workshops, labs, hackathons, certifications, and gamification.