The Post-Pandemic Cloud
As enterprises look towards their post-pandemic futures, is the cloud still the central pillar onto which their IT infrastructure is built, or is the cloud also changing to meet the new digital transformation challenges businesses now face?
According to ForgeRock, an estimated 45% of IT spending will shift to the cloud by 2024. However, with the research also indicates that over 80% of CIOs stated they had yet to achieve all their goals with their cloud migration. What does this mean for the future development of hosted services?
As businesses re-draw their digital transformation roadmaps in the wake of COVID-19, what part cloud service play is being scrutinised. Cost savings and efficiency gains are often the twin drivers, but are enterprising fully embracing the opportunities that today’s cloud services can offer?
It’s a question at the board level as business leaders define how their organisations will operate in the future, what this means for workforces, and how next-generation customer services will be delivered.
The increased use of cloud services, mainly in a rush to support mass remote working, did mean that, in some instances, digital security could have been more robust. Today, enterprises are much more focused on this aspect of their cloud deployments. Indeed, Venafi concluded that 81% of organisations had experienced a cloud-related security incident over the last 12 months, with almost half (45%) suffering at least four incidents.
Also, the study investigated how responsibility for securing cloud-based applications is currently assigned across internal teams. This varies widely across organisations, with enterprise security teams (25%) the most likely to manage app security in the cloud, followed by operations teams responsible for cloud infrastructure (23%), a collaborative effort shared between multiple teams (22%), developers writing cloud applications (16%) and DevSecOps teams (10%). However, the number of security incidents indicates that none of these models effectively reduce security incidents.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, commented: “Security teams want to collaborate and share responsibility with the developers who are cloud experts, but all too often, they’re left out of cloud security decisions.”
Bocek continued: “Developers are making cloud-native tooling and architecture decisions that decide approaches to security without involving security teams. And now we can see the results of that approach: security incidents in the cloud are rapidly growing. We need to reset the approach to cloud security and create consistent, observable, controllable security services across clouds and applications. Architecting in a control plane for machine identity is a perfect example a new security model created specifically for cloud computing. This approach embeds security into developer processes and allows security teams to protect the business without slowing down engineers.”
Speaking to Silicon UK, James Sturrock, Director of Systems Engineering, Nutanix, explained: “Companies across the board are becoming a lot more cloud savvy and seeking to make IT infrastructure fit their applications rather than the other way round. For most, that means a hybrid multi-cloud approach combining services across a mix of public and private cloud platforms, often from multiple vendors. Indeed, according to the Nutanix-sponsored Enterprise Cloud Index (published at the end of 2021), hybrid multi-cloud is now the model of choice for more than a third (36%) of all companies already, with adoption expected to nearly double in the next three years.”
The trend to create hybrid multi-cloud strategies will continue. Cloud sprawl is, however, a clear and present danger to efficiency and cost reductions. In addition, many organisations have cloud services from multiple vendors, which sometimes creates an unwieldy infrastructure that must be addressed.
Also, the shift to create, deploy and maintain cloud-native architectures is predicted to continue apace. Gartner predicts that, by 2023, 70% of global organisations will be running more than two containerised applications in production – up from less than 20% in 2019. And IDC predicts that 95% of new microservices will be deployed in containers by 2021.
Commenting, Jaret Chiles, Global Vice President, Client Services DoiT International, stated: “The move to containers is mirroring, to a certain extent, some of the original mishaps companies made when moving to the cloud. Organisations are moving to containers at an accelerated pace because they understand in principle it can be a good thing, but they are not all taking the time to understand what problem they are solving and the outcomes they will measure against. Containers are a good solution for the right use cases. However, for businesses looking to deploy containers, I’d recommend they work with experts that can help make sure they’re doing it the right way, and for the right reasons.”
“The most obvious shift was a surge in companies looking to the cloud to either kick start or increase their support for flexible working using a mix of virtual desktop technologies and cloud-hosted services from the likes of Microsoft, Google, Zoom and others,” says Nutanix’s James Sturrock. “Over half (61%) of respondents to the Nutanix sponsored Enterprise Cloud Index said flexible working continued to be their focus but, beyond that, companies are also looking to the cloud to make IT more agile and responsive in the face of other challenges, such as escalating energy costs and geopolitical uncertainties. For these too, a multi-cloud approach is seen as the best way forward.”
In addition, Pamela Napier, Senior Manager of Cloud for the UK and Ireland at Veeam, also explained to Silicon UK: “The growth of containerised applications doesn’t surprise me. We’re seeing enterprises increasingly adopt a cloud-native approach to develop and scale-up applications, so this naturally means that containers and Kubernetes will play a crucial role in managing growing complexities and enabling workloads to be deployed in multi-cloud environments.
“However, a survey of DevOps professionals recently found that 94% of businesses experienced at least one Kubernetes security incident in the past year, and 59% consider security to be their biggest concern when it comes to using Kubernetes and containers. According to Veeam’s Data Protection Trends Report 2022, 65% of UKI firms are already running containers in production, with 29% planning to do so in the next 12 months, so exposures look set to rise. Therefore, I’m conscious that basic principles like security and Modern Data Protection must evolve with the growth of containers to make the best use of their benefits.
“We have lots of platforms available to us, so workloads and data can and do exist across many different locations. The ability to bring mobility to that workload, move workloads and data from one platform, cloud, or Kubernetes cluster to another depends upon data being protected throughout the ecosystem. This will likely mean that we’ll see greater adoption of Zero Trust security approaches, as well as backup and recovery applications designed especially for these uses. Of course, this is quite new: the ‘modern’ in Modern Data Protection if you like. Education, awareness, and training around containers and how to ensure the integrity of the data running across them is vital. There are several free resources out there that can help, such as the ‘90 Days of DevOps’ blog.”
A hosted future
All businesses will continue evolving their cloud services based on the strategic planning they are carrying out. The need to become massively agile businesses, manage dispersed workforces and deliver world-class digital experiences to every customer touchpoint all require cloud services.
“MSEs (medium-sized enterprises) are shifting investments and even increasing budgets to fund their top technology priorities,” said Mike Cisek, VP Analyst at Gartner. “However, the accelerated rate of change in security, infrastructure, applications and cloud ecosystems complicates the selection of new tools, requiring MSE technology leaders to rapidly operationalise investments to deliver time to value.”
Richard Hotchkin, Director of Cloud Infrastructure Product Management at Aptum Technologies, explained to Silicon UK: “We are seeing, and have for a while, the effects of accelerated digital transformations on organisations’ workloads. The pandemic caused businesses to rush to the cloud due to the rise in remote work, which meant there was little time for the essential upfront strategizing and planning. In fact, our annual Cloud Impact Study earlier this year reported that only 20% of respondents conducted a holistic strategy before beginning their cloud journey.
“The results, for those who did attempt some planning, was a fragmented approach misaligned with the ‘how’ of moving to the cloud. This lack of an overarching strategy is the leading cause of cloud integration struggles and other key cloud issues.
“And the lack of internal expertise and skills to properly manage and understand cloud deployments further compounds the challenges being faced. There are massive shortages of skills within the tech sector, particularly in the cloud space. Businesses are now seeking to correct their previous mistakes by bringing in the help of managed hosting providers to rectify and optimise cloud deployments. As technology evolves and choice increases, it is this expertise that will help them get it right the first time.”
In January 2019-December 2021 (“pre-COVID pandemic”) period, 36% of organisations described their approach to IT infrastructure as ‘cloud first’, with only 19% stating their organisation was officially committed to a ‘cloud-only’ approach, concluded research from Leaseweb. From January 2022 onwards, the (post-COVID pandemic) period, ‘cloud first’ commitments had decreased to 31%, with ‘cloud only’ rising to 25% of respondents.
When asked about the optimum IT infrastructure for their organisation, the most popular selections were the private cloud only (23%) and a mixture of on-premise and public cloud (20%). These were followed by public cloud only (17%) and a mixture of on-premises and private cloud (14%), with on-premises only the least popular selection at 7%.
The move away from on-premise legacy infrastructure is clear, with two-thirds (66%) of respondents agreeing that the industry will see the end of on-premise infrastructure over the next two years. The research results indicate that while on-premises is not an essential part of IT strategy, it still exists within many organisations’ environments.
The positive news is that this does not appear to be stifling innovation: only 16% of respondents said that legacy infrastructure was either standing in the way of further cloud adoption or limiting their organisation’s ability to make business decisions. Instead, the focus is on deploying applications in the right place, with a key takeaway from the study being that the end of on-premises infrastructure may be approaching but not quite there.
“The results of this study strengthen the case for hybrid combinations thanks to the flexibility and choice it can deliver to both large and small companies,” commented Terry Storrar, Managing Director UK at Leaseweb. “And much as there has been a shift towards cloud adoption, rather than highlighting the pandemic as a key driver of a shift to the cloud, it appears that businesses were investing in cloud beforehand and that investment levels have remained relatively static,” continued Storrar.
Cloud services are moving through a period of change as the enterprises that use them also evolve into new businesses. The hybrid approach is still the most efficient approach for most companies. Complex multi-vendor deployments also show weaknesses as businesses shift into higher development gear. The future of the cloud is leaner targeted services that enable organisations to embrace headless, microservice, API-enabled development strategies.