Cloud computing continues to dominate the tech landscape. It remains the answer to just about every technical and business problem you can think of. Need to get to market faster? Adopt cloud! Need to scale to realize business growth? Adopt cloud! Need to pivot quicker in response to changing markets? Adopt cloud? Want healthier hair? Adopt cloud!
Alright, maybe not that last one, but the reality is that for the most part we’re inundated with how cloud can help business and IT respond to just about every business challenge out there. And while there’s certainly truth in cloud computing’s ability to assist in your digital transformation efforts, those who’ve led the charge are experiencing challenges. Our 2017 State of Application Delivery report uncovered a variety of them, as well as those that may still lurk in the dark corners of IT waiting to rear their ugly heads.
This shouldn’t be a surprise, but organizations are far more generous when it comes to defining and using “cloud” computing. We offered up six distinct models of cloud computing and found that every one was in use by respondents. Overwhelmingly, private (on-premises) cloud was the model of choice, but other private – and public – models were certainly well-represented. On average, organizations had adopted 1.8 different cloud models. Note this isn’t the number of cloud providers in use; just its model. We know most organizations use quite a few SaaS applications, but it’s only one model among many others.
While a slim majority (55%) were using only one model, 36% have adopted 2-3 different models, and 10% of the over 2100 respondents were using four or more different cloud models in their organization.
When we asked about challenges organizations might be facing, a general theme of “consistency” rose to the top. For some it was consistency of application performance, for others it was security policies. Identity management, too, remains a challenge for one in four respondents operating in a multi-cloud environment. And just about the same number of folks (27%) are facing issues with taming the operational discord inherent in managing multi-cloud.
At the top of these four challenges with consistency was security. This is not the general security cry of a decade ago, but rather that of a more mature, experienced set of adopters who recognize the issue isn’t that cloud fails at security but rather that it’s unable to provide consistent security.
This inconsistency arises from security service dissonance across a multi-cloud environment. Security services might be readily available from cloud providers and the marketplace, but policy implementation varies from that of on-premises services, making it difficult for adopters to achieve parity and confidence in the effectiveness of those policies.
This challenge was cited by one in three respondents, making it the top challenge adopters face as they move forward with their multi-cloud plans. It’s a challenge made even more frustrating by a talent shortage that leaves both information security and cloud computing roles unfilled in many organizations.
The dearth of information security talent is well-publicized. Any number of articles and blogs on the topic have been written for years, now, on what is a serious issue for the security industry. And it doesn’t appear to have gotten better in the past year. In 2016, 34% of respondents to our survey cited “lack of skills” as one of the top security challenges they faced. In 2017? Again, 34% say lack of skills is still a significant challenge.
Add that to the 29% who cited lack of readily available expertise as a significant obstacle in their multi-cloud journey, and we may have found an explanation as to why so many organizations are focusing time and money on their private, on-premises cloud deployments.
Filling these two holes in the cloud are critical, particularly when it comes to security. Because not only are organizations maturing in their use of cloud computing, they’ve also developed a clear set of requirements with respect to specific security needs for cloud adoption.
No one reasonably today worries about the innate security of public cloud environments. Organizations have long passed over those concerns and today their needs and requirements are more specific and clearly indicate a well-thought out strategy that covers everything from networking to applications.
Still, the number one security “capability” respondents cite as being important to cloud adoption isn’t even a security capability, it’s consistency. Security and audit parity with on-premises services and policies ranked number one on the list. Encryption of data at rest (40%) and in-flight (37%) fell to number two and three in this year’s survey.
I have to pause here and note that 11% of those who said encryption of data in-flight was important to cloud adoption had no plans to implement SSL everywhere. Now, that’s not saying they weren’t implementing SSL “some of the where”, but it was interesting that they weren’t “all in” on the idea even though they declare it as important for cloud adoption.
It’s also interesting to note that security has vaulted to the top of the list of “would not deploy an app without”. Over three years we’ve watched as security has climbed to the number one spot and I suspect that it’s going to be difficult for other app service categories (performance, identity, availability, and mobility) to take over any time soon.
Cloud is not going away, and multi-cloud is definitely the target destination for most organizations today. What remains is the journey to get there, and it’s got some speed bumps along the way that are impeding – though not preventing – the move toward a fully multi-cloud world.
Feel free to peruse the data in slide format on SlideShare.