Survey: Multicloud Security Next Big Challenge
By Michael Vizard
IT organizations are starting to appreciate the complexity of the cybersecurity challenges they now face as they employ multiple clouds. A global survey of 127 IT and business professionals conducted by the Business Performance Innovation (BPI) Network, an organization of IT professionals.
in collaboration with A10 Networks, a provider of on-premises and cloud security hardware and software, finds roughly two-thirds of companies have now deployed enterprise applications across two or more public clouds, with 35% having moved half or more of their enterprise applications into the cloud.
A full 87% expect to increase their reliance on public or private clouds over the next 24 months, with 52% characterizing their efforts as either “aggressively moving toward a cloud-first strategy” or “making significant progress” toward employing cloud computing as a key part of their IT strategy.
However, only 11% of respondents said their company has been “extremely successful” in realizing the benefits of multicloud computing.
The primary drivers of multicloud computing cited by survey respondents are a desire to improve efficiency and cut costs (48%), a need to move applications and data closer to users (38%), safeguards against single-vendor cloud failures (36%) and the ability to burst applications and services during peak demand (29%).
Expected benefits of making that move include redundancy and disaster recovery (59%), cost optimization (52%), performance optimization (45%) and being able to better match workloads to specific cloud platforms (35%).
However, most survey participants recognize that achieving that goal will present significant challenges, including ensuring security across all clouds, networks, applications and data (59%); acquiring the necessary skills and expertise (40%); increased management complexity (34%); and achieving centralized visibility and management across clouds (32%).
The top four multicloud requirements cited are the need to have centralized visibility and analytics into security and performance (58%), automated tools to speed response times and reduce costs (55%), centralized management from a single point of control (52%) and greater security scale and performance to handle increased traffic (36%).
Finally, the top four types of cybersecurity technologies respondents said they need are centralized authentication (63%), centralized security policies (51%), web application firewalls (38%) and distributed denial of service protection (32%). The survey also finds about 40% of organizations have reassessed or will reassess their current relationships with security and load balancer vendors in light of emerging multicloud computing requirements.
Dave Murray, director of thought leadership at the BPI Network, said the survey makes it clear organizations are embracing multiple clouds rapidly, even though the ability to centralize management of those clouds is at its early stages. There may be many benefits to be derived from employing cybersecurity; however, Murray noted that simplicity is not one of them.
Paul Nicholson, senior director of product marketing for A10 Networks, added that with the rise of containers and other cloud-native technologies, many IT organizations are about to discover that multicloud computing complexity extends way beyond trying to master cloud platforms running different types of virtual machines. The survey finds 53% of respondents view containers as either very important or important, with 48% reporting they are either using containers or planning to use them within the next 12 months. Another 12% are currently studying the use of containers.
The need to improve cost efficiencies across staffing, infrastructure and software resources is the top driver for container adoption (46%), followed by increasing use of multiclouds (42%), the need to improve the portability of applications and services (41%) and growing use of microservices architectures (36%). Respondents said the top benefits of containers are flexibility and portability of applications (57%), improved scalability (47%), better compute resource efficiency (41%) and operational simplicity (38%).
Furthermore, 40% of respondents already anticipate the use of smaller network edge clouds as part of their cloud strategy, with another 41% saying they may deploy edge clouds in the future.
Naturally, cybersecurity teams will be tasked with securing all these clouds. The only way that is going to occur, however, is if they work more collaboratively with developers. Advances in cybersecurity artificial intelligence (AI) are not going to make up for the chronic shortage of cybersecurity professionals anytime soon. The only way to plug a widening cloud security gap will be to embrace best DevSecOps processes whenever and wherever possible.
Of course, the biggest issue with DevSecOps might have little to do with technology. Cybersecurity professionals must trust in the fact that developers are trying to do the right cybersecurity thing. The issue now is finding a way to verify that application code is secure before it gets deployed on cloud computing platforms.