As enterprises look towards their post-pandemic futures, is the cloud still the central pillar onto which their IT infrastructure is built, or is the cloud also changing to meet the new digital transformation challenges businesses now face?
According to ForgeRock, an estimated 45% of IT spending will shift to the cloud by 2024. However, with the research also indicates that over 80% of CIOs stated they had yet to achieve all their goals with their cloud migration. What does this mean for the future development of hosted services?
As businesses re-draw their digital transformation roadmaps in the wake of COVID-19, what part cloud service play is being scrutinised. Cost savings and efficiency gains are often the twin drivers, but are enterprising fully embracing the opportunities that today’s cloud services can offer?
It’s a question at the board level as business leaders define how their organisations will operate in the future, what this means for workforces, and how next-generation customer services will be delivered.
The increased use of cloud services, mainly in a rush to support mass remote working, did mean that, in some instances, digital security could have been more robust. Today, enterprises are much more focused on this aspect of their cloud deployments. Indeed, Venafi concluded that 81% of organisations had experienced a cloud-related security incident over the last 12 months, with almost half (45%) suffering at least four incidents.
Also, the study investigated how responsibility for securing cloud-based applications is currently assigned across internal teams. This varies widely across organisations, with enterprise security teams (25%) the most likely to manage app security in the cloud, followed by operations teams responsible for cloud infrastructure (23%), a collaborative effort shared between multiple teams (22%), developers writing cloud applications (16%) and DevSecOps teams (10%). However, the number of security incidents indicates that none of these models effectively reduce security incidents.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, commented: “Security teams want to collaborate and share responsibility with the developers who are cloud experts, but all too often, they’re left out of cloud security decisions.”
Bocek continued: “Developers are making cloud-native tooling and architecture decisions that decide approaches to security without involving security teams. And now we can see the results of that approach: security incidents in the cloud are rapidly growing. We need to reset the approach to cloud security and create consistent, observable, controllable security services across clouds and applications. Architecting in a control plane for machine identity is a perfect example a new security model created specifically for cloud computing. This approach embeds security into developer processes and allows security teams to protect the business without slowing down engineers.”
Speaking to Silicon UK, James Sturrock, Director of Systems Engineering, Nutanix, explained: “Companies across the board are becoming a lot more cloud savvy and seeking to make IT infrastructure fit their applications rather than the other way round. For most, that means a hybrid multi-cloud approach combining services across a mix of public and private cloud platforms, often from multiple vendors. Indeed, according to the Nutanix-sponsored Enterprise Cloud Index (published at the end of 2021), hybrid multi-cloud is now the model of choice for more than a third (36%) of all companies already, with adoption expected to nearly double in the next three years.”
The trend to create hybrid multi-cloud strategies will continue. Cloud sprawl is, however, a clear and present danger to efficiency and cost reductions. In addition, many organisations have cloud services from multiple vendors, which sometimes creates an unwieldy infrastructure that must be addressed.
Also, the shift to create, deploy and maintain cloud-native architectures is predicted to continue apace. Gartner predicts that, by 2023, 70% of global organisations will be running more than two containerised applications in production – up from less than 20% in 2019. And IDC predicts that 95% of new microservices will be deployed in containers by 2021.
Commenting, Jaret Chiles, Global Vice President, Client Services DoiT International, stated: “The move to containers is mirroring, to a certain extent, some of the original mishaps companies made when moving to the cloud. Organisations are moving to containers at an accelerated pace because they understand in principle it can be a good thing, but they are not all taking the time to understand what problem they are solving and the outcomes they will measure against. Containers are a good solution for the right use cases. However, for businesses looking to deploy containers, I’d recommend they work with experts that can help make sure they’re doing it the right way, and for the right reasons.”
“The most obvious shift was a surge in companies looking to the cloud to either kick start or increase their support for flexible working using a mix of virtual desktop technologies and cloud-hosted services from the likes of Microsoft, Google, Zoom and others,” says Nutanix’s James Sturrock. “Over half (61%) of respondents to the Nutanix sponsored Enterprise Cloud Index said flexible working continued to be their focus but, beyond that, companies are also looking to the cloud to make IT more agile and responsive in the face of other challenges, such as escalating energy costs and geopolitical uncertainties. For these too, a multi-cloud approach is seen as the best way forward.”
In addition, Pamela Napier, Senior Manager of Cloud for the UK and Ireland at Veeam, also explained to Silicon UK: “The growth of containerised applications doesn’t surprise me. We’re seeing enterprises increasingly adopt a cloud-native approach to develop and scale-up applications, so this naturally means that containers and Kubernetes will play a crucial role in managing growing complexities and enabling workloads to be deployed in multi-cloud environments.
“However, a survey of DevOps professionals recently found that 94% of businesses experienced at least one Kubernetes security incident in the past year, and 59% consider security to be their biggest concern when it comes to using Kubernetes and containers. According to Veeam’s Data Protection Trends Report 2022, 65% of UKI firms are already running containers in production, with 29% planning to do so in the next 12 months, so exposures look set to rise. Therefore, I’m conscious that basic principles like security and Modern Data Protection must evolve with the growth of containers to make the best use of their benefits.
“We have lots of platforms available to us, so workloads and data can and do exist across many different locations. The ability to bring mobility to that workload, move workloads and data from one platform, cloud, or Kubernetes cluster to another depends upon data being protected throughout the ecosystem. This will likely mean that we’ll see greater adoption of Zero Trust security approaches, as well as backup and recovery applications designed especially for these uses. Of course, this is quite new: the ‘modern’ in Modern Data Protection if you like. Education, awareness, and training around containers and how to ensure the integrity of the data running across them is vital. There are several free resources out there that can help, such as the ‘90 Days of DevOps’ blog.”
A hosted future
All businesses will continue evolving their cloud services based on the strategic planning they are carrying out. The need to become massively agile businesses, manage dispersed workforces and deliver world-class digital experiences to every customer touchpoint all require cloud services.
“MSEs (medium-sized enterprises) are shifting investments and even increasing budgets to fund their top technology priorities,” said Mike Cisek, VP Analyst at Gartner. “However, the accelerated rate of change in security, infrastructure, applications and cloud ecosystems complicates the selection of new tools, requiring MSE technology leaders to rapidly operationalise investments to deliver time to value.”
Richard Hotchkin, Director of Cloud Infrastructure Product Management at Aptum Technologies, explained to Silicon UK: “We are seeing, and have for a while, the effects of accelerated digital transformations on organisations’ workloads. The pandemic caused businesses to rush to the cloud due to the rise in remote work, which meant there was little time for the essential upfront strategizing and planning. In fact, our annual Cloud Impact Study earlier this year reported that only 20% of respondents conducted a holistic strategy before beginning their cloud journey.
“The results, for those who did attempt some planning, was a fragmented approach misaligned with the ‘how’ of moving to the cloud. This lack of an overarching strategy is the leading cause of cloud integration struggles and other key cloud issues.
“And the lack of internal expertise and skills to properly manage and understand cloud deployments further compounds the challenges being faced. There are massive shortages of skills within the tech sector, particularly in the cloud space. Businesses are now seeking to correct their previous mistakes by bringing in the help of managed hosting providers to rectify and optimise cloud deployments. As technology evolves and choice increases, it is this expertise that will help them get it right the first time.”
In January 2019-December 2021 (“pre-COVID pandemic”) period, 36% of organisations described their approach to IT infrastructure as ‘cloud first’, with only 19% stating their organisation was officially committed to a ‘cloud-only’ approach, concluded research from Leaseweb. From January 2022 onwards, the (post-COVID pandemic) period, ‘cloud first’ commitments had decreased to 31%, with ‘cloud only’ rising to 25% of respondents.
When asked about the optimum IT infrastructure for their organisation, the most popular selections were the private cloud only (23%) and a mixture of on-premise and public cloud (20%). These were followed by public cloud only (17%) and a mixture of on-premises and private cloud (14%), with on-premises only the least popular selection at 7%.
The move away from on-premise legacy infrastructure is clear, with two-thirds (66%) of respondents agreeing that the industry will see the end of on-premise infrastructure over the next two years. The research results indicate that while on-premises is not an essential part of IT strategy, it still exists within many organisations’ environments.
The positive news is that this does not appear to be stifling innovation: only 16% of respondents said that legacy infrastructure was either standing in the way of further cloud adoption or limiting their organisation’s ability to make business decisions. Instead, the focus is on deploying applications in the right place, with a key takeaway from the study being that the end of on-premises infrastructure may be approaching but not quite there.
“The results of this study strengthen the case for hybrid combinations thanks to the flexibility and choice it can deliver to both large and small companies,” commented Terry Storrar, Managing Director UK at Leaseweb. “And much as there has been a shift towards cloud adoption, rather than highlighting the pandemic as a key driver of a shift to the cloud, it appears that businesses were investing in cloud beforehand and that investment levels have remained relatively static,” continued Storrar.
Cloud services are moving through a period of change as the enterprises that use them also evolve into new businesses. The hybrid approach is still the most efficient approach for most companies. Complex multi-vendor deployments also show weaknesses as businesses shift into higher development gear. The future of the cloud is leaner targeted services that enable organisations to embrace headless, microservice, API-enabled development strategies.
Raymond Xiao, Head of International Industry Solutions and Architecture, Alibaba Cloud Intelligence.
Raymond Xiao is currently leading Alibaba Cloud’s international industry solutions and architecture team to serve customers worldwide. His team focuses on driving industry solutions and practices, technology innovation and cloud adoption by applying Alibaba Cloud’s broad spectrum of product portfolio to solve business problems in international markets and ecosystems. Raymond joined Alibaba Cloud in 2016 and previously served as Chief Solutions Architect in the Hong Kong, Macau SAR and Philippines Alibaba Cloud Intelligence.
Can you give a brief overview of how businesses are now managing their cloud deployments?
“As cloud strategy initiatives have become an important part of every business’s activity, there’s no doubt that they see the benefits of cloud computing with respect to cost-efficiency while driving innovation. Nowadays, we are seeing more businesses embrace the multi-cloud approach by choosing multiple cloud vendors that can meet different business needs on performance, resilience, flexibility and innovation. With Alibaba Cloud’s differential value of geographical coverage and industry practices, we have proactively taken part in many businesses’ multi-cloud strategies to help them achieve their desired business outcomes.”
Has the pandemic shifted how enterprises approach their cloud estates?
“The pandemic stimulated cloud adoption for many enterprises around the world. We have seen more businesses move their critical companies online to efficiently handle workloads and leverage performance optimisation. The beauty of using the public cloud is that it allows a business to respond to market needs in a timely and efficient manner. As enterprises expand their cloud estates on the public cloud, the architecture landscape could become more complicated; that’s where a well-defined cloud adoption framework comes into place.
“Alibaba Cloud’s Cloud Adoption Framework provides strategic and technical guidelines and best practices that empower enterprises’ cloud adoption, resource management, supply chain and internal operations. The framework provides a methodology for enterprise to follow for their cloud adoption, and it is a lifecycle with stages including strategy, preparation, adoption, operation, and governance.”
How have the approaches businesses now take to security across their cloud deployments changed?
“Security is still front of mind for businesses when considering cloud adoption. That’s why cloud service providers always prioritise protecting their customers’ data and assets.
“Our efforts are being recognised. By way of example, Alibaba Cloud has been recognised by Gartner as a Challenger among global security service providers evaluated in the 2021 Gartner Magic Quadrant for Network Firewalls. The move acknowledges our firewall offering, extensive customer base and significant market share.”
Are businesses rationalising their cloud services to reduce their technical debt and allow them to innovate at speed?
“We have seen businesses take a more structured approach to rationalising their cloud services so they can enjoy the benefits of cloud computing at scale. Typically, companies will start with research and analysis of their existing systems based on their cloud strategy and future plans. By understanding the relationship within the current application landscape, customers can then carefully plan their migration priority and strategy based on evaluating and analysing the application requirements.
“For example, Alibaba Cloud’s Cloud Adoption Framework explains to our customers how to rationally plan, use, and manage cloud assets and build a compliant, agile, and efficient cloud environment. It describes how to use the standard service templates of the public cloud to migrate applications to Alibaba Cloud, how to use effective cost and resource monitoring services to reduce business and operation risks and how to use cloud-based automation tools and methods to improve agile development and O&M capabilities.”
Gartner predicts that, by 2023, 70% of global organisations will be running more than two containerised applications in production – up from less than 20% in 2019. What is your view?
“We have increasingly observed that more organisations are building containerised applications in their cloud or on-premise environments. At Alibaba Cloud, we keep improving our container product portfolio to make our customer’s application modernisation journey easier. For instance, we provide ACK One (Alibaba Cloud Distributed Cloud Container Platform), a multi-region and multi-cluster container management platform, to provide a consistent management, delivery and operation experience for enterprises. It enables our customers to implement container cluster management, resource scheduling, data disaster recovery and application delivery through a unified platform, whether in a public cloud, private cloud or on-premise environment. ACK One is the latest additions to ACK Anywhere, Alibaba Cloud Container Service for Kubernetes.”
How are enterprises now using the cloud to deliver great customer experiences?
“We have seen an increasing number of enterprises looking for tailored industrial cloud products to help them accelerate their digitalisation strategy and enhance the customer experience. That’s why we have been introducing scenario-driven solutions underpinned by Alibaba Cloud’s years of insights and best practices in various industries such as finance, retail, and media.
“Last month we launched a suite of Alibaba Cloud for Financial Services solutions (FSIs), comprising 70 products designed to help financial services institutions of all sizes across banking, insurance, securities and FinTech to digitalise their operations. Our digital onboarding and servicing leverages various Software-as-a-Service (SaaS) and hybrid cloud deployments to support mobile and digital operations, remote video-based sales platforms, and an electronic know-your-customer (eKYC) solution, helping FSIs verify and onboard users online anytime and from anywhere.”