Many businesses accelerated their cloud strategies through 2020 and plan to keep the momentum going. The cloud is vitally important in the post-pandemic world and plays a central role in longer-term digital transformation. The challenge will be doing all of this when budgets remain tight.
Half of the companies in our survey (52 per cent) increased their use of cloud technologies during 2020 and many are planning to move more workloads to the cloud. Almost two-fifths (38 per cent) plan to move to Azure, with 15% going with AWS and 10% looking at private cloud.
Our survey found that two-fifths of respondents (40 per cent) said they would be moving workloads to more than one platform, with 3% saying that they would be using as many as five. Such a multi-cloud strategy is becoming more common. One recent report said that 93 per cent of enterprises have a multi-cloud strategy. Companies are taking a multi-cloud approach because they can get the best solution for a specific use case and reduce their dependence on one provider.
However, a significant majority (62 per cent) of those surveyed said their IT budget has remained the same, so they will have to do more with the same resources. The good news is that cloud services need not be prohibitively expensive. Methodologies and technologies developed for companies on a scale of businesses like Netflix are trickling down to SMEs. The challenge is to identify the ones worth investing in.
There are huge benefits, but any cloud strategy must pay careful attention to security. This is particularly true of multi-cloud, where security can slip through the gaps. This is likely to be a challenge. In our survey, when asked about securing remote working, more than half of respondents (54 per cent) said: “it’s complicated”. If your response to securing remote workers is a Facebook relationship status, then you really do need to take time to plan when it comes to securing multi-cloud.
Hardware firewalls aren’t enough. Organisations need to consider encryption, advanced threat defence (ATD), malware protection, SSO and access control. And it isn’t just the links between public cloud platforms that must be secured. Many organisations also have a managed private cloud as part of their estate, and this too is part of the security picture.
The result is a larger potential threat landscape. The network perimeter, once the frontline of cybersecurity, essentially disappears. Today, a growing number of organisations are removing the inherent trust from the network, assuming instead that it is hostile. A new boundary is created around applications and any request to the network must be verified for identity, context and policy adherence.
In addition to a zero-trust approach, companies should be looking for applications that are secure by design. When security has to compete with other requirements during development, it can easily be overlooked, which stores security problems for later. Today, more developers and service providers are committing to a secure-by-design approach by embedding security into the development process.
When planning a cloud strategy, companies need to take a good look at what they have already and determine whether they are getting the most value from their existing environment. If a new service or provider is needed, it’s essential to make sure that security processes are reviewed, adapted and evolved to accommodate.