Nutanix announced the findings of its survey and research report, which measures enterprise progress with adopting private, hybrid and public clouds. This year, survey respondents were also asked about the impact of the COVID-19 pandemic on current and future IT decisions and strategy.
Hybrid cloud is still the frontrunner as the ideal IT infrastructure model (86% of respondents think so), and respondents running hybrid environments are more likely to plan to focus on strategic efforts and driving positive business impact.
Shifting IT’s focus toward remote worker support
The pandemic has shifted IT’s focus toward remote worker support and enabling near-instant infrastructure deployments that reach geographically distributed workforces, spurring increased enterprise progress with cloud expansion.
Additionally, a greater number of respondents running hybrid environments said they were likely to offer more flexible work setups, strengthen their business continuity plans, simplify operations, and increase digital conferencing usage because of the pandemic.
76% of respondents reported the pandemic made them think more strategically about IT, and 46% said their investments in hybrid cloud have increased as a direct result of the pandemic, including public and private clouds.
Additionally, businesses also increasingly rely on multiple public clouds to meet their needs compared to previous years. The report showed that, among those who use public clouds, 63% of respondents use two or more public clouds, or multicloud, respondents are also expecting this number to jump to 71% in the next 12 months.
Enterprises taking key steps toward reaching their IT operating model of choice
Global respondents report taking the initial key steps to successfully run a hybrid environment, including adopting hyperconverged infrastructure in their datacenters and decommissioning non-cloud-enabled datacenters in favor of private and public cloud usage.
Global IT teams are also planning for substantial infrastructure changes; they foresee, on average, hybrid cloud deployments increasing by more than 37 percentage points over the next five years, with a corresponding 15-point drop in non-cloud-enabled datacenters.
Most notably of the many infrastructure categories, respondents reported running a mixed model of private cloud, public cloud, and traditional datacenter more often than any other (nearly 26%) which is likely a precursor to a hybrid cloud deployment.
Remote work is here to stay — and companies are planning for it
In last year’s survey, about 27% of respondent companies had no full-time at-home workers. That number fell 20 percentage points this year to only 7%, as a result of to COVID-19.
By 2022, respondents predict that an average of 13% of companies will have no full-time remote employees at that time, less than half as many as a year ago in 2019, before COVID struck. Improving IT infrastructure (50%) and work-from-home capabilities (47%) have therefore become priorities for the next 12 to 18 months.
Strategic business outcomes, not economics, drive change today
Respondents said their primary motives for modifying their IT infrastructures are to get greater control of their IT resources (58%), gain the flexibility to meet dynamic business requirements (55%), and improve support for customers and remote workers (46%). By contrast, just 27% mentioned cutting costs as a driver.
Educators face unique COVID-19-related challenges and needs
More education-industry respondents cited “ensuring that remote workers have adequate hardware” as a primary challenge than any other issue. 47% also cited providing “adequate communications channels among employees, customers, and clients” as a top challenge.
The education sector is taking the right steps toward transformation, ranking high in private cloud deployments, with 29% of respondents saying they were running private clouds only (substantially more than the 22% global average).
“Today, technology has taken on an entirely new meaning. It is a complex strategy and it makes or breaks a company’s long-term viability. COVID-19 has accelerated us into a new era of strategic IT and raised its profile considerably, and the findings from this year’s Enterprise Cloud Index reflect this new reality.
“Hybrid cloud is the frontrunner, and it will continue to be as we navigate our mixing of physical and virtual environments and move away from doing business in a single mode.”
While COVID-19 has created new concerns and deepened traditional challenges for IT, organizations with complete insight and governance of their technology ecosystem are better positioned to achieve their priorities, a Snow Software survey of 1,000 IT leaders and 3,000 workers in the United States, United Kingdom, Germany and Australia reveals.
The challenge of managing risk
In fact, mature technology intelligence – defined as the ability to understand and manage all technology resources – correlated to resilience and growth. Of the IT leaders classified as having mature technology intelligence, 79% were confident in their organization’s ability to weather current events and 100% indicated that innovation continues to be a strategic focus for their organization.
“The complexities, risks and budget concerns IT departments traditionally face have been exacerbated, and a rapid acceleration of digital transformation and cloud adoption has brought new issues to the forefront. Now more than ever, IT leaders need to be in a position to quickly adapt to these macro trends as they define their top technology priorities in 2021.”
Technology management has become increasingly difficult
Many IT leaders indicated increases in technology spend across the board – on software, hardware, SaaS and cloud – over the past 12 months. Faced with more complex ecosystems, it is no surprise that 63% also reported technology management had become more difficult.
As anticipated budget restrictions go into effect for 2021, IT leaders will need to demonstrate the value of their investments and ensure proper governance over their entire technology stack.
Improved employee perception of IT
Employee perception of IT has improved, but differing perceptions on technology management and procurement hint at potential issues. While 41% of workers believe that access to technology has improved, there remains a 22-point gap between IT leaders and employees on how easy it is to purchase software, applications or cloud services.
This is not the only area where IT leaders and workers have varying views. Though they agree that security is the number one issue caused by unmanaged and unaccounted for technology, awareness of additional issues drops dramatically after that, with 16% of workers believing it causes no business issues whatsoever.
The data suggests continued challenges ahead for organizations as they try to reduce risk across the board.
Vendor audits a looming but potentially underestimated risk in 2021
87% of IT leaders said they had been audited by a software vendor over the last 12 months.
The vendors that audited the most were Microsoft, IBM, Oracle, Adobe and SAP. Yet only 51% said they were concerned about audits over the next 12 months, an answer that varied wildly based on geography – 81% of US leaders said they were concerned compared to just 30% in Germany and 42% in the UK.
Based on 2020 trends as well as vendor behavior following the 2008 recession, it appears European IT leaders are significantly underestimating this risk.
Organization’s top IT priorities
Organization’s top IT priorities are inherently at odds with each other and often align with the IT department’s biggest challenges. IT leaders reported that their organization’s top priorities in 2020 were adopting new technologies (38%), reducing security risks (38%), reducing IT spend (38%).
They paralleled the biggest challenges IT leaders faced over the past 12 months with managing cybersecurity threats (43%), implementing new technologies (40%) and supporting remote work (39%). Juggling these conflicting and difficult priorities became even more complicated in light of COVID-19.
Few meeting the bar for mature technology intelligence
Strong technology intelligence enabled IT leaders to more effectively tackle their top priorities and challenges. Just 14% of IT leaders met the bar for mature technology intelligence. This elite group outpaced other respondents in their ability to support digital transformation, reduce risk, enable employees and control spend.
“As we collectively look ahead to 2021, it’s more important than ever that CIOs and IT leaders strike the right balance between managing risk and remaining agile in the face of continued unpredictability,” said Pooley.
“It is clear from the data that a comprehensive understanding of technology resources and the ability to manage them is a key differentiator. IT leaders can use the insights to endure challenging periods like the pandemic, as well as embrace innovation to drive future growth and resilience.”
Organizations underwent an unprecedented IT change this year amid a massive shift to remote work, accelerating adoption of cloud technology, Duo Security reveals.
The security implications of this transition will reverberate for years to come, as the hybrid workplace demands the workforce to be secure, connected and productive from anywhere.
The report details how organizations, with a mandate to rapidly transition their entire workforce to remote, turned to remote access technologies such as VPN and RDP, among numerous other efforts.
As a result, authentication activity to these technologies swelled 60%. A complementary survey recently found that 96% of organizations made cybersecurity policy changes during the COVID-19, with more than half implementing MFA.
Cloud adoption also accelerated
Daily authentications to cloud applications surged 40% during the first few months of the pandemic, the bulk of which came from enterprise and mid-sized organizations looking to ensure secure access to various cloud services.
As organizations scrambled to acquire the requisite equipment to support remote work, employees relied on personal or unmanaged devices in the interim. Consequently, blocked access attempts due to out-of-date devices skyrocketed 90% in March. That figure fell precipitously in April, indicating healthier devices and decreased risk of breach due to malware.
“As the pandemic began, the priority for many organizations was keeping the lights on and accepting risk in order to accomplish this end,” said Dave Lewis, Global Advisory CISO, Duo Security at Cisco. “Attention has now turned towards lessening risk by implementing a more mature and modern security approach that accounts for a traditional corporate perimeter that has been completely upended.”
Additional report findings
So long, SMS – The prevalence of SIM-swapping attacks has driven organizations to strengthen their authentication schemes. Year-over-year, the percentage of organizations that enforce a policy to disallow SMS authentication nearly doubled from 8.7% to 16.1%.
Biometrics booming – Biometrics are nearly ubiquitous across enterprise users, paving the way for a passwordless future. Eighty percent of mobile devices used for work have biometrics configured, up 12% the past five years.
Cloud apps on pace to pass on-premises apps – Use of cloud apps are on pace to surpass use of on-premises apps by next year, accelerated by the shift to remote work. Cloud applications make up 13.2% of total authentications, a 5.4% increase year-over-year, while on-premises applications encompass 18.5% of total authentications, down 1.5% since last year.
Apple devices 3.5 times more likely to update quickly vs. Android – Ecosystem differences have security consequences. On June 1, Apple iOS and Android both issued software updates to patch critical vulnerabilities in their respective operating systems.
iOS devices were 3.5 times more likely to be updated within 30 days of a security update or patch, compared to Android.
Windows 7 lingers in healthcare despite security risks – More than 30% of Windows devices in healthcare organizations still run Windows 7, despite end-of-life status, compared with 10% of organizations across Duo’s customer base.
Healthcare providers are often unable to update deprecated operating systems due to compliance requirements and restrictive terms and conditions of third-party software vendors.
Windows devices, Chrome browser dominate business IT – Windows continues its dominance in the enterprise, accounting for 59% of devices used to access protected applications, followed by macOS at 23%. Overall, mobile devices account for 15% of corporate access (iOS: 11.4%, Android: 3.7%).
On the browser side, Chrome is king with 44% of total browser authentications, resulting in stronger security hygiene overall for organizations.
UK and EU trail US in securing cloud – United Kingdom and European Union-based organizations trail US-based enterprises in user authentications to cloud applications, signaling less cloud use overall or a larger share of applications not protected by MFA.
LogMeIn released a report that reveals the current state of IT in the new era of remote work. The report quantifies the impact of COVID-19 on IT roles and priorities for small to medium-sized businesses.
The study reveals the massive shift in the day-to-day work of IT professionals, and the broader impact of the transition to remote work for the majority of businesses.
The report uncovers how the budgets, priorities, and functions of IT teams at small and medium-sized businesses continue to be shaped by ongoing global upheaval and uncertainty and provides insights into how IT professionals are adapting their roles and teams to these challenges.
Virtual tasks and security concerns demand more IT time
With the onset of COVID-19, the types of tasks that filled a typical IT team member’s day changed significantly. The research found that 67 percent of respondents said they spend more time on virtual tasks like team web meetings, remotely accessing employee devices (66 percent) and customer web meetings (52 percent).
Security also gained increased focus, with 54 percent spending more time managing IT security threats and 54 percent developing new security protocols. 47 percent of IT professionals are spending 5 to 8 hours per day on IT security, compared to 35% in 2019.
The increased complexities of BYOD and BYOA (Bring-Your-Own-Devices and Access) work environments combined with advancements in cyberattacks have increasingly monopolized the focus of IT professionals.
IT is most worried about a breach
The top IT security concerns continue to be data breaches (cloud, internal, and external), malware, employee behavior, and ransomware. With cloud technology and adoption skyrocketing over the years, fear of a cloud data security breach has increased significantly just in the past two years, with 40% of IT professionals expressing concern in 2018 and 53% citing it as a top security concern in 2020.
Another higher priority concern in 2020 compared to previous years is ‘Rapidly evolving business technology practices’ with 29 percent of IT professionals stating it’s a top security concern in 2020, compared to only 20 percent in 2019.
Lack of budget is the greatest barrier to keeping up with trends in IT
35 percent of IT professionals agree that a lack of budget is the biggest challenge their company is facing in trying to keep up with IT trends. IT training, lack of IT staff, lack of control over a remote workforce, and IT staff resistance to change are all seen as the most common reasons IT teams are struggling to adapt to changes in their field.
With limited budget, IT teams must implement solutions that enable them to do more with less and prioritize implementing tools with security, automation, and monitoring functionality.
Software facilitating remote collaboration and management proved most valuable to IT
Given that it was no longer possible to stop by an employee’s desk to address any issues, 38 percent of IT teams prioritized remote access software first during the COVID-19 pandemic.
With employees working from home, having a way to collaborate with colleagues became mission-critical, so it’s not surprising that one third of IT respondents prioritized meeting and communications software.
“This data shows that the pandemic has led to improved training for IT and employees, ensuring all employees have the appropriate hardware and software, and even installed multifactor authentication for improved security.”
Many companies tend to jump into the cloud before thinking about security. They may think they’ve thought about security, but when moving to the cloud, the whole concept of security changes. The security model must transform as well.
Moving to the cloud and staying secure
Most companies maintain a “castle, moat, and drawbridge” attitude to security. They put everything inside the “castle” (datacenter); establish a moat around it, with sharks and alligators, guns on turrets; and control access by raising the drawbridge. The access protocol involves a request for access, vetting through firewall rules where the access is granted or denied. That’s perimeter security.
When moving to the cloud, perimeter security is still important, but identity-based security is available to strengthen the security posture. That’s where a cloud partner skilled at explaining and operating a different security model is needed.
Anybody can grab a virtual machine, build the machine in the cloud, and be done, but establishing a VM and transforming the machine to a service with identity-based security is a different prospect. When identity is added to security, the model looks very different, resulting in cost savings and an increased security posture.
Advanced technology, cost of security, and lack of cybersecurity professionals place a strain on organizations. Cloud providers invest heavily in infrastructure, best-in-class tools, and a workforce uniquely focused on security. As a result, organizations win operationally, financially, and from a security perspective, when moving to the cloud. To be clear, moving applications and servers, as is, to the cloud does not make them secure.
Movement to the cloud should be a standardized process and should use a Cloud Center of Excellence (CCoE) or Cloud Business Office (CBO); however, implemented within a process focused on security first, organizations can reap the security benefits.
Although security is marketed as a shared responsibility in the cloud, ultimately, the owner of the data (customer) is responsible and the responsibility is non-transferrable. In short, the customer must understand the responsibility matrix (RACI) involved to accomplish their end goals. Every cloud provider has a shared responsibility matrix, but organizations often misunderstand the responsibilities or the lines fall into a grey area. Regardless of responsibility models, the data owner has a responsibility to protect the information and systems. As a result, the enterprise must own an understanding of all stakeholders, their responsibilities, and their status.
When choosing a partner, it’s vital for companies to identify their exact needs, their weaknesses, and even their culture. No cloud vendor will cover it all from the beginning, so it’s essential that organizations take control and ask the right questions (see Cloud Security Alliance’s CAIQ), in order to place trust in any cloud provider. If it’s to be a managed service, for example, it’s crucial to ask detailed questions about how the cloud provider intends to execute the offering.
It’s important to develop a standard security questionnaire and probe multiple layers deep into the service model until the provider is unable to meet the need. Looking through a multilayer deep lens allows the customer and service provider to understand the exact lines of responsibility and the details around task accomplishment.
It might sound obvious, but it’s worth stressing: trust is a shared responsibility between the customer and cloud provider. Trust is also earned over time and is critical to the success of the customer-cloud provider relationship. That said, zero trust is a technical term that means, from a technology viewpoint, assume danger and breach. Organizations must trust their cloud provider but should avoid blind trust and validate. Trust as a Service (TaaS) is a newer acronym that refers to third-party endorsement of a provider’s security practices.
Key influencers of a customer’s trust in their cloud provider include:
- Data location
- Investigation status and location of data
- Data segregation (keeping cloud customers’ data separated from others)
- Privileged access
- Backup and recovery
- Regulatory compliance
- Long-term viability
A TaaS example: Google Cloud
Google has taken great strides to earn customer trust, designing the Google Cloud Platform with a key eye on zero trust and its implementation of the model BeyondCorp. For example, Google has implemented two core concepts including:
- Delivery of services and data: ensuring that people with the correct identity and the right purpose can access the required data every time
- Prioritization and focus: access and innovation are placed ahead of threats and risks, meaning that as products are innovated, security is built into the environment
Transparency is very important to the trust relationship. Google has enabled transparency through strong visibility and control of data. When evaluating cloud providers, understanding their transparency related to access and service status is crucial. Google ensures transparency by using specific controls including:
- Limited data center access from a physical standpoint, adhering to strict access controls
- Disclosing how and why customer data is accessed
- Incorporating a process of access approvals
Multi-layered security for a trusted infrastructure
Finally, cloud services must provide customers with an understanding of how each layer of infrastructure works and build rules into each. This includes operational and device security, encrypting data at rest, multiple layers of identity, and finally storage services: multi-layered, and supported by security by default.
Cloud native companies have a security-first approach and naturally have a higher security understanding and posture. That said, when choosing a cloud provider, enterprises should always understand, identify, and ensure that their cloud solution addresses each one of their security needs, and who’s responsible for what.
Essentially, every business must find a cloud partner that can answer all the key questions, provide transparency, and establish a trusted relationship in the zero trust world where we operate.
The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT.
Global spending on cloud services to rise
According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) of 15.7%.
“Cloud in all its permutations – hardware/software/services/as a service as well as public/private/hybrid/multi/edge – will play ever greater, and even dominant, roles across the IT industry for the foreseeable future,” said Richard L. Villars, Group VP, Worldwide Research at IDC.
“By the end of 2021, based on lessons learned in the pandemic, most enterprises will put a mechanism in place to accelerate their shift to cloud-centric digital infrastructure and application services twice as fast as before the pandemic.”
Strongest growth in the as a service category
The strongest growth in cloud revenues will come in the as a service category – public (shared) cloud services and dedicated (private) cloud services. This category, which is also the largest category in terms of overall revenues, is forecast to deliver a five-year CAGR of 21.0%.
By 2024, the as a service category will account for more than 60% of all cloud revenues worldwide. The services category, which includes cloud-related professional services and cloud-related management services, will be the second largest category in terms of revenue but will experience the slowest growth with an 8.3% CAGR. This is due to a variety of factors, including greater use of automation in cloud migrations.
The smallest cloud category, infrastructure build, which includes hardware, software, and support for enterprise private clouds and service provider public clouds, will enjoy solid growth (11.1% CAGR) over the forecast period.
Factors driving the cloud market forward
While the impact of COVID-19 could have some negative effects on cloud adoption over the next several years, there are a number of factors that are driving the cloud market forward.
- The ecosystem of tech companies helping customers migrate to cloud environments, create new innovations in the cloud, and manage their expanding cloud environments will enable enterprises to meet their accelerated schedules for moving to cloud.
- The emergence of consumption-based IT offerings are aimed at leveraging public cloud-like capabilities in an on-premises environment that reduces the complexity and restructures the cost for enterprises that want additional security, dedicated resources, and more granular management capabilities.
- The adoption of cloud services should enable organizations to shift IT from maintenance of legacy IT to new digital transformation initiatives, which can lead to new business revenue and competitiveness as well as create new opportunities for suppliers of professional services.
- Hybrid cloud has become central to successful digital transformation efforts by defining an IT architectural approach, an IT investment strategy, and an IT staffing model that ensures the enterprise can achieve the optimal balance across dimensions without sacrificing performance, reliability, or control.
83% of C-level executives expect the changes they made in the areas of people, processes, and applications as a response to the COVID-19 pandemic to become permanent (whether significant or partial), according to Radware.
According to the report, pandemic-driven changes affected various aspects of business, 44% of executives surveyed reported a negative negative impact on budgets, 43% reported a workforce reduction, while 37% reported reduced real estate footprints.
Pandemic accelerated cloud adoption
The pandemic accelerated the migration of business infrastructure and applications into the cloud. 76% of companies adopted cloud services faster than they had planned, and 56% of respondents said that the contactless economy – e-commerce, on-demand content, video conferencing, etc.- had a positive impact on their business.
The quick migration helped to maintain business operations but potentially exacerbated cybersecurity gaps, due to an increased attack surface. 40% of survey respondents reported an increase in cyberattacks amid the pandemic. 32% said that they relied on their cloud provider’s security services to provide security management for their public cloud assets.
“The transition to remote work and new online contactless business models is not temporary and is affecting the future strategy on how organizations invest in cybersecurity,” said Anna Convery-Pelletier, CMO at Radware.
“Normally, businesses would make this shift over an extended period of time. However, the pandemic forced a massive shift to remote work which is now creating new security challenges.”
“Before the pandemic, digital transformation was a long-term strategic goal for most businesses,” said Michael O’Malley, VP of Market Strategy for Radware.
“On-demand content consumption, contactless payments, curbside pickups, and remote workforces are now business imperatives. Executives must revisit what they’ve implemented to ensure that a lack of cybersecurity planning does not undermine their goals.”
Other key findings
- Shift to remote operations: More than 80% of respondents said they believed more than 25% of their employees would work remotely in the future, a sharp contrast to pre-pandemic work-from-home policies, when only 48% of companies enabled more than 25% of their employees do so, and 6% did not enable remote work at all.
- Emergence of new revenue models to support contactless economy: Roughly two in five respondents from the retail sector said they made real estate changes – including store closures. Many retailers faced pressure to adopt practices that ease the customer experience, such as curbside pickup, e-commerce, and increased use of contactless payments. More than any other sector, retailers reported the need to adopt cloud or hybrid cloud environments to make their networks more resilient, 57% said they plan to host their assets in either a public or private cloud environment by 2022.
Today’s organizations desire the accessibility and flexibility of the cloud, yet these benefits ultimately mean little if you’re not operating securely. One misconfigured server and your company may be looking at financial or reputational damage that takes years to overcome.
Fortunately, there’s no reason why cloud computing can’t be done securely. You need to recognize the most critical cloud security challenges and develop a strategy for minimizing these risks. By doing so, you can get ahead of problems before they start, and help ensure that your security posture is strong enough to keep your core assets safe in any environment.
With that in mind, let’s dive into the five most pressing cloud security challenges faced by modern organizations.
1. The perils of cloud migration
According to Gartner, the shift to cloud computing will generate roughly $1.3 trillion in IT spending by 2022. The vast majority of enterprise workloads are now run on public, private or hybrid cloud environments.
Yet if organizations heedlessly race to migrate without making security a primary consideration, critical assets can be left unprotected and exposed to potential compromise. To ensure that migration does not create unnecessary risks, it’s important to:
- Migrate in stages, beginning with non-critical or redundant data. Mistakes are often more likely to occur earlier in the process. So, begin moving data that won’t lead to damaging consequences to the enterprise in case it gets corrupted or erased.
- Fully understand your cloud provider’s security practices. Go beyond “trust by reputation” and really dig into how your data is stored and protected.
- Maintain operational continuity and data integrity. Once migration occurs, it’s important to ensure that controls are still functioning and there is no disruption to business operations.
- Manage risk associated with the lack of visibility and control during migration. One effective way to manage risk during transition is to use breach and attack simulation software. These automated solutions launch continuous, simulated attacks to view your environment through the eyes of an adversary by identifying hidden vulnerabilities, misconfigurations and user activity that can be leveraged for malicious gain. This continuous monitoring provides a significant advantage during migration – a time when IT staff are often stretched thin, learning new concepts and operating with less visibility into key assets.
2. The need to master identity and access management (IAM)
Effectively managing and defining the roles, privileges and responsibilities of various network users is a critical objective for maintaining robust security. This means giving the right users the right access to the right assets in the appropriate context.
As workers come and go and roles change, this mandate can be quite a challenge, especially in the context of the cloud, where data can be accessed from anywhere. Fortunately, technology has improved our ability to track activities, adjust roles and enforce policies in a way that minimizes risk.
Today’s organizations have no shortage of end-to-end solutions for identity governance and management. Yet it’s important to understand that these tools alone are not the answer. No governance or management product can provide perfect protection as organizations are eternally at the mercy of human error. To help support smart identity and access management, it’s critical to have a layered and active approach to managing and mitigating security vulnerabilities that will inevitably arise.
Taking steps like practicing the principle of least privilege by permitting only the minimal amount of access necessary to perform tasks will greatly enhance your security posture.
3. The risks posed by vendor relationships
The explosive growth of cloud computing has highlighted new and deeper relationships between businesses and vendors, as organizations seek to maximize efficiencies through outsourcing and vendors assume more important roles in business operations. Effectively managing vendor relations within the context of the cloud is a core challenge for businesses moving forward.
Why? Because integrating third-party vendors often substantially raises cybersecurity risk. A Ponemon institute study in 2018 noted that nearly 60% of companies surveyed had encountered a breach due to a third-party. APT groups have adopted a strategy of targeting large enterprises via such smaller partners, where security is often weaker. Adversaries know you’re only as strong as your weakest link and take the least path of resistance to compromise assets. Due to this, it is incumbent upon today’s organizations to vigorously and securely manage third-party vendor relations in the cloud. This means developing appropriate guidance for SaaS operations (including sourcing and procurement solutions) and undertaking periodic vendor security evaluations.
4. The problem of insecure APIs
APIs are the key to successful cloud integration and interoperability. Yet insecure APIs are also one of the most significant threats to cloud security. Adversaries can exploit an open line of communication and steal valuable private data by compromising APIs. How often does this really occur? Consider this: By 2022, Gartner predicts insecure APIs will be the vector most commonly used to target enterprise application data.
With APIs growing ever more critical, attackers will continue to use tactics such as exploiting inadequate authentications or planting vulnerabilities within open source code, creating the possibility of devastating supply chain attacks. To minimize the odds of this occurring, developers should design APIs with proper authentication and access control in mind and seek to maintain as much visibility as possible into the enterprise security environment. This will allow for the quick identification and remediation of such API risks.
5. Dealing with limited user visibility
We’ve mentioned visibility on multiple occasions in this article – and for good reason. It is one of the keys to operating securely in the cloud. The ability to tell friend from foe (or authorized user from unauthorized user) is a prerequisite for protecting the cloud. Unfortunately, that’s a challenging task as cloud environments grow larger, busier and more complex.
Controlling shadow IT and maintaining better user visibility via behavior analytics and other tools should be a top priority for organizations. Given the lack of visibility across many contexts within cloud environments, it’s a smart play to develop a security posture that is dedicated to continuous improvement and supported by continuous testing and monitoring.
Critical cloud security challenges: The takeaway
Cloud security is achievable as long as you understand, anticipate and address the most significant challenges posed by migration and operation. By following the ideas outlined above, your organization will be in a much stronger position to prevent and defeat even the most determined adversaries.
Half a year into the shutdown, companies are still playing catch up to optimize their remote work experience, according to Infoblox.
Survey findings are based on 1,077 responses from the US, the UK, Germany, the Netherlands, Spain, China, Japan, Australia, and Singapore.
The borderless enterprise is here to stay
More than 90% of decision-makers consider digital transformation and cloud-managed services a priority. The percentage of companies with a majority of employees working remotely more than tripled from 21% before the shutdown to 70% after. 40% of companies, twice the pre-COVID-19 rate, are permanently keeping a majority of workers remote.
Optimizing remote work
Organizations are still building out their IT infrastructure and security controls to optimize remote work. Organizations say distributing sanctioned devices (35%), building network infrastructure (35%), and securing the network (29%) are top IT challenges when transitioning to remote work.
The top security concerns
Threat mitigation and network visibility remain the top security concerns for the remote work environment. 68% say better threat detection and or mitigation technologies would enable more remote work for their organizations.
Specifically, respondents are looking for better visibility into devices on the corporate network (65%), cloud applications workers are using (61%), and compromised devices (46%).
Security incidents are rising
Half of the surveyed businesses are seeing more cyber-attacks—with the biggest jumps in China and Australia—while just a quarter are seeing fewer.
COVID-19 impact: Fostering collaboration
Companies are reversing policies to allow the use of personal applications to foster collaboration. 63% of companies are allowing workers to connect with each other using applications like WhatsApp, Zoom, and Houseparty.
Companies are using cloud security tools, particularly from the DDI family (DNS, DHCP, IP Address Management), to secure the borderless enterprise. 59% of companies plan on making additional investments in DNS to secure their expanded networks.
“When the COVID-19 shutdown started, organizations rushed to enable remote work overnight,” said Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox. “Their top priority was making sure workers could connect to enterprise applications from their homes—sometimes through unsecured personal devices.”
As companies shift to remote work and move business operations online because of the spread of COVID-19, they are increasingly relying on cloud services.
Unexpected expenses and cloud migration
In fact, cloud spending hit a record $34.6 billion in the second quarter, representing a 30% bump year-over-year and 11% increase from the previous quarter. Further, nearly a third of IT budgets will be dedicated to cloud services by next year.
Tangoe advised companies about the risk of unexpected cloud migration expenses, while at the same time employees are also buying more self-service infrastructure to support working from home.
“Given the cost pressures many companies find themselves under because of the current economic environment, it is critical they employ a strategy for cloud investment that provides the best service to their organizations, while optimizing both their cloud infrastructure and corresponding spend,” said Brandon Henning, Chief Product Officer at Tangoe.
To maximize cloud investment and improve overall efficiency, companies are advised to take a few important steps now.
Achieve clear visibility into usage
An understanding of how the workforce is leveraging cloud technology plays a critical role in assessing the true ROI of these initiatives. This includes analyzing how usage has changed over time to better predict where increased or, in some cases, decreased, investment is needed.
Visibility goes beyond the IT department and extends into other parts of the business, such as finance, to ensure teams are aligned on how cloud spending benefits the business overall.
Reevaluate cloud infrastructure to optimize spend
Understanding the infrastructure purchased and how it aligns to what is required to support the business is critical for optimizing spend and cloud contracts.
Organizations may be able to shift from one vendor to another, or turn-up/turn-down reserve instances to better optimize infrastructure, spend and contracts. This requires having the right tools in place to provide the necessary visibility for making these assessments.
Establish proper tools for cloud environment maintenance for future investments
The modern enterprise will continue to shift to the cloud, so infrastructure requirements will only grow – and so will the associated costs of both infrastructure IT and unauthorized shadow IT purchases.
It is critical to ensure proper monitoring tools and processes are in place for keeping cloud costs under control. By proactively identifying areas in which spending can be better controlled, organizations are able to improve efficiency and adjust budget allocations to support future investments.
“There’s no arguing that cloud is driving the way businesses operate today. The ability to expand and manage these environments will be the key differentiator in successfully future-proofing business models and avoiding potential disruptions,” Henning said.
38 percent of businesses have scaled infrastructure to meet new levels of demand during the lockdown period (March-June), highlighting how the pandemic has accelerated businesses’ digital transformation plans, according to Aptum.
The findings also demonstrate that organizations that adopted cloud technologies prior to the pandemic have been best positioned to deal with the unprecedented crisis, as they have been able to meet demand and deliver critical services to their customers (48 percent).
The study surveyed 400 senior IT professionals in the US, Canada and UK across industries in financial services, IT, technology, telecommunications, manufacturing, retail, public and commercial sectors. Additional results revealed business leaders are confident in their company’s business continuity during COVID-19 due to managed cloud services.
- 38 percent of respondents have scaled infrastructure to new levels of demand, in order to control costs.
- 48 percent of businesses have adopted cloud solutions to provide end-customers with critical services.
- 76 percent of organizations are utilizing cloud services including Microsoft Office 365 to facilitate remote working, in response to COVID-19.
- 92 percent of business leaders are confident in their company’s business continuity throughout the COVID-19 crisis.
“Managed cloud services provide business leaders with the confidence to maintain and adapt their business strategies. The pandemic could easily bring business processes and productivity to a stop. Yet, this study shows how cloud services have been used to adapt and respond to the unprecedented challenges of COVID-19, in addition to many cases of continuing to function,” said Susan Bowen, CEO and President at Aptum. “The cloud is critical to long-term sustainability and profitability, and the rewards have quickly become apparent.”
Craig Tavares, Global Head of Cloud at Aptum added: “The majority of companies did not initially envisage a global pandemic as a use case for managed cloud services. We’ve seen many organizations, including some of our customers, realise the potential of cloud to rapidly scale and also deploy new services, particularly in terms of remote working.
“As we navigate the economic effects of COVID-19, now is the time for businesses to ensure any response measures that were put in place quickly are now robust and enterprise-grade. This will allow organizations to continue to accommodate long periods of remote working and distributed workforces.”
The results call for non-cloud enabled organizations to consider adopting appropriate cloud technologies post-COVID-19, in order to drive business resilience.
The global data center networking market is projected to reach $40.9 billion by 2025 and projected to register 11.0% CAGR over the forecast period, from 2019 to 2025 according to Million Insights.
The growing huge amount of unstructured data across several industries is expected to drive the market growth. In addition, rising adoption of cloud computing and the introduction of advanced data center operating models are also anticipated to boost the market growth over the forecast period.
This data center networking helps the organization to consolidate and organize the information at a single platform before exposing to cross-channel processes and systems. It also allows the organization to connect with its customers operating in different industries.
Factors such as operational cost reduction, improvement in the integration of server, and optimum performance are augmenting the growth of this market. Most of the organizations are focusing on the state of the art infrastructure to resolve the concern and fulfill the customers’ expectations efficiently.
Channelizing information to enhance daily operations
The collected information is stored, analyzed, and managed on share platforms by using diverse networking solutions which enables the service provider to update their business model and helps to boost up their revenue. This has resulted in the requirement for channelizing information to enhance daily operations, thus anticipated to fuel the demand for data center networking over the next few years.
The data center networking market is projected to witness considerable growth due to the rising incidence of cyber-attacks, increasing adoption of the cloud-based platform, and increasing demand for real-time information. This solution helps the organization to access information on-demand and allows them to augment sale of their products and services.
Data center networking is also considered as a proficient mode of disaster recovery, as it allows operational recovery and restores function along with access to the clone database.
Further key findings
- Rising adoption of cloud computing and digitalization in several regions, especially in food & beverage, automobile and pharmaceuticals is expected to drive the market growth over the forecast period.
- In 2018, the storage area network (SAN) solution held the largest market share and expected to grow with significant growth in the next few years due to increasing adoption of various combination of computation mechanisms.
- The BFSI sector is anticipated to register fastest CAGR from 2019 to2025, as BFSI, IT & telecom are concentrating on adopting advanced technologies to maintain their complex infrastructure assets.
- Asia Pacific is projected to grow with the fastest CAGR of more than 14.0% during the forecast period due to increasing adoption of data centre networking solution in South Asian countries.
- Cisco Systems, Alcatel-Lucent, Dell, Equinix, Hitachi Data Systems Corporation, HP Development Company Vmware, and IBM are the key players operating in this market.
- Market players are implementing several strategies such as product expansion, merger & acquisition to sustain in the competitive market.
In the wake of COVID-19, enabling remote work has required IT teams to rapidly lean into cloud technologies to keep their businesses operating smoothly. A survey suggests that cloud usage continues to rise, and what was a sudden shift will become a permanent strategy for most organizations.
Despite many countries planning for a return to physical offices and workspaces, 60% of IT leaders are continuing to increase their overall cloud usage and 91% are changing their cloud strategy as a result of the current economic climate.
The study, conducted by Snow Software surveyed 250 IT leaders around the world to find out how cloud usage and investment decisions have evolved during the crisis.
Cloud usage continues to increase
Overall, 82% of those surveyed said they have increased their cloud usage over the past several weeks in response to the pandemic. 60% said their cloud usage continues to increase, indicating that cloud consumption patterns are still in flux even after the initial surge in remote work.
Additionally, 66% reported that they will continue to use the cloud services and applications they implemented during the crisis once employees return to the workplace. Surprisingly, only 22% reported they saw an initial increase in cloud usage but that it had leveled off.
While Zoom and Teams dominated the headlines, cloud infrastructure was actually the biggest driver of this increase. When asked about how their company’s use of cloud services and applications changed in response to the current crisis, 76% said they have increased their use of cloud platforms such as AWS, Microsoft Azure and even private cloud.
55% noted an increase in collaboration tools like Slack, Teams or Google Chat, while 52% of those surveyed indicated an increase in cloud-based video conferencing software like Zoom, Cisco WebEx or GoToMeeting.
While many companies may have already relied on these productivity services ahead of the crisis, the surge in cloud infrastructure represents a more fundamental shift in how organizations operate.
A change in enterprise cloud strategy
Overall, these trends hint at a larger change in enterprise cloud strategy. As IT leaders face the concurrent challenges of continuing to support remote work, enabling a return to the workplace and tightening budgets, 91% said they are altering their cloud strategy.
Twice as many say they are accelerating cloud migration (45%) and digital transformation (41%) versus putting those initiatives on hold (22% and 21% respectively).
However, while usage and investment in cloud technologies continue to increase, a third of respondents indicated that they are getting creative with their budget – 32% of respondents are asking their cloud vendors for extended payment terms and 31% are renegotiating their cloud contracts. Around 10% of respondents indicated that they would not be able to pay their cloud bills this month.
“The COVID-19 pandemic has turned cloud into an essential service for many organizations while also highlighting the complexities of managing cloud cost and usage,” said Jay Litkey, EVP of Cloud Management at Snow Software.
“This survey confirms what we are hearing from our customers – that while many CIOs are being asked to trim costs, there will be continued investment in technology that presents the opportunity for long-term growth and stability.
“To weather the storm, IT leaders must take a comprehensive approach to managing cloud, uncovering opportunities to streamline costs while continuing to provide the infrastructure needed to support their workforce and drive innovation.”
Additional key findings
- 82% of IT leaders surveyed said they have noticed positive changes in employees’ attitudes towards IT since the pandemic started.
- 47% of respondents said they will feel comfortable returning to a physical office once their company outlines a clear plan that ensures the safety of employees. However, 43% would like their company to offer work from home options even after reopening.
- When asked about which applications – beyond core IT software – that have been lifesavers, respondents said video conferencing apps like Zoom, Cisco WebEx and GoToMeeting (73%) and communication apps like Slack, Teams and Google Chat (65%).
The endpoint security market is expected to grow at a CAGR of 5.9% from 2020 to reach $18.6 billion by 2027, according to Meticulous Research.
Various factors such as growing e-commerce industry, increasing number of IoT devices, emergence of disruptive digital technologies across the industry verticals, and increasing demand for endpoint security are expected to boost the demand for endpoint security solutions and services across the globe.
However, endpoint security is not considered as comprehensive security measure especially by small and medium scale enterprises. This might restrain the market growth to a certain extent.
Also, some misconceptions and lack of knowledge about endpoint security solution is also posing some serious challenge to the proliferation of endpoint security solutions especially in developing nations.
Endpoint security serves a critical step in securing endpoint devices such as desktops, laptops, and mobile devices among others, that act as point of access to any structured network. Such endpoints can be vulnerable to malicious attacks.
Endpoint security has gained a greater importance over the years and has become a common part of individuals’ life those are associated with a computer or smartphone and smart devices.
Benefits of endpoint security technologies
Endpoint security technologies are packed with several benefits such as protection for vulnerable services; provide network security for internet, cloud security, and enhanced data privacy & policy enforcement. Endpoint security against online threats holds a greater significance in today’s digital changing landscape.
Increasing adoption of cloud computing, and IoT among others have changed the scenario of modern-day business needs by promoting maximum agility to achieve competitiveness. Due to this, the overall concerns associated with cyber-attacks, data breaches, and data thefts among others have also increased significantly in past few years.
Hence, endpoint security emerged as quintessential tool for organizations to minimize the problems associated with data security. In order to protect endpoint devices and information from security breaches and cyber -attacks, the implementation of endpoint security solutions is increasing across various business verticals, which is ultimately driving the growth of endpoint security.
The global endpoint security market is segmented
In 2020, the endpoint security solutions market segment is estimated to dominate the overall endpoint security market. The growing adoption of advanced technologies, such as IoT solutions, endpoint devices, and AI/ML solutions are driving the need for endpoint security solutions, in turn supporting the market growth.
Considering the rapid deployment of variety of connected devices across different business sectors, the demand for endpoint security solutions is expected grow to over the coming years as well, thereby registering the fastest growth in the endpoint security solutions segment throughout the forecast period.
Based on deployment type, the overall endpoint security market is mainly segmented into on-premises deployments and cloud deployments. On-premise solutions commanded a majority share of the endpoint security market, mainly due to greater control over security infrastructure offered by such solutions.
However, with growing deployments, particularly in small and medium scale industries, the cloud deployments market is expected grow at the fastest CAGR during the forecast period of 2020 to 2027. The benefits of flexibility, agility, and scalability offered by cloud-based security solutions is one of the key factors driving the growth in this market segment.
On the basis of industry size, the overall endpoint security market is segmented into small & medium size enterprises and large enterprises. The large enterprises segment is estimated to command the largest share of the overall endpoint security market in 2020.
However, with increasing deployment of IoT-enabled solutions, the small and medium scale enterprises segment is expected to grow at the fastest CAGR throughout the forecast period.
Based on the enforcement point, endpoint security is segmented into mobile devices, workstation, server, point of sale terminals, and others. The mobile devices segment is estimated to command the largest share of the overall endpoint security market in 2020.
European organizations have a false sense of security when it comes to protecting themselves, with only 68% seeing themselves as vulnerable, down from 86% in 2018, according to Thales.
Problems with implementing security basics
This confidence flies in the face of the findings of the survey of 509 European executives which reveals 52% of organizations were breached or failed a compliance audit in 2019, raising concerns as to why 20% intend to reduce data security spend in the next year.
The findings come as workers across Europe are working from home due to COVID-19, often using personal devices which don’t have the built-in security office systems do, significantly increasing risk to sensitive data.
Across the board, companies are racing to digitally transform and move more applications and data to the cloud; 37% of European countries stated they are aggressively disrupting the markets they participate in or embedding digital capabilities to enable greater enterprise agility.
A key aspect of this transformation is in the cloud becoming the leading data environment. 46% of all data stored by European organizations is now stored in the cloud, and with 43% of that data in the cloud being described as sensitive, it is essential that it is kept safe.
As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that 100% of businesses surveyed report that at least some of the sensitive data they are storing in the cloud is not encrypted.
Only 54% of sensitive data in the cloud is protected by encryption and even less (44%) is protected by tokenisation, highlighting the disconnect between the level of investment companies are making into cybersecurity and the increasing threats they face.
Multi-cloud adoption complicates data security
Despite the multitude of threats, businesses feel that the complexity (40%) of their environments is holding their data security capabilities back.
Multi-cloud adoption is the main driver of this complexity; 80% of businesses are using more than one IaaS (Infrastructure as a Service) vendor, whilst 29% have more than 50 SaaS (Software as a Service) applications to manage.
Businesses also identified a lack of budget (30%), staff to manage (28%) and organization buy-in/low priority (25%) as other top blockers.
“Businesses are continuing to race towards digital transformation and many are increasingly reliant on complex cloud environments, without taking a zero-trust approach. Data is more at risk than ever, whilst organizations are unwittingly creating the perfect storm for hackers by not implementing the security basics,” commented Rob Elliss, EMEA Vice President for Data Security solutions at Thales.
“Unfortunately, this will result in increasing problems, particularly in a world where working remotely will be part of the new-normal, unless companies can step up to the plate when it comes to keeping data safe.”
Quantum(fying) the problem
Whilst organizations continue to look at the threat of today, many are starting to turn their attention to peril that the acceleration of computing power, quantum, could bring to them. In fact, 93% respondents are concerned quantum computing will lead to exploits being created that could expose the sensitive data they hold.
What’s more, 69% European organizations expect quantum to affect their cryptographic operations in the next five years.
As a result, most organizations are reacting, with 31% planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography. Furthermore, a similar amount (30%) plans to implement key management that supports quantum safe random number generator.
“It is clear that businesses are aware of evolving threats they face and it’s reassuring to see them acknowledging some of the key steps they need to take – including moving away from static encryption and implementing quantum-proof key management.
“It’s critical, though, that organizations don’t just look at threats years away, but invest in their cybersecurity processes now and see it as an integral part of their digital transformation,” Elliss concluded.
The situation only slightly improves looking ahead to 2021, with 84% expecting a continued impact. And 74% of respondents expect a second wave of COVID-19 impact, with 51% planning to move more applications to the cloud to prepare for it.
Cloud adoption accelerating for some, slowing for others
The impact on businesses’ cloud adoption plans – with 40% currently accelerating their move to the cloud – has led to increases across a range of related decisions as companies prepare for future COVID-related shutdowns. When asked to select all that apply, the top choices on this topic were:
- 51% are planning to move more applications to the cloud
- 39% expect to be 100% in the cloud
- 32% are starting a move to the cloud
On the flip side, 24% of all respondents said they are slowing down their move to the cloud because of COVID-19’s impact. The U.S. indicated the highest percentage of slowing (36%), while the U.K. had the lowest (12%).
Specific to cloud databases, when asked what would prevent them from going “all-in” (choosing all that apply), the results showed:
- Security: 73%
- Price: 46%
- Compatibility: 45%
- Scalability: 35%
- Migration: 33%
- Lack of multi-cloud offering: 21%
With 74% of respondents expecting new challenges because of a second wave of the pandemic, technologists are implementing a variety of technology changes to prepare for future shutdowns.
- The two strategies being implemented most are (choosing all that apply): Set up remote access for all employees (57%) and move more applications to the cloud (51%).
- 46% of respondents are implementing “forever” work-from-home (WFH) strategies.
- European respondents favor implementing remote access setups and permanent WFH strategies as the top two priorities to combat the fallout from the pandemic.
- U.S. respondents agree on the top priority of favoring remote access setups, but differ on the second priority, indicating that moving applications to the cloud was #2.
In-person technology events – see you next year
One of the early consequences of the COVID-19 pandemic was the cancellation of in-person corporate and technology events. While an overwhelming number of respondents miss these in-person events, 70% said the earliest they would consider attending an in-person technology event would be in 2021.
- 73% of respondents indicated missing corporate and technology events “very much” or “extremely.”
- 26% of respondents would consider attending an in-person technology event this year (2020), while 70% indicated the earliest they would attend would be in 2021.
- U.S. respondents were more evenly split compared to Europeans. In the U.S., 41% said they would consider an in-person event this year while 58% said next year would be the earliest.
- 95% of respondents will change their ongoing technology event behavior as a result of COVID-19, with 25% saying they will only attend online events, 69% attending more online events, and 1% not attending any events at all.
At a high level—and contrary to conventional wisdom – not all IT budgets are being cut. Even with the economic challenges that COVID-19 has posed for businesses, almost 38 percent of enterprises are keeping their IT budgets unchanged (flat) or actually increasing them.
Yellowbrick Data received responses from more than 1,000 enterprise IT managers and executives, uncovering their infrastructure priorities during this era of economic uncertainty and disruption.
“The survey brought to light some trends that we have been noticing recently related to the speed at which companies are moving to the cloud and investing in analytics. In fact, more than half of enterprises are accelerating their move to the cloud in light of COVID-19 challenges to their businesses,” said Jeff Spicer, CMO for Yellowbrick Data.
“But what really stands out is that nearly 55 percent of enterprises are looking at a hybrid cloud strategy with a combination of cloud and on-premises solutions. That clearly shows that a cloud-alone strategy is not what most enterprises are looking for—and validates what our customers are telling us about their own best practices combining cloud and on-prem approaches to their biggest data infrastructure challenges.”
For huge margins of enterprise IT leaders, investments in data infrastructure and analytics are a top priority:
- Data warehouse modernization is important for almost 90 percent of enterprises this year. For 55 percent it is very important, and for an additional 35 percent it is somewhat important.
- Getting more business value from their data lake is important for more than 95 percent of enterprises, with 61 percent saying it is very important and an additional 35 percent saying it is somewhat important.
- For almost two-thirds of respondents, investments in analytical infrastructure are important, with 27 percent investing a lot more and an additional 37 percent investing somewhat more.
Answering the “why” behind IT investments
These are the top four reasons IT decision-makers cite for investing in a new data warehouse or data analytics tool:
- 73 percent of respondents want better performance
- 54 percent want a solution that is easier to use
- 52 percent want a solution that is less expensive
- 48 percent say new enterprise applications require new solutions
Many firms are modernizing by adding cloud services, with 55 percent of enterprises looking at a hybrid cloud strategy as their best approach.
Enterprises see a variety of benefits with hybrid cloud. Answers that gained a more than 50 percent response included:
- 56 percent want more control over what is where—for example, the ability to customize the private end of their hybrid cloud model to their specific needs and adjust them accordingly as they see fit
- 54 percent say their IT staff can better optimize the network
- 52 percent say their companies can get the security of a private cloud with the power and services of the public cloud
- 51 percent say they can scale faster without compromising sensitive data
Top IT spending priorities diverse among businesses
When asked to identify their #1 business priority (single choice only) from their cloud investment, decision-makers gave numerous responses, with two consensus points emerging:
- Cost savings took up two of the top three spots and accounted for 39 percent of the total: 23 percent cited cost savings in infrastructure (hardware or software) and 16 percent cited cost saving to IT staff
- Business flexibility was the second biggest priority overall, coming in at 18 percent
- With the exception of “greater compute speed” (10 percent), no other choice received higher than a single-digit percentage
Public clouds: Mostly trusted, definitely diversify
Despite enterprises embracing the cloud, some skepticism remains. 27 percent of enterprise leaders say they do not trust public cloud providers to prioritize their business needs.
With the above statistic in mind, it is not surprising that risk mitigation remains a critical consideration, with 82 percent of respondents saying they want hybrid or multi-cloud options to spread any risk from their cloud investments, along with an additional 67 percent saying there are some parts of their business they will not trust to any single cloud vendor.
Businesses are are adapting IT strategies, reprioritizing cloud adoption and automated database monitoring due to the effects of a global lockdown, remote working and a focus on business continuity, according to Redgate.
The report, which surveyed nearly 1,000 respondents in April 2020, reveals that while performance monitoring and backups remain the most common responsibilities for database professionals, managing security and user permissions have leapt to third and fourth place, respectively.
However, there seems to be a learning curve. As database professionals adopt these new roles, respondents say that staffing and recruitment is the second biggest challenge in managing estates.
Additionally, the two biggest causes of problems with database management come from human error (23%) and ad hoc user access (18%), which could be a result of increased remote working as tasks become more widely distributed.
Increase in the use of cloud-based platforms
In support of remote teams, respondents reported a rapid increase in the use of cloud-based platforms, particularly Microsoft Azure, which is up 15 percentage points in the last year.
With many businesses like Twitter announcing that remote working will become business-as-usual in the future, the report highlights why effective, reliable monitoring of database estates is critical to business longevity.
Perhaps as a consequence, only 18% of respondents continue to monitor their estates manually, and for those who are managing 50 instances or more, the number using a monitoring tool rises to 90%.
Cloud migration and monitoring are the biggest challenges
Microsoft Azure remains the most used cloud platform, with 20% of respondents using it frequently, and a further 34% using it occasionally, but migrating to the cloud can be difficult, and doing so with a distributed team doesn’t make things easier.
Estates are growing
Organizations with fewer than 100 instances have dropped for a second year, those with over 100 instances have grown – and estates with over 1,000 instances grew by nine percentage points.
Monitoring is key to Database DevOps success
Satisfaction with monitoring tools is at an all-time high
68% of respondents say they are happy with their third-party monitoring tools, up seven percentage points on 2019, which may reflect the increased reliance on using such tools to monitor estates remotely.
SQL Server remains the most popular database platform
SQL Server is used by 81% of respondents, followed by MySQL at 33%, Oracle at 29%, and PostgreSQL at 21% (multiple platforms are often in use and respondents could choose more than one platform).
As Grant Fritchey, author and co-author of several books on SQL Server and a DevOps Advocate for Redgate, comments: “While our research focused on the need for database monitoring, the issues it uncovered are practically universal given the current business environment.
“For example, we know that recruitment may be challenging for many, and there is a renewed desire to adopt technologies like the cloud, while still improving performance. And with the uncertainty ahead, we could see lasting changes for years to come.”
Agile adoption improves key capabilities needed to respond to current business challenges, especially those resulting from the pandemic, according to Digital.ai. With 60 percent of survey respondents saying Agile has helped increase speed to market, 41 percent agreeing they are better able to manage distributed teams, and 58 percent saying they have improved team productivity it is clear these practices are invaluable during these challenging times. “Our all-in move to the cloud in recent years … More
The post Agile security helps software teams deliver quicker and better software appeared first on Help Net Security.
The McAfee report uncovers a correlation between the increased use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, along with an increase in cyber attacks targeting the cloud.
There are significant and potentially long-lasting trends that include an increase in the use of cloud services, access from unmanaged devices and the rise of cloud-native threats. These trends emphasize the need for new security delivery models in the distributed work-from-home environment of today–and likely the future.
In the time surveyed, overall enterprise adoption of cloud services spiked by 50 percent, including industries such as manufacturing and financial services that typically rely on legacy on-premises applications, networking and security more than others.
Use of cloud collaboration tools increased by up to 600 percent, with the education sector seeing the most growth as more students are required to adopt distance learning practices.
Surging external attacks on cloud accounts
Threat events from external actors increased by 630 percent over the same period. Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials.
Insider threats remained the same, indicating that working from home has not negatively influenced employee loyalty. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security professionals working to keep their data secure in the cloud.
“While we are seeing a tremendous amount of courage and global goodwill to overcome the pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” said Rajiv Gupta, Senior VP, Cloud Security, McAfee.
“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior. Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices.
“Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization.”
How to maintain strong security posture
With cloud-native threats increasing in step with cloud adoption, all industries need to evaluate their security posture to protect against account takeover and data exfiltration. Companies need to safeguard against threat actors attempting to exploit weaknesses in their cloud deployments.
Tips to maintain strong security posture include:
- Think cloud-first: A cloud-centric security mindset can support the increase in cloud use and combat cloud-native threats. Enterprises need to shift their focus to data in the cloud and to cloud-native security services so they can maintain full visibility and control with a remote, distributed workforce.
- Consider your network: Remote work reduces the ability for hub and spoke networking to work effectively with scale. Network controls should be cloud-delivered and should connect remote users directly to the cloud services they need.
- Consolidate and reduce complexity: Cloud-delivered network security and cloud-native data security should smoothly interoperate, ideally be consolidated to reduce complexity and total cost of ownership and increase security effectiveness and responsiveness.