A global survey of 256 IT and security professionals conducted by the Cloud Security Alliance (CSA) finds just shy of two-thirds of respondents (61 percent) are employing some form of hybrid cloud computing.
Well over a third of respondents (36 percent) said they are using hybrid cloud computing while another 25 percent said they are using a combination of hybrid and multi-cloud. According to the survey, the less common groups included models such as public-cloud only (18 percent), private cloud-only (9 percent), and multi-cloud only (9 percent).
Modern cloud environments are becoming more complex
The top reasons for using multiple clouds are best-of-breed features found in different clouds (29 percent) and avoiding vendor lock-in (21 percent). However, over a quarter (26 percent) said their top concern is the availability of skills and experience on their staff, including understanding the architectural differences (22 percent), gaining comprehensive governance (20 percent), and understanding differences in security controls among the cloud platforms (18 percent).
Those concerns suggest even after more than a decade of cloud computing, upwards of a quarter of organizations still need to look outside their company for cloud computing expertise. In fact, with the rise of cloud applications based on microservices that are constructed using container platforms and serverless computing frameworks, hybrid cloud computing is about to become even more complex.
Only a handful of organizations are going to be able to effectively manage these modern cloud-native applications. The challenge will be managing these alongside legacy monolithic cloud applications without relying on help from an external IT services provider or consulting organization.
Security considerations drive private cloud usage
The survey also finds “crown jewel” applications (33 percent) and sensitive data (35 percent) account for the workloads primarily hosted in private cloud environments. The primary reasons for using private clouds were regulatory requirements (39 percent) and data location (18 percent). In contrast, development (41 percent), disaster recovery (34 percent), and non-essential (47 percent) workloads are most commonly hosted in the public cloud. The concerns organizations have with cloud computing include loss of sensitive data (64 percent), improper configuration and security settings (51 percent), and unauthorized access (51 percent).
In terms of cloud security, the survey also finds the most common methods for managing identity include single sign-on and federation (81 percent), legacy solutions (60 percent), centrally managed identities (56 percent), adaptive access management (23 percent), privacy enabling data subject rights management (23 percent), and dynamic user recertification (19 percent).
About half (45 percent) of organizations surveyed are planning and designing a zero-trust strategy. Over a quarter (28 percent) reported having some architectural designs implemented but only 6 percent said they have fully implemented zero trust. Nearly a quarter (22 percent) said their organization has no plans regarding zero trust.
The most common levels of scanning reported were compliance to regulations (63 percent), identity/access control accounts and privileges (61 percent), IaaS configuration (56 percent), third-party application configuration (48 percent) and container environments (46 percent).
IT security budgets revolve around tools, services and staffing
The largest portions of organizations’ IT security budgets are dedicated to tools and services (39 percent) and staffing (32 percent), the survey notes. The main types of training organizations are pursuing are industry training and certifications (55 percent), self-training (54 percent), and product-specific training from vendors (53 percent).
Overall, cloud computing has been extremely beneficial for most MSPs. As that shift continues to evolve in the future, it’s clear that gift is going to keep on giving for many more years to come.
Photo: Africa Studio / Shutterstock