A recent survey of enterprise CIOs and CTOs explores the challenges that organizations face in modernizing their IT infrastructure—specifically in regard to the cloud as a predominant enabler. Specifically, Business leaders are increasingly migrating workloads and redirecting a greater share of their infrastructure spending to the cloud, which poses new challenges to CIOs and CTOs. The companies surveyed currently have around 50% of all workloads running on public- and private-cloud platforms. But survey findings show that business leaders believe that they cannot capture agility benefits by simply shifting applications to cloud platforms.
Many companies now need to live within a dynamic multi-cloud environment. Companies deploying applications and other resources into the cloud, and the technology providers that help them with infrastructure, management, and security, must consider this new reality as a baseline condition and build products and services with bi-directional movement and co-existence in mind.
To truly take advantage of the best of the cloud, organizations need to make sure the tools and technologies they use offer consistent capabilities, the ability to automate operations, and good visibility across environments. This means that they should operate across a variety of public cloud environments, as well as in private clouds and on-premises physical networks. While moving applications and DevOps services between cloud environments can be seamless and straightforward, security can be more of a challenge.
The first challenge is identifying who owns security in the event of a malicious cyber incident. While performance is likely to improve over time as practices building applications in the cloud improve and organizations better establish expectations, security is a more vexing problem because many companies do not have a good handle on who is responsible for what.
While security responsibilities can be generally divided between the underlying cloud infrastructure (which needs to be secured by the cloud provider) and the software, data, and applications running on top of that infrastructure (which are the responsibility of the consumer), those divisions are not always so neatly divided.
The other challenge is that security tools, functions, policies, and protocols do not operate similarly between different public cloud platforms, private clouds, and physical infrastructures. While moving an application or service from one environment to the next may be straightforward, many security solutions require a significant amount of IT resources to redeploy and validate a security solution, especially when workflows, applications, and data need to be inspected and secured as they flow between different environments.
Finally, when it comes to DevOps, organizations require security that goes beyond the native, built-in tools within each cloud environment. Rather, organizations need a security architecture that is integrated and allows for transparent visibility and centralized policy controls across each DevOps environment—irrespective of the cloud provider. It is also critical for container security to be automated, removing manual workflows and responsibilities from the DevOps team that can lead to misconfigurations that increase risk.