Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!
Here are the blogs we’ve posted this week:
- Cloud Security Essentials: Build Security into Your Development Process
- Introducing Our Guide to Azure Cost Optimization
With that, onto this week’s news:
Three Things Holding Back Cloud Security
Ami Luttak, Security Boulevard, May 27, 2021
“A recent PwC report found that a staggering 96% of executives are shifting their cybersecurity strategies due to COVID-19. While the majority of these changes are likely long overdue, the transition to the cloud isn’t a simple “lift and shift” of servers from on-premises to the cloud, but rather a complete re-architecting of how applications are built, shipped and secured.
Lack of talent in cybersecurity is a known issue, with 70% of cybersecurity professionals saying the cybersecurity skills gap affected their organization in 2020. However, what is less talked about is how the shift to cloud technologies is contributing to that gap by generating new challenges for existing security teams who aren’t typically used to working with the cloud.”
Data Control: The Key to Success in a Multicloud Future
Teresa Meek, CIO, May 26, 2021
“All this has been amplified by remote work technology adding heavy loads from rich-media videoconferencing. According to IDC, the amount of data created over the next three years will exceed the amount created in the past 30, reaching 175 zettabytes by 2025.
Difficulties are compounded by a lack of common architecture, with data stored in different formats across the company and in multiple public clouds. In addition to creating management headaches, raising costs, and introducing potential security gaps, data silos are a stumbling block to collaboration at a time when remote work and global outsourcing make it a necessity. Organizations that don’t find better ways of managing their data will soon find themselves falling behind those that do.”
The business benefits of using an open-source cloud
Danie Thom, Tech Central, May 31, 2021
“By now, we’re realising that using a single cloud vendor can lead to limitations and that a flexible, multi-vendor strategy is better for innovation. Although using a variety of cloud environments gives businesses the ability to adapt to changing business requirements, it also requires integration. Open source gives organisations an answer to this: It offers unmatched flexibility while also cutting the costs of software acquisition.
The public cloud is the best way for organisations to access IT resources that can easily be increased or decreased as needed, offering flexibility, scalability and cost savings (if used correctly). Internal private clouds, with their on-premises servers, give companies some of the benefits of the cloud with added security and without having to sacrifice control of their environment.”
Why a cloud operating model matters
Aaron Tan, Computer Weekly, June 1, 2021
“As much as cloud adoption is about embracing cloud-based infrastructure and applications, organisations that do not change the way they work will not be able to reap the full benefits of the technology.
Take financial processes, for example. With cloud services being consumed under an operating expenditure model, traditional budgeting methods would have to evolve to keep cloud costs in check.”
We’re here to help you anywhere on your hybrid and multi-cloud journey. Request a demo today.
Late in 2020 we introduced our guide to Amazon Web Services (AWS) cost optimization, a living document written by our subject matter experts exploring the ins and outs of the complex world of AWS costs. We encourage you to check it out and let us know what you think, and if there’s anything new we should cover as part of the guide.
Now, in our continuing push to continue educating interested parties on the subject of cloud cost optimization, we’re thrilled to announce that we’ve recent published the first iteration of our Microsoft Azure Cost Optimization Guide.
Our goal with this guide is the same as our AWS guide: with the Azure guide, we aim to help the broader community by simplifying complex cloud concepts that underpin cloud optimization decisions. This guide is written for cloud administrators, technical executives, and FinOps managers responsible for overseeing cloud platform efficiency.
Each topic in this guide offers an in-depth understanding of the key concepts, best practices, and presents tips we’ve learned that help administrators optimize their cloud spending.
Enjoy our six inaugural articles while we work to create more content for you in the coming weeks. Want to learn something specific? Feel free to write to us at marketing@cloudbolt.io.
These are the initial six articles:
Get your Azure cost optimization practices on track. See how CloudBolt Cloud Cost Management can help.
Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!
Here are the blogs we’ve posted this week:
- Cloud Security Essentials: Nail Down Access Management or Risk Getting Hammered
- What are the 7 Critical Capabilities for Cloud Management Tooling?
With that, onto this week’s news:
Protecting the Hybrid Cloud With Zero-Trust
Sue Poremba, Security Boulevard, May 25, 2021
“There are a lot of security issues in the cloud, and the hybrid cloud must address the security concerns facing both the private cloud and public cloud. New services and new applications are introduced with increasing frequency, and these new capabilities offer threat actors new routes of attack, Malik explained. The problem is, security teams continue to default to traditional approaches, and that ends up leaving the hybrid cloud’s attack surface more vulnerable. The hybrid cloud needs to be able to identify users in real time. Because employees’ jobs evolve over the course of their career, their online permissions will change.
However, that change doesn’t come at once. Sometimes, the employee will need to keep an access permission just for the transition from one job to another; in other cases, it should be shut down immediately. There will be permissions that depend on completed training. Whatever the situation, identity management is a complex task, especially across the multiple platforms of the hybrid cloud. Deploying zero-trust makes it easier to determine access and authorizations.”
Denodo: More Than One-Third of Businesses Use Hybrid Cloud
Daniel Hein, Solutions Review, May 24, 2021
“According to a report recently released by Denodo, more than one-third of businesses are using a hybrid cloud deployment. This information comes from the Denodo Global Cloud Survey 2021 report, based on a survey of 150 organizations in the North America, EMEA, and APAC regions. The survey showed how cloud adoption continues to climb as companies move advanced workloads into the cloud.
Around 80 percent of the companies surveyed for this report answered that they already had some type of workload running in the cloud. In terms of cloud usage, the number of businesses that are either planning their cloud strategy or have move one or multiple workloads onto the cloud has trended downward since 2020. Conversely, more companies stated that their cloud stage is ‘Advanced’ (e.g. heavily used by their business) has risen, indicating how essential the cloud has become for enterprises.”
Cloud democracy – cloud-based apps in a post-pandemic world
Dashveenjit Kaur, TechHQ, May 20, 2021
“The particular technology that powered most business responses was the cloud. In fact, a recent IDG Cloud Computing Survey suggests that with 81% of organizations already using cloud computing or having applications in the cloud, the age of the cloud is well and truly arrived. Last year’s growth was proof, where the cloud services market expenditure for full-year 2020 grew to US$142 billion, up 33% from US$107 billion in 2019.
Experts reckon that businesses need to reframe the conversations around the cloud from traditional monolithic enterprise resource planning (ERP) to a more democratized cloud environment where cloud apps can help organizations be more agile in a post-pandemic world.”
We’re here to help you anywhere on your hybrid and multi-cloud journey. Request a demo today.
Last week, we posted in this space about our vision for where cloud is now, and where it’s going. We view that a new cloud order has been established; that the landscape has shifted so drastically in the last 12-to-18 months that the long-ingrained practices around hybrid and multi-cloud management are no longer valid.
Hybrid cloud management can be a web of complexity that confounds even the most seasoned IT leaders. Many problems in the new cloud order come from being unable to manage the complexity because so many processes are stuck in the old ways.
In order to get to where you want to go with hybrid cloud management, it’s important to define the areas that need to be addressed. Systems must be able to speak to each other to create a harmonious environment. Ideally, you’d want to minimize the overall number of solutions involved in getting to that place.
The 2021 Critical Capabilities for Cloud Management Tooling
Gartner released their April 2021 Market Guide for Cloud Management Tooling. In it, Gartner defines seven specific cloud management function areas critical for vendors to supply in their offerings. In turn, these are areas enterprises for to understand and master through their tooling. They are as follows:
- Provisioning and orchestration
- Cost management and resource optimization
- Monitoring and observability
- Identity, security and compliance
- Service enablement
- Inventory and classification
- Cloud migration, backup and DR
This is a market that continues to expand and modify as enterprises mature in their cloud practices. Gartner states the cloud management tooling market is worth more than $1.2 billion, with an estimated 20% compound annual growth rate (CAGR) through 2023.
Clearly, the enterprise needs cloud management tooling to keep up with evolving requirements for digital business today. And for enterprises to hit their digital transformation goals, having solutions that address these capabilities can’t be overlooked.
It’s with that in mind that we’re honored to announce CloudBolt Software has been recognized as a Representative Vendor in the April 2021 Gartner Market Guide for Cloud Management Tooling. We believe that this is a powerful step forward in our work toward building solutions that address all seven of the cloud management functional capabilities.
Download the April 2021 Gartner Market Guide for Cloud Management Tooling
*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Where are you in your public cloud security optimization journey?
Public cloud adoption is exploding. Gartner forecasts worldwide public cloud end-user spending to grow 18% in 2021 to $304.9 billion. Organizations are taking hybrid and multi-cloud approaches to digitally innovate, modernize processes, build efficiencies, and collaborate among teams. With the right public cloud approach, your development team can get the resources they need fast to move your enterprise forward.
But with any technology, there is risk. Security breaches happen, and the proliferation of public cloud has given rise to shadow IT and other threats to your critical data and infrastructure.
This is the fourth post in a weekly blog series examining each of the seven essentials. This week, we’re taking a look at Essential #4: Nail Down Access Management or Risk Getting Hammered.
Essential #4: Nail Down Access Management or Risk Getting Hammered
Whenever there’s something new in technology, whether it’s new in public cloud or some other area, it’s a common pitfall to sit in awe of how cool it is and forget about the fundamentals of good security posture. One of those fundamentals is about access management. According to the Sophos report, 33% of organizations reported that cybercriminals gained access by stealing cloud provider account credentials. In fact, 91% of users had overprivileged Identity and Access Management roles.
Having a robust access management system can’t be a “nice to have” in the current public cloud climate. Always know exactly who has access to what, with full auditing and logging capabilities in the backend. Ensure your policies around privilege escalation are constantly being reviewed and updated so everyone has least privilege at all times. Use role-based access control to stop bad actors from accessing your sensitive workloads and data. You can further automate this by establishing approval workflows for sensitive/expensive data or resources and making that part of your provisioning process.
It’s time to get your cloud security optimization in gear. Book your demo of CloudBolt’s security optimization solutions now.
When we were formulating the plan for our inaugural CloudBolt Industry Insights report, we wanted to ensure we were capturing where enterprises are today when it comes to hybrid cloud and digital transformation.
We didn’t want to recycle or rehash old ideas or look at things from a lens perhaps more suitable to a year or even six months ago. You know just as well as we do that the landscape shifts in this world much faster than that. We wanted to provide you, the IT leader, with the timeliest and most relevant information so you can make the best decisions possible.
With that in mind, we’ve seen that the landscape has shifted so drastically in such a short period of time that it has rendered many ingrained assumptions virtually obsolete. Whether due to the global pandemic or the ever-accelerating world in which we live, what worked previously is no longer good enough.
The New Cloud Order Explained
According to our Industry Insights report, 94% of enterprises now agree—a hybrid cloud approach is critical to digital transformation. As the complexity evolves around hybrid cloud, those using first-generation tactics for managing hybrid are finding problems snowball, not weaken.
62% of IT leaders find it difficult to support new cloud environments. Additionally, while 99% believe streamlining integrations are key to accelerating automation and self-service IT initiatives, fully 76% of them are still custom-coding at least a quarter of all their integrations.
And across their clouds, 78% of IT leaders say they have limited insight into who is provisioning what, where to optimize costs or how to remediate security issues.
This just doesn’t cut it anymore. Siloed, myopic approaches in the current landscape are doomed to fail and put your enterprise behind the 8-ball. This is why a new cloud order has emerged.
It’s a reordering of strategic priorities that require comprehensive solutions and improvement in three key areas: automation, optimization and integration. The new cloud order demands simplification of complexities using intelligent, agile, and interdependent approaches to vexing hybrid cloud problems.
To face the new cloud order, organizations have to provide simple and effortless self-service capabilities, optimize cloud costs intelligently, automatically informing and remediating gaps in real-time, and make clear investment in automation tools to integrate systems in a scalable way free of custom code.
In the coming weeks, we’ll use this space to address the new cloud order in each of the three key areas, explore the hard facts regarding the challenges enterprises are facing, and examine how they can be addressed with new, forward-facing solutions.
Discover the way forward in the new cloud order. Read CloudBolt Industry Insights now.
If you haven’t checked it out yet, the first edition of our CloudBolt Industry Insights report was published last week. You can check it out for free here. And when we say “free,” we don’t just mean that it costs nothing to read and download. We also aren’t asking you to fill out a form to access the research, because we believe this info should be available to all without barriers.
We also wrote about it on our blog here. In addition, there’s a terrific write-up about the report from veteran industry journalist Mike Vizard on DevOps.com here.
There’s a lot of great stats and industry insight in our first report, culled from a survey of over 100 IT leaders at global enterprises, all with over 1,000 users. In the coming weeks, we’ll be diving deep into each of the different areas the report discusses. But today we wanted to highlight three big stats that we asked these folks about and glean some insights on their responses. We hope everyone who reads the report uses the info to learn more about industry trends and helps them inform their decision-making.
Take a look at these three stats and what they mean for your organization as you go on your digital transformation journey.
Key Takeaways
Self-service IT is easier said than done. While 71% of our respondents want self-service IT to be easy for their end users, a clear majority (56%) don’t believe what they’re doing in self-service meets that bar. Organizations need to prioritize removing friction, implement easy-to-understand technologies and replace bottlenecks in processes to clear the path for digital transformation.
Integration doesn’t always mean automation. Most of our respondents (76%) are still custom-coding at least a quarter of their integrations. They also find domain knowledge and scripting/coding expertise to be problems too. Your enterprise has to consider ways to ease the problems of integration, including ways to reduce custom coding and knowledge gaps around these systems.
Blindness into key systems. Over three-quarters of the survey (78%) say they have limited insight into who is provisioning what, where to optimize costs or how to remediate security problems. This just simply isn’t sustainable for a modern enterprise. Too much can go wrong, and you can find yourself on the wrong side of the headlines fast. Enterprises must implement tools that modernize the visibility needed to keep business moving towards digital transformation.
You can learn more about all of these items in the full CloudBolt Industry Insights report here.
Your digital transformation dreams can be closer to reality than you think. Talk to CloudBolt today about how to get there.
Where are you in your public cloud security optimization journey?
Public cloud adoption is exploding. Gartner forecasts worldwide public cloud end-user spending to grow 18% in 2021 to $304.9 billion. Organizations are taking hybrid and multi-cloud approaches to digitally innovate, modernize processes, build efficiencies, and collaborate among teams. With the right public cloud approach, your development team can get the resources they need fast to move your enterprise forward.
But with any technology, there is risk. Security breaches happen, and the proliferation of public cloud has given rise to shadow IT and other threats to your critical data and infrastructure.
This is the second post in a weekly blog series examining each of the seven essentials. This week, we’re taking a look at Essential #2: Don’t Let Your Public Cloud Setup Set You Up for Failure.
Essential #2: Don’t Let Your Public Cloud Setup Set You Up for Failure
Public cloud services connect to many different aspects of your enterprise. These interconnected tools can pose numerous risks if they aren’t configured correctly. One incorrect configuration could snowball into a much bigger threat if it isn’t identified and corrected. The numbers in the market bear this out: 66% of organizations leave back doors open to attackers through misconfigured cloud services and 22% of breaches are through cloud resource misconfiguration, according to the 2020 Sophos State of Public Cloud Security Report.
Establish best practices for your configuration process to ensure what you’ve done is correct. Mistakes can always still happen, so use solutions that identify potential misconfigurations proactively. For example, make your resource provisioning leverage blueprints that can be made robust enough to avoid misconfigurations through right input fields.
It’s time to get your cloud security optimization in gear. Book your demo of CloudBolt’s security optimization solutions now.
Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!
Here are the blogs we’ve posted this week:
- Cloud Security Essentials: Avoid Getting Run Over by a Cloud Shared Security Model
- Why the Old Way of Cloud Cost Management Has to Go
- Can You Handle the Truth About Hybrid Cloud and Digital Transformation?
With that, onto this week’s news:
11 dark secrets of multicloud
Peter Wayner, CIO, May 4, 2021
“There are good practical reasons why multi cloud architectures make sense. More clouds mean more options for APIs, more locations for data centers, and an even longer list of clever AI algorithms that just might work. When new improvements come along, a team of architects that’s open to multiple clouds will be agile enough to take full advantage of them.
And there’s also the desire to fight vendor lock-in. When the contract comes up for renewal, the prices go up until you find some competition. Adding multi cloud agility into the architecture from the beginning makes it easier to switch when the vendor sales team wants to squeeze you. There’s just something so irresistible about the dream of being able to move your business to another provider in a weekend.”
The Challenges State and Local IT Face with Hybrid Cloud
Phil Goldstein, StateTech, May 4, 2021
“In a report earlier this year from MeriTalk entitled ‘Hybrid at Hyperspeed: Cloud Strategy for the New Reality of Government,’ based on a survey of 300 federal, state, and local IT leaders, large majorities say the pandemic has increased adoption of hybrid cloud tools. According to the report, 83 percent of state and local respondents say the pandemic amplified the importance of migrating to a hybrid cloud environment, with 66 percent saying the pandemic accelerated their organization’s hybrid cloud adoption by a year or more.
At the same time, 57 percent of state and local IT managers feel their organization is not getting the most out of its hybrid cloud investments.”
Many data breaches are being caused by misconfigured clouds
Sead Fadilpašić, TechRadar, May 5, 2021
“A new report from IBM claims that 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure. Polling 524 organizations that suffered a data breach between August 2019 and April 2020, IBM also found that the average cost of a data breach increased by half a million dollars during that time.
Many organizations rely on multi-cloud infrastructure, especially with the Covid-19 pandemic forcing everyone to work remotely. Still, for more than half (52%), securing data stored in the public cloud is a challenge.”