A new survey from Barracuda shows increased confidence in the public cloud but not without reservations. It seems that companies are adopting multi-cloud environments to get the apps they want. However, a lack of skills, issues over security and even MPLS costs are threatening a wider adoption.
According to Klaus Gheri, VP, Network Security, Barracuda: “As organizations continue to radically transform their infrastructures and rely more on the public cloud, they are uncovering new connectivity and security challenges.
“But by embracing highly-flexible secure access service edge (SASE) solutions, organizations of all sizes and types can improve connectivity, simplify management, and strengthen security.”
The survey talked to 800 people across the US, Germany, UK and France. To get greater insight into some of the results, Enterprise Times talked with Sinan Eren, VP Zero Trust Access at Barracuda.
What do we learn from the survey?
The survey results break into six key findings around security, performance and challenges of public cloud. The findings throw up some interesting gaps between what people think they understand and the reality on the ground. They also raise questions about how the public cloud model is evolving and how customer friendly multi-cloud really is.
Among the various finding are:
- IT professionals are gaining confidence in the cloud: Over 75% use multiple clouds providers presumably due to specific apps that they use. The most used cloud is Microsoft Azure with over 80% having an Azure-based solution. Interestingly, 89% agree they understand the shared responsibility model for cloud security.
- Organisations face growing constraints when it comes to cloud access: Cloud promotes always-on but 56% are struggling to get that for their organisations. 70% are hitting latency and performance issues with SaaS workloads such as Office 365.
- Current network infrastructure is growing increasingly costly: Over 70% are using MPLS in their networks. This has led to cost increases due to seasonal workload increases.
- IT professionals are looking for easier and more economical connectivity: 70% plan to implement SD-WAN solutions to help reduce their cloud connectivity issues. However, there are concerns over cost, complexity and a lack of skills to deploy effectively.
How well do people understand public cloud security?
Of particular interest in the survey is the question on shared responsibility. Public cloud is about a generic setup that companies have to configure themselves. The cloud provider manages the platform you manage your data. An average of 89% saying they understand that model shows a significant gap between claims and reality. Most of the breaches seen on AWS are due to poor configuration and unsecured storage.
ET asked Eren about this disconnect. He said: “I think they do understand but are not necessarily capable of implementing it. There is a tremendous amount of responsibility on the service provider, to make it a little bit more intuitive to make it a little bit simpler.”
One of the early problems with cloud adoption was people understanding how to deploy to the cloud. With packaged applications, they wrote code to integrate and customise them. With cloud, especially public cloud, it is about the configuration of a standardised product. Why does this disconnect still exist?
Eren commented: “There is a disconnect, but it was a tremendous opportunity. Companies like us exist in order to provide control plane guardrails for folks to deploy their workloads and secure their public cloud instances. Even though the products are very easy to use at the onset, the more features and functionality you build into it the complexity increases exponentially.”
How much of this is about the skills gaps?
Eren replied: “You have to build expertise on Azure if you’re going to go multi-cloud on AWS, or IBM cloud or something else, like how is it even humanly possible to have the same level of comfort in all these deployments?”
Cloud providers promote the ease of use of their platforms but is that the reality for customers. AWS, Azure, GCP, and IBM are all very different across their feature set. How do one solve this?
Eren believes that the solution is abstraction layers and tools. He points to the explosion of cloud object startups on AWS. “There’s all these translation layers now been invented by startups. And they’re charging per usage, which can then translate one implementation to another. You wouldn’t believe how many clouds object storage startups that have just mushroomed in the last five years that mimic S3 API. What they’re telling you is go ahead, implement everything using AWS S3 APIs for storage. But guess what, you can pull it off any moment and start using ours. There’s a bunch of them out there but it’s a band-aid, not a robust solution.”
How do managed services providers fit into this?
The explosion of public cloud, SaaS and security has brought a corresponding explosion in certifications. As the number of certifications increases, it means IT staff become increasingly specialised. It can be incredibly hard for organisations to find and afford skilled staff. This plays into the hands of the Managed Services Providers (MSPs) especially the Managed Security Services Providers (MSSPs).
One solution to the skills problem is to outsource to a managed services provider. They can afford to employ and skill up people, then leverage that across multiple customers. From a security perspective, this is becoming increasingly common. What is not so common is this approach for public cloud deployment.
Public cloud likes to talk about simplicity and democratising access to technology. Eren likens this to learning a musical instrument. “It reminds me of the piano. It feels so easy at first that you can press the keys. Unlike a violin, it’s so easy to start producing a proper tune right. But then the complexity goes exponentially tough.
“So it’s a bit similar in that it’s very easy to set up but then the complexity increases. What we’re trying to bet here is that as security vendors and networking companies, we can build abstraction layers across these cloud controls. Because of the fast pace of innovation that these clusters providers are going, maybe we can do the job of providing a cohesive, easy to use control plane, where it’s easy to connect and secure and provide uptime for your deployments.”
But what about that connectivity challenge?
MPLS is still a central element of many organisations networks. If they are to be more flexible and secure, it means a change of technology. SD-WAN is likely to be part of that solution but the challenge is where to get the skills from. In the survey, there was a marked difference by country when it comes to SD-WAN deployments over the next 12 months.
For example, in the US, 81% of respondents are planning to deploy SD-WAN. At the other end of the scale, just 49% in the UK plan to do the same. It’s not an issue with the maturity of the technology just the lack of skills and knowledge.
What is telling, is that over 74% of respondents want SD-WAN built into the cloud providers infrastructure. They don’t want to have to create and deploy their own solution or mix offerings from other vendors with that from their cloud provider. This is good news for the cloud providers and for MSPs. Once built-in, it should speed up adoption rates, improve security and increase stickiness.
Enterprise Times: What does this mean?
Public cloud is probably as big a winner in 2020 as collaboration and virtual conferencing tools. Yet some of the old problems refuse to go away. That so many say they understand the shared responsibility model but then don’t implement is a perfect example of this. The lack of skills and, more importantly, the lack of skilled personnel in IT, is also inhibiting some deployments.
Of more concern for many will be the ongoing problems with connectivity and latency. If people are to continue working from home they need both to improve and improve quickly. If not, companies will increasingly pressure staff to return to the office.
On the upside, this report shows there is increasing interest in the role of MSPs. That is good news for Barracuda and other vendors. They can provide IT support to companies, especially SMEs. MSPs are also well placed to deliver on SD-WAN deployments due to their own skill sets. They are also able to help secure other parts of the cloud infrastructure companies are deploying. For those with multi-cloud environments, this is a critical issue.