The enterprise cloud journey, now more than a decade in, is far from a straight path. A recent white paper, "Cloud Usage and Management Trends: Where's the Money Going?" by GTT, reveals a landscape of increasing complexity, a surprising resurgence of private cloud, and critical implications for cybersecurity professionals.
The downloadable report, based on a survey conducted by Hanover Research, offers a unique lens into how enterprises are adopting, using, and managing cloud services, along with insights into spending patterns and future plans. For those on the front lines of digital defense, understanding these shifts is paramount.
While public cloud still hosts a significant portion of workloads, the report underscores a clear trend towards cloud repatriation and increased reliance on private cloud environments. "Private cloud spending is expected to grow at a faster rate for our respondents, reflecting an industry trend toward cloud repatriation." Notably, in the under-$10 million spending bracket, private cloud spend is growing at twice the rate of public cloud.
Why this shift? Security and control are driving factors. "It is perhaps no surprise to anyone that enhanced security and privacy is the number one reason for private cloud usage as cited by 56% of respondents," according to the white paper.
Cybersecurity professionals must recognize that this hybrid reality is now the norm. "Organizations are still using multiple cloud environments, most commonly a mix of public and private clouds." This means navigating complex architectures, ensuring consistent security policies, and maintaining visibility across disparate environments. The report highlights that "creating a hybrid environment between public and private cloud security" is a significant challenge for many.
Furthermore, sensitive data often remains on-premises or in private clouds. The report found that "financial and order data are most likely to remain on-premises," and "financial data, being one of the most sensitive, was the most prevalent data type stored on private clouds, confirmed by an average of 61% of respondents."
The acceleration of AI adoption is introducing a new layer of complexity and influencing cloud strategies, particularly concerning data residency and security. The white paper points out a crucial dilemma for enterprises deploying AI models: "Clearly, enterprises deploying AI models can either move their private data to where the AI model is hosted (in the public or private cloud) or move the AI model to where their data exists (in a private cloud or on-prem)."
Intriguingly, "secure, partitioned AI testing or deployment" is a major consideration for private cloud usage, cited by 50% of respondents, on par with compliance or regulatory issues. It indicates a strong preference for keeping sensitive data close when it comes to AI.
Alarmingly, the report cites studies indicating that "roughly 40-45% of employees have exposed sensitive enterprise data to public AI models." This statistic alone should raise red flags for every CISO and security team, emphasizing the need for robust data governance and user education in the age of AI.
[RELATED: Texas Passes Most Comprehensive AI Governance Bill]
The path to cloud maturity is fraught with obstacles. A striking finding is that "only 5% of organizations have not experienced any challenges when migrating to either public or private clouds." The top challenges include "technical skills and feasibility" and the actual migration of apps and data. Post-migration cost optimization is also a bigger hurdle for public cloud users.
The complexity isn't just in migration; it's ongoing. "The cloud, which had a promise for scale and simplified operations, has evolved into a rather complex patchwork of multiple clouds, providers and applications." These "multi-cloud architectures create several challenges in terms of cloud usage, application management and cost control."
Given the pervasive challenges and skills shortages, managed service providers (MSPs) are emerging as indispensable partners. "The reported multiple challenges of migrating and operating applications in the cloud are likely the reason the greatest number of our respondents are leveraging managed services."
MSPs are highly valued for their security capabilities. "Respondents are most likely to believe MSPs to be excellent at security (55%) and managing multi-cloud environments (48%)." Overall, "security (92%) and cloud migration (89%) are considered their strongest areas."
As James Karimi, CIO/CISO at GTT, puts it: "As the world is increasingly interconnected between clouds, data protection is a global concern. Everyone shares the responsibility of securing cyberspace far beyond an IT function. Advanced tools, intelligent threat analysis and human experts continually monitoring and defending the entirety of the attack surface are an ever-evolving concern. It requires a layered approach, including constant threat hunting, vigilance, attention and discovery." MSPs can help fill these critical gaps.
1. Embrace hybrid security: Develop and implement robust security frameworks that seamlessly span on-premises, private cloud, and multiple public cloud environments. Focus on unified visibility and consistent policy enforcement.
2. Prioritize data classification and AI governance: Understand where your sensitive data resides and how it's being used, especially with new AI initiatives. Implement strict policies and controls to prevent inadvertent data exposure to public AI models.
3. Address skills gaps: Invest in continuous training for your team on emerging cloud technologies and security best practices. Consider partnering with MSPs to augment your internal capabilities.
4. Optimize for cost and security hand-in-hand: As cloud repatriation gains traction due to cost unpredictability, ensure that security remains a top consideration in all migration and optimization efforts. Repatriated workloads must be securely integrated into existing frameworks.
5. Leverage SASE and SD-WAN: These solutions are crucial for managing complex cloud networking and policy enforcement, especially as workloads shift.