5 cloud trends for 2020
The fate of the cloud is pretty much decided: It's not going anywhere and companies can rely on cloud providers to host workloads long-term.
The technology is becoming more specialized as vendors turn attention to tailored solutions across verticals. The cloud needs of the financial services industry crowded with regulatory oversight are more rigid than the needs of construction or retail.
Vendors are leaning into the cloud-filled world, responding to customer demands to integrate with other providers or lessen the security burden.
This year will offer more battles in the cloud wars, more big-name customers inking long-term deals and more vendors listening to understand the realities of where enterprises actually are in cloud adoption.
1. Hybrid multi-cloud is the predominant strategy and companies are doubling down.
The industry has whispered about infrastructure as a service and cloud computing for years, talk which accelerated as Amazon Web Services' competitors matured solutions, setting up a fight for customers.
Still, only one-fifth of enterprise applications run in the cloud, according to Forrester research.
The industry can credit a number of factors for the slow migration: legacy IT investments, the pivot from lift and shift strategies or slow corporate buy-in.
With new expectations for cloud adoption, companies are prioritizing hybrid and multi-cloud options and capitalizing on private and public cloud solutions from multiple vendors. On average, companies run 4.9 private and public clouds, Rightscale found.
Vendors have leaned into the multicoloured push, accepting "we know we aren't going to be the only cloud that you use, but we do want to be a cloud that you use," Jeremy Roberts, senior research analyst at Info-Tech Research, told CIO Dive.
A multi-cloud strategy was the foundation for CIO Dive's 2019 CIO of the Year Barry Libenson, Global CIO of Experian. The company built a strategy that allowed it to operate in a cloud-agnostic way, cognizant of customer demands for operating workloads in different clouds.
Ultimately, business cloud strategy is asymmetrical, dependent on company size. For example, one very large enterprise had more than 10,000 virtual machines on-prem and managed multiple private data centers, according to Matt Maloney, senior director technology, agility, strategy at Flexera. The company's intention was to use all three public clouds in addition to doubling down on private cloud investments.
Most organizations Maloney speaks with primarily uses one public cloud, dabbling in a variety of hyper-scale services, on top of private cloud investments, he told CIO Dive.
2. IT makes nice with finance in the name of efficiency.
Place a workload in the cloud, blink, and a company can rack up a million-dollar bill. It's an exaggeration, but not far from the truth.
IT budgets are increasing, boosted by digital transformation, cybersecurity and cloud-first/migration initiatives. Because of the shift in spending toward constantly buying technology in service-based models, it is easy to lose track and overspend on IT. The challenge boils down to cost visibility.
"The call to action isn't just spend less on cloud; the call to action is to optimize that spend so that we can go fund new initiatives," said Jarod Greene, VP of audience marketing at Apptio and general manager of the TBM Council, in an interview with CIO Dive.
In response, procurement and engineering specialists are working together to budget, forecast and plan for cloud expenses.
It allows companies to make more informed decisions about the value of the cloud beyond simply the cost of a cloud bill, Greene said.
3. Cloud security is becoming more automated — but companies have to move beyond presets.
Obsession over cloud security ramped up in 2019 and with good reason. Capital One brought industry a harrowing example of when credential management goes awry, increasing pressure on cloud vendors to do more to secure the cloud.
Across all segment sizes, industries, and job titles, people care about cloud security, Roberts said. Unlike software as a service, where security offerings are understood, the cloud introduces moving parts across on-prem or cloud-based services.
Some interconnect, creating a complex web of infrastructure, according to Roberts. "How do I manage security in an environment like that?"
The answer becomes delivering governance from the top down and enforcing policies to help create a culture of security. Once a shiny new cloud is spun up, the first step a company should take is to lock down credentials and configure databases.
Customers are also looking to cloud providers to simplify computing environments, as complexity obscures security.
Vendors are already doing a lot to automate security and cloud providers are evolving into a new breed of security provider. An undercurrent is the shared responsibility model. Amazon Web Services owns responsibility for "security of the cloud" and leaves "security in the cloud" to the customers.
4. Containers taking over as the dominant strategy for cloud portability.
Last year saw an uptick in container-focused strategies as leading vendors pivoted toward packaged application solutions. Notably, CIO Dive's 2019 Disruptor of the Year VMware unveiled a push for Kubernetes-nativity, evolving from its flagship virtualization platform.
Kubernetes is a system to deploy, scale and manage applications in containers. Introduced by Google in 2014, the company made it open source and readily available in 2015. Since its inception, Kubernetes has shaped enterprise application deployment and allowed for untethered workload flexibility.
Forrester expects cloud app development services, including container services, to become the preferred platform for application development, according to its public cloud market outlook, 2019 to 2022.
Containers offer the highest portability between different clouds, according to Maloney.
The desire for that portability underlies the trend toward multi-cloud. Containers offer a path for companies to shift workloads between clouds, avoiding lock-in and allowing vendor adoption based on best fit for purpose.
The API economy, though sometimes difficult to navigate, helps liberate workloads to run anywhere within reason, Maloney said. Containers will probably be the "de jure" method for getting workloads into the cloud and making sure they remain portable.
5. Vendors play nice in the name of the customers and their demands.
Last year brought more cooperation between vendors, with seemingly unlikely agreements between companies. In June, Microsoft and Oracle announced an "interoperability" play, allowing customers to run parts of the same workload in each cloud. And SAP is leaning into integrations with multiple cloud providers.
It feeds the emerging multi-cloud ecosystem; operating in a silo adds to fears of vendor lock-in. It's the trend of "agnosticism," Roberts said.
"Enterprise is driving that requirement with the hyperscalers," Maloney said. "They're saying, look, if you want more of my business you have to support my environment. My environment is not just your cloud."
The integrations allow companies to adopt best tools fit for purpose and offers companies agency in choosing which tools to adopt. The complication becomes managing the workloads when vendor limitations are lifted.
- 6 month contract Operational Cyber Security - SIEM, Vulnerability, Cyber Essentials + London, Inside IR35
- City of London
- Depending on experience
6 month contract inside IR35 Operational Cyber Security London c50% of the role is day to day operations / administration / liaising with 3rd party monitoring suppliers. More though investigations, getting ready for cyber essentials plus. Following up on vulnerability management. 20-30% active monitoring of alerts, tooling etc. 10% reporting / light oversight of junior Experience with Microsoft defender / Azure, Splunk, Tenable Experience in maintaining Cyber Essentials Plus is a big bonus. Knowledge across ISO27001, NIST GDPR required. Inside ir35 need someone in their London (city) office 2-3 days a week.
- CONTRACT Fluent French AND English Cyber Security Project manager - 12 month
- United Kingdom
- Dependent on experience
Fluent French / English Contactor cyber Security Project Manager needed. Experience in migrating technical cyber services from one physical region to another. Experience with Crowdstrike, Tanium, Palo Alto and or Zscaler ideal or comparable solutions. Language fluency in French AND English is essential. 12 month contract. Looking to start June. Day rate dependent on Experience. Apply today for more details
- GRC Security Contractor - Achieve SOC2 Type 1 Compliance - 6 month
- Dependent on experience
GRC security practitioner needed to ensure a financial service business to achieve SOC 2 type 1. Experience managing the end to end process is key, you will be the key individual to deliver this within a 6 month deadline. Experience of SOC 2 type 1 / type 2. The gathering of evidence, baseline of 27001, ukdpa, GDPR NIST etc. Looking to interview ASAP.
- Contact 12 month- Security Operations- Crowdstrike Falcon Insight EDR / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Crowdstrike Falcon Insight EDR experience for a 12 month contract. Experienced Contractor with Crowdstrike Falcon Insight: Endpoint detection and Response (EDR) experience needed - 12 month rolling project. Implementation, configuration and Analyst experience needed with Crowdstrike Falcon Insight: (EDR) Migration project- relocating capability internationally. technically implementing, configuration of that that migration and then transition to BAU role monitoring. DCL Search exclusive associate Project.