Hybrid multi-cloud environments are becoming ubiquitous — impressively, 82% of organizations have now adopted a hybrid cloud. Over half of companies now employ 2-3 public Infrastructure-as-a-Service (IaaS) clouds. By retaining on-premise computing and spanning multiple cloud vendors, architects have unprecedented flexibility in where to place workloads to suit their unique requirements.
Supporting these trends, we’re also witnessing a rise in cloud-native components. By 2023, the majority of applications will use cloud-native technologies. Cloud-native containerization and orchestration are bringing excellent agility and elasticity to the modern computing runtime. However, these strategies are not without their challenges — security and networking are top roadblocks that persist within the new hybrid cloud norm.
The 2022 Global Hybrid Cloud Trends Report outlines the state of hybrid multi-cloud, and its impact on development, operations, and the overall business. Below, I’ll dive into the key takeaways from the report and consider the new security vectors present in this multi-cloud paradigm.
State of Hybrid Multi-Cloud
It’s becoming more standard for companies to use multiple clouds. 58% of companies now use two to three public cloud providers, such as AWS, Azure, or GCP. 31% are even using between between four and ten. There are several reasons to adopt multiple clouds. For example, different clouds might suit different application needs, and adopting multiple clouds can prevent vendor lock-in. Another reason that companies might adopt multiple cloud solution providers (CSPs) is to optimize costs.
Compared with multi-cloud, Software-as-a-Service (SaaS) is even more popular — 45% of organizations have five to ten SaaS providers in use, and 23% use 20-100 individual SaaS! The pervasiveness of SaaS makes sense, as reliance on digital services — such as email, remote collaboration tools, video calls, and CRM systems — has only increased in recent years.
Not only are organizations using cloud-based SaaS, but they’re also using cloud infrastructure to host workloads. 82% of organizations now use hybrid IaaS cloud infrastructure. This mixture allows architects to select the best environment for each workload type. So, what are some typical workloads that run in hybrid IT? At 73%, the most common is backup or disaster recovery. This is likely because a distributed footprint can effectively manage fallout in case of an attack. This area is followed by application development (70%), archiving (50%), cloud bursting (51%), and security processes (47%).
Security: a Top Multi-Cloud Challenge
Hybrid multi-cloud enables agility and digital innovation but doesn’t come without certain risks. For example, cybersecurity is a noted top concern for adopting multiple clouds — 37% of respondents see security concerns as a significant challenge. In today’s interconnected landscape, new threats are constantly emerging. Most notably, supply chain disruption can affect the safety of components using open-source software.
One way to circumnavigate threats is to shelter workloads according to risk severity — and hybridity provides this segmentation capability. As such, 58% of respondents are moving workloads between on- and off-premise environments every week.
Another major challenge facing digital enterprises is API security. APIs have become more pervasive, yet cybersecurity strategies here are lagging, as undocumented endpoints and broken authorization remain top threats. As a result, securing APIs across multiple providers is a challenge for 32% of respondents. This figure will likely increase in the coming months, as multiple reports cite a swell of API attacks.
Another top challenge of introducing multi-cloud, which could affect security, is operational complexity — 35% view increased operational complexity as a top challenge when using multiple clouds.
DevOps Leads Cloud-Native Shift
DevOps or CloudOps roles are emerging as leaders to steward the new hybrid multi-cloud modality. Greater alignment here is becoming critical as the location of cloud-native workloads is ephemeral. (Surprisingly, only 8% of respondents say they plan to retain mission-critical workloads where they are). But to fully adopt the cloud will take a mandate from on high — 34% say a cloud-first mandate will be the tipping point toward evolving their organization’s development and processes.
Many new cloud-native technologies have emerged, which DevOps roles tend to interface with. For example, 48% of companies have deployed and are using containers. This is followed by service mesh (45%), serverless (40%), and Kubernetes (37%). 91% are actively moving or planning to refactor production workloads and applications using cloud-native technologies, found the report. Yet, cloud-native security and networking concerns are cited as significant challenges by those in DevOps and CloudOps roles.
Safely onboarding cloud-native technologies will require giving DevOps a seat at the table in determining the overall networking strategy. Most respondents strongly agree this is important, and 62% feel that such collaboration requires a regular weekly cadence of meetings.
Hybrid multi-cloud is bringing more scalability and accelerating innovation throughout enterprise software environments. Yet, running workloads on different hardware across domains runs the risk of introducing new misconfigurations.
Rising complexity will necessitate the hardening of cloud-native technologies, like multi-cluster Kubernetes. DevOps must also ensure that backup and recovery strategies are adopted for new container-based deployment models.
Increased guardrails could assist in avoiding cloud-based security risks. According to the report, a cloud-agnostic abstraction layer could be helpful to automatically apply a common security framework across clouds.
In addition to exploring multi-cloud and security repercussions, the report discovered that edge computing and AIOps are trending areas. 94% of surveyed organizations have deployed or intend to deploy edge computing. Further, 49% are expecting to deploy AIOps technology in the coming year.
The 2022 Global Hybrid Cloud Trends Report, commissioned by Cisco and conducted by 451 Research, collates responses from 2,500 global IT decision-makers and professionals from around the globe. For more insights, you can pick up the report here.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: