Few things are more inevitable in this world than taxes and world domination by cloud. It's like an avalanche that seems so far away you think you have enough time outrun it, only to have it catch up to you in the blink of an eye. And with cloud, unless you can fight your way to the surface, you're just going to get dragged under like everyone else not paying attention.
On that dramatic note, what is the state of cloud in 2023? How are companies responding to the continuous stream of new services and features? Who is using more than one cloud provider, and how advanced is their cloud strategy? Perhaps most importantly, what are the latest risks to your cloud infrastructure, and the best strategies to mitigate them?
This article explores the growing complexity of a world powered by cloud, and how leaders are learning to grapple with the biggest challenges ahead.
As we get more entrenched in an economy reliant on cloud, it becomes increasingly clear that cloud isn't simply a tool for enhancing convenience or streamlining workflows. It's a virtual infrastructure companies can use to drive massive business growth, manage customer needs, and transform their lumbering on-prem infrastructure into one built for efficiency.
Whether it's reducing the risk of a single point of failure by adopting multi-cloud strategy, or using the growing constellation of cloud services to closely manage massive quantities of data from anywhere on the globe.
But according to a recent report, only 27% of leaders say their cloud initiatives are driving customer value. But cloud was supposed to help developers build and iterate on solutions faster, relieve operational burdens, and reduce costs across the board. So how is this possible?
The answer might have to do with the cloud strategy these companies adopt. Or in the case of the other 73%, a lack thereof.
More than rapid cloud adoption, or all the brand-new bells and whistles offered by the likes of AWS and Azure (1500+ updates to AWS in 2023 alone!), it's your organisation's cloud strategy that determines what you get out of it.
As it turns out, most organisations don't think too deeply about their long-term goals and desired outcomes for adopting cloud. Instead, they focus on the short-term goal of simply migrating all their data to the cloud because everyone else is doing it.
Just look at how much cloud spending has been going up in recent years: between Q3 2021 to Q3 2022, revenue across the three biggest cloud providers (AWS, Azure, and GCP) increased by at least 20%. Companies are diving headlong into cloud adoption now more than ever. But most of them seem to be doing so without a concrete implementation strategy.
Here's what ends up happening: companies spend all these resources migrating to the cloud, but with a half-baked strategy which leads to them not seeing customer value from it. As a result, they don't fully embrace it, leaving them in a limbo state with some critical infrastructure in the cloud, but not all of it. Now they're stuck with all the inefficiencies of on-prem, with none of the benefits of cloud.
Solving this chicken-and-egg problem requires closely examining some important questions:
It's not enough to simply migrate your data to the cloud. 94% of organisations are already doing it, and of those 44% adopt the latest services as soon as they come out. The real challenge—and value—is in realising a positive business outcome for your organisation.
For that to happen, you need to formulate a long-term plan on how to securely store and use that data, capitalise on it to better deliver solutions to customers, and improve performance and measurement of cloud systems.
A key determining factor of the maturity of your cloud program is how prepared your teams are for the transition.
While it might seem tempting to simply go the 'easy' route and hire experienced cloud talent, this path often ends up being much more expensive and far less effective overall. For a real transformation, the culture across the organisation needs to be geared towards cloud.
This calls for training your entire workforce in line with your cloud strategy, whether it's aligning them to your security policies, or helping them respond to customer needs over the new interface. This extends even to your non-technical staff, who'll also be using these cloud services on a daily basis.
The biggest motivation for employees to get invested in training is progressing their career. Contrary to popular belief, employees are far more likely to stay at your organisation if they get opportunities to improves their skills.
The major point to note here is that upskilling needs to be ultra-focused towards helping your teams solve real-world problems relevant to their roles. That equates to practical, hands-on training instead of theoretical lectures that pass on knowledge rather than skills.
The flip side is forcing employees to take training that doesn't directly improve their job performance can actively hurt their productivity and interest levels. It's a delicate balance, but a very important one.
You also need to take feedback from your teams about the training to understand what's working and what isn't. This information will prove crucial in refining your training strategy as your team's cloud maturity improves.
Get our free ebook: Train Your Teams to Fly — a strategy guide to train your team with maximum ROI.
The omnipresence of cloud has also given rise to a new phenomenon — multicloud workloads. Around 65% of companies globally operate within multicloud environments, using 2 or more cloud providers. The 'Big 3'—AWS, Azure, and GCP—naturally take up the lion's share of these workloads.
Interestingly enough, most companies tend to rely heavily on a single cloud provider: 8 out of 10 companies have 80% of their workloads on a single cloud provider. But even that is changing as organisations continue to spread their eggs among multiple baskets.
The advantages are obvious: they can pick and choose the best services offered by different cloud providers; they aren't locked down to a specific provider in case of an outage; it gives them immense flexibility at the department, team, or project level.
But the risks cannot be understated, either. Only around 9% of leaders report they have extensive experience with more than one cloud provider. Moreover, interoperability between cloud infrastructures can introduce a plethora of security weak points that. Without the requisite cloud talent on your team, these security risks can compound to insurmountable levels.
If your company has or is looking to adopt a multicloud approach, you need to ensure your team is equipped with the skills required to build it securely. Learn more about how to train them with AppSecEngineer's courses in AWS security, Azure security, and GCP security.
The kind of security threats companies face in the cloud is constantly changing, and as cloud infrastructure grows more complex, their threat surfaces continue to evolve. There's no 'right' answer, and what is considered a minor issue today might grow to become an existential threat in a matter of months. Acknowledging this, we can highlight broad patterns in cloud security risks that are relevant in 2023 and beyond.
Aneesh Bhargav is the Head of Content Strategy at AppSecEngineer. He has experience in creating long-form written content, copywriting, producing Youtube videos and promotional content. Aneesh has experience working in Application Security industry both as a writer and a marketer, and has hosted booths at globally recognized conferences like Black Hat. He has also assisted the lead trainer at a sold-out DevSecOps training at Black Hat. An avid reader and learner, Aneesh spends much of his time learning not just about the security industry, but the global economy, which directly informs his content strategy at AppSecEngineer. When he's not creating AppSec-related content, he's probably playing video games.
help@appsecengineer.com
United States
11166 Fairfax Boulevard, 500, Fairfax, VA 22030
APAC
68 Circular Road, #02-01, 049422, Singapore
help@appsecengineer.com
United States
11166 Fairfax Boulevard, 500, Fairfax, VA 22030
APAC
68 Circular Road, #02-01, 049422, Singapore