lastweekinaws - sector · data-driven business intelligence and analytics delivery of new digital...

451RESEARCH.COM

©2019 451 Research. All Rights Reserved.

Cloud Adoption:Trends and Recommendations

SecTor 2019

Fernando Montenegro

Principal Analyst

3

https://www.customink.com/fundraising/lastweekinaws

451RESEARCH.COM

©2018 451 Research. All Rights Reserved. 4

DevOps DevSecOps

Does it matter?

451RESEARCH.COM


Principal Analyst, Information Security team

Originally from , now based in Toronto

Topic areas: cloud security, endpoint, deception, anti-fraud.

Prior experience: 25+ years across pre-sales, delivery and consulting roles in enterprise security.

Interests: security economics, security at scale

@fsmontenegro

Introduction

451RESEARCH.COM


Agenda

• Introduction and Methodology

• Broader Cybersecurity Trends

• Cloud Adoption Trends

• DevOps

• Cloud Security Trends

• Recommendations

451RESEARCH.COM


Methodology

“451 Voice of the Enterprise”

Quarterly insights:

► Budgets & Insights

► Workloads & Projects

► Organizational Dynamics

► Vendor Evaluations

Briefings, Inquiries, Research

100s of hours

► Enterprise IT

► Service Providers

► Security vendors

► Finance professionals

Qualitative research

Independent

451RESEARCH.COM





• DevOps


• Recommendations

Strategy Cycle (Sun Tzu and Simon Wardley)

11

451RESEARCH.COM


Clima[c]tic Pattern: Evolution

Monolithic Microservices

Waterfall Agile

APIs ‘Functions as a Service’

IT DevOps

Datacenter Cloud

Self-contained Service mesh

Enterprise IoT, OT, consumer

INFOSEC?

Networks 5G

451RESEARCH.COM


Q17. Which of the following represent the most important workload-related IT challenges your organization faces at the moment?

1

3

60%

37%

31%

25%

23%

23%

23%

21%

3%

Data protection and security

Governance and compliance

Migrating workloads to new IT environments

Incorporating new workloads into the IT environment

Ongoing capacity planning

Cost tracking/management

Lack of workload-specific staff/expertise

Maintaining visibility across different IT environments

Other

% of respondents (n=921)Source: 451 Research, Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019

All eyes on security!

451RESEARCH.COM


Security: Seen in context

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads and Key Projects 2018

451RESEARCH.COM


451RESEARCH.COM


Continuation of an upward spending trend

By what percentage do you expect your organization’s total information security budget to change in the coming year compared to this year?

Source: 451 Research’s Voice of the Enterprise: Information Security, Budgets & Outlook, published Q1 2019

Mean: 22, Median: 20

451RESEARCH.COM





• DevOps


• Recommendations

451RESEARCH.COM


Q20. Which of the following best describe the primary purpose of the current/planned digital transformation initiatives?

1

7

44%

43%

42%

36%

30%

29%

28%

11%

3%

Customer experience

Data-driven business intelligence and analytics

Delivery of new digital products and services

Process automation

Employee productivity

Developing new digital business/revenue streams

Innovation/enhancement of existing products (e.g., remote

diagnostics/updates)

Supply chain optimization

Other

% of respondents (n=593)Source: 451 Research, Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019

Why are organizations doing this?Dig i ta l t rans fo rmat ion s t ra tegy i s : E va lua t ion o r e xecut ion

451RESEARCH.COM


Q15. Which of the following benefits, if any, has your organization experienced as a result of your use of cloud services?

1

8

45%

42%

36%

25%

25%

15%

12%

9%

8%

6%

4%

18%

Faster time to market for new products

Improved employee productivity

Reduced operating expenses

Improved customer satisfaction

Extended geographic reach

Fewer security/data leakage incidents

Increased revenue

Improved availability of cash

Increased gross margins

Reduced customer churn

Reduction in debt/borrowing

We haven't experienced any benefits% of respondents (n=250)

Source: 451 Research's Voice of the Enterprise: Cloud, Hosting & Managed Services, Organizational Dynamics 2019

Are they seeing results? Oh yes…

451RESEARCH.COM


Cloud transformations are ongoing

46%39%

21%16%

17%

18%

21%

19%

11%

12%

17%

11%

9%

9%

11%

15%

8%

9%

17%

19%

9%13% 13%

21%

2018 actual

(n=1026)

2019 actual

(n=885)

2020 proj

(n=978)

2021 proj

(n=849)

SaaS

IaaS/PaaS

Hosted Private Cloud

3rd-Party Colocation

On-Premises Private Cloud

On-Premises Traditional IT

Q: Thinking about all of your organization’s workloads/applications, where are the majority of these currently deployed?

Q: Thinking about all of your organization’s workloads/applications, where will the majority of these be deployed two years f rom now?

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2018 -19

Q4. What percent of your organization's overall IT budget (including infrastructure, software, and vendor fees) is spent on IaaS/PaaS/public cloud

resources?

20

61%

29%

9%

1%

1-25%

26-50%

51-75%

76-100%

% of respondents (n=80)


Approximate percentage of overall IT budget spent on

IaaS/PaaS/public cloudAll respondents who use IaaS/PaaS/public cloud

Mean = 23%

Median = 20%

Q5. How do you expect your organization's spending on public cloud to change during the next 12 months?

21

22%

57%

18%

2%

1%

Significant increase

Slight increase

Remain the same

Slight decrease

Significant decrease

% of respondents (n=90)


Expected change in public cloud spending in next

12 monthsAll respondents who use IaaS/PaaS/public cloud

451RESEARCH.COM


“Well, private is cheaper!”…not quite

22

Q17. Within the last 12 months, has your organization migrated any applications or data that were primarily part of a public cloud environment to a

private cloud or non-cloud environment?

23

5%

2%

2%

92%

Yes, to a hosted private cloud environment

Yes, to an on-premises private cloud environment

Yes, to a non-cloud environment

No

% of respondents (n=187)Source: 451 Research, Voice of the Enterprise: Cloud, Hosting & Managed Services, Workloads and Key Projects 2019

“People are migrating back!”…. Not quite…

451RESEARCH.COM





• DevOps


• Recommendations

Q2. In the last 12 months, how often did you deploy most software applications to production?

25

5%

19%

25%

23%

19%

6%

3%

Hourly

Daily

Weekly

Monthly

Quarterly

Semi-Annually

Annually

% of Respondents (n=427)Source: 451 Research, Voice of the Enterprise: Q1 2019 VotE DevOps survey

Frequency of Software Applications to ProductionOrganization has deployed software applications to production in the last 12 months

Q8. For which types of applications does your organization take a DevOps approach?

26

59%

56%

49%

45%

12%

1%

Data processing, analytics, business intelligence

IT/infrastructure optimization functions

Customer-facing functions that enhance the experience/value of

doing business with your organization

Specialized business process functions

Other internal/line-of-business functions

Other

Don't know


Types of Applications Using a DevOps ApproachAll respondents

Q10b. What are/were the primary challenges of spreading DevOps to more of your applications, releases and teams?

27

29%

24%

24%

23%

22%

21%

20%

19%

18%

6%

1%

Cost

Concerns about governance, security and compliance risks

Technical complexity (e.g. tool sprawl)

Existing process is sufficient for some applications

Performance

Refactoring/rewriting legacy applications

Inconsistent processes and workflows

Scaling is difficult

Culture conflict among internal teams

No challenges to spreading DevOps

Other

Don't know


Barriers to Spreading DevOps More WidelyAll respondents

Q12. If Which best describes your DevOps process?

28

43%

47%

10%

All sanctioned and centrally managed

All sanctioned but distributed management (e.g., within different

business units)

Some sanctioned and centrally managed, but some unsanctioned

and/or distributed


Structure of DevOps Process – Distributed is Way to Go

Q15. What cultural challenges, if any, has your organization's DevOps team(s) confronted?

29

33%

31%

30%

28%

27%

25%

23%

22%

6%

2%

Overcoming resistance to change.

Aligning differing priorities for stakeholders and teams

Promoting communication between teams not accustomed to working together

Sharing responsibility for problems.

Demonstrating equity of benefits/costs.

down support (management, leadership, etc.)

up support (developers, sysadmins, etc.)

Breaking down silos for collaboration.

None of the above

Don't know


Cultural Challenges Facing DevOpsAll respondents

451RESEARCH.COM


451RESEARCH.COM

©2019 451 Research. All Rights Reserved.3

0

“The most innovative companies and highest-

performing organizations are always striving

to be better…”

From: Forsgren&Shortridge, BH USA 2019

Q16. Which environment(s) does your organization use for your DevOps implementation?

31

49%

38%

32%

26%

21%

19%

18%

On-premises private cloud

Hosted private cloud

On-premises, non-cloud infrastructure

Infrastructure as a service (IaaS)/public cloud

Software as a service (SaaS) and hosted applications

Hosted, non-cloud infrastructure

Platform as a service (PaaS)

Other

Don't know


Environments of DevOps ImplementationAll respondents

Q32. Which cloud-native technologies and methodologies are important to your organization?

32

46%

41%

28%

26%

24%

5%

6%

Microservices

Containers

Serverless

Service mesh

Kubernetes

None of the above

Don't know


Important Cloud-Native Technologies and MethodologiesCloud native trends have some importance to organization's DevOps implementation

Q28. How important is open source software to your organization's DevOps implementation?

33

46%

44%

8%

2%

Very important

Somewhat important

Not very important

Not at all important


Importance of Open Source Software for DevOpsAll respondents

Q35. What percentage of your overall application portfolio is developed using cloud-native technology and methodology?

34

2%

2%

7%

11%

15%

14%

11%

11%

12%

7%

3%

4%

None (0%)

1-9%

10-19%

20-29%

30-39%

40-49%

50-59%

60-69%

70-79%

80-89%

90-99%

100%


Percentage of Applications Developed Using Cloud-Native

Technology or MethodologyAll respondents

451RESEARCH.COM





• DevOps


• Recommendations

451RESEARCH.COM


Q23. Which of the following skills categories are most important for managing your organization's cloud computing environment ?

3

6

66%

61%

49%

47%

45%

45%

41%

39%

26%

21%

20%

14%

13%

2%

Security expertise

Cloud platform expertise

Compliance/governance

DevOps

Cloud orchestration and management

Cloud architect

Cloud server/storage administration

Cloud provider management

Cloud-native programming

Software-defined networking

Database administration

Machine or deep learning

Open source software development

Other

% of respondents (n=465)Source: 451 Research's Voice of the Enterprise: Cloud, Hosting & Managed Services, Organizational Dynamics 2019

Sense of importance of security

451RESEARCH.COM


Q24. And which of the following skills categories are most acutely lacking when it comes to managing your organization's clou d computing environment?

3

7

36%

34%

31%

27%

24%

22%

22%

20%

19%

16%

14%

11%

8%

4%

Security expertise

Cloud architect

Cloud orchestration and management

Cloud platform expertise

DevOps

Compliance/governance

Cloud-native programming

Machine or deep learning

Cloud provider management

Cloud server/storage administration

Software-defined networking

Open source software development

Database administration

Other


Yet organizations struggle to be prepared

Q19. Beyond developers and IT operations, who are the primary stakeholders in your DevOps implementation?

38

44%

38%

33%

30%

25%

23%

21%

12%

Security

Central IT admin (network admins, storage admins)

Data science/data analytics

DBAs (database administrators)

Management and leadership

Line of business (LOB) managers

Compliance

Finance

Don't know


Stakeholders in DevOps ImplementationAll respondents

Q22. What is the most critical security element to your DevOps workflows?

39

11%

15%

14%

14%

30%

15%

1%

Static analysis

Dynamic analysis

Interactive analysis

Software composition analysis

Vulnerability assessment

Software supply chain validation

Other


Security Elements Critical to DevOps WorkflowsAll respondents

Q12. Which of the following groups are involved in or influence public cloud spending decisions at your organization?

40

80%63%

52%46%

37%36%36%

32%30%

25%25%

23%15%15%

12%12%

11%2%

IT management group (e.g., CIO)

IT infrastructure managers/administrators group

Information security management group (e.g., CISO/CSO)

Executive management group (e.g., CEO, board)

Developer group

Finance management group (e.g., CFO)

Applications group

Operations management group (e.g., COO)

Research & development (R&D) group

Data science/data analytics group

Digital strategy group

Legal/compliance management group (e.g., CCO)

Marketing management group (e.g., CMO)

Customer service and support (e.g., CSS) group

Sales management group

Third-party service providers/systems integrators/value added resellers

Human resources management group (e.g., CHRM)

Other


Groups involved in public cloud spending decisionsAll respondents who use IaaS/PaaS/public cloud

Q23. What percentage of your DevOps workflow implementations include security elements?

41

1%

2%

7%

13%

14%

11%

15%

9%

8%

5%

6%

10%

None (0%)

1-9%

10-19%

20-29%

30-39%

40-49%

50-59%

60-69%

70-79%

80-89%

90-99%

100%


Percentage of DevOps Implementations With Security

ElementsAll respondents

451RESEARCH.COM





• DevOps


• Recommendations

451RESEARCH.COM


Strategy -> Doctrine

Security for Cloud & DevOps

44

Support cloud teams, not just ‘no’

Don’t duplicate security

Work within their processes

Iterate & improve

Avoid “always did this way”

Work with project teams

Optimize for change

Use right tooling

Security with every change

Use platform when you can

“Defects” and “incidents”

Support for improvement

Align tasks to motivation

Enable self-sufficiency

451RESEARCH.COM


Next steps -> Leadership & Act

• Must evaluate steps on your own

• Individual, departmental, organizational

• Expect – indeed plan for – failure and iteration

451RESEARCH.COM


In closing

• Cloud adoption uneven, nuanced but unwavering

• DevOps adoption growing, uneven, nuanced

• Security is top of mind in both trends

• Path forward for security is alignment, not conflict

• Parting (provocative?) thought:• THIS is how we close “cybersecurity skills shortage”

451RESEARCH.COM


451research.com

US +1 212.505.3030 EUROPE +44 (0) 203.929.5700

Thank you

@451Research

@fsmontenegro

New York

London

Boston

Washington, D.C.

San Francisco

Additional Resources• Shortridge & Forsgren BlackHat

USA 2019

• Accelerate – Forsgren, Humble and Kim

• Cloudsecurityforum.slack.com

• Veracode State of Software Security Report Vol.9

48

lastweekinaws - sector · data-driven business intelligence and analytics delivery of new digital...

Documents