While Irish businesses are hosting, on average, more than a third of their workloads in the cloud and 88% expect to move more workloads into the cloud during 2020, there are concerns preventing organisations from adopting a more aggressive approach to cloud.
Such barriers – as highlighted by a recent survey of more than 100 IT decision-makers across Ireland, carried out by TechPro on behalf of Logicalis Ireland and IBM – include security, a lack of in-house knowledge and skills, budget constraints, data compliancy concerns and a lack of visibility of workloads/applications in the cloud.
In 2019, a report from IBM revealed that the average cost of a data breach was estimated at $3.92 million. In most organisations, data is spread across disparate systems, tools and environments, including cloud environments. It is inevitable that gaps and opportunities for attacks will emerge and as well as external threats, companies need to be mindful of insider threats and internal areas of weakness where human error has the potential to pose a major risk to company security.
In the context of cloud security, the landscape has matured significantly in the last 12 months and cloud vendors now offer a greater range of security offerings especially in terms of control and manageability. However, organisations continue to put themselves at risk by not including security in the design from the beginning or by not adopting a security framework with a specific cloud slant.
Another attack vector comes from niche applications developed for easy integration into third party software – often by companies that are born in the cloud. With the promise of additional functionality or business process improvements, organisations jump to integrate these into their own third-party software. However, despite the ease of integration, the same checks, contracts and security controls must be put in place as with an on-prem integration. This is especially the case when personally identifiable information (PII) or valuable company information is being accessed.
Cloud is changing security conversations to APIs, containers and serverless. Going forward, this will demand tighter integration between the developer community and the security teams to ensure that emerging technologies and their associated benefits are properly understood along with the most efficient way to secure them.
Lack of in-house knowledge and skills
With worldwide spend on cloud computing continuing to grow, the demand for cloud computing skills will also rise. This is happening at a time when the availability of people with expertise in cloud services, software development for the cloud and DevOps is limited. In fact, IDC’s Worldwide CIO Agenda 2019 Predictions shows that 30% of high-demand roles for emerging technologies will remain unfilled through 2022.
As well as slowing down cloud adoption projects, the shortage of talent in this area could result in increased staff turnover as those with the desired skills and knowledge – including cloud security, cloud migration and deployment, databases, networking, monitoring, Machine Learning (ML) and Artificial Intelligence (AI) – are targeted and approached by other companies.
In order to leverage the true benefits of the cloud, enterprises need to build their capabilities around this technology and undertake to bridge the skills gap by identifying what is missing within their organisation and what is transferrable. In doing so, they can determine where they need to retrain, upskill and hire. They are then not only encouraging staff retention by giving opportunities for development in interesting new areas of technology, they are also inadvertently reshaping and future-proofing their hiring strategy.
When it comes to the benefits of cloud, greater efficiencies in terms of capital costs always feature. That being said, budget is often cited as a limitation to the degree to which an organisation embraces cloud. These constraints can come in a number of guises, such as the upfront investment needed, costs of upskilling or acquiring the skills needed to manage the cloud environment, potential difficulty in quantifying development costs if application refactoring is required. There can also be a potential fear of the unknown when shifting to a consumption-based pricing model – the dreaded bill shock.
The ability to accurately forecast the TCO for a cloud strategy is a developing science. It is an area where previous experience is an essential element in planning a potential strategy.
These budget challenges often lead to a scenario where the concept of a hybrid or multicloud environment is worth considering as these approaches tend to enable you to get the most out of your existing investments in hardware, software and people skills without sacrificing your move to cloud. Costs, including consumption costs, can be accurately estimated used well developed and readily available online calculators, such as a Total Cost of Ownership (TCO) calculator.
While cloud has offered organisations the opportunity to innovate in terms of the services it offers its customers, it has also resulted in a rise in the quantity and type of data (often personal data) that they hold about their customers. Therefore, it is crucial that companies have the right technologies and procedures in place to uphold compliance and meet data privacy regulations.
Moreover, a business with customers in various jurisdictions needs to comply with the rules in other areas as well. Data will be distributed and stored across different services, so organisations need to keep an inventory of where the data is and have access to it if requested by the individual.
From data storage, threat monitoring and accessibility perspectives, cloud shouldn’t be a headache when it comes to compliance. However, businesses need to understand that the onus is on them in terms of meeting these requirements and regulations. The responsibility inevitably lies with the businesses and individuals – not the cloud systems and solutions.
By adopting a ‘Secure-by-Design’ approach when implementing a new cloud environment, security controls are put in place from the beginning to protect systems and avoid further costs at a later stage. This approach will also help to prevent breaches and security incidents which could be costlier on a much larger scale.
An effective cloud strategy will address cloud barriers
Cloud is much more than another way to run IT and the most successful strategies are those where the business has leveraged the flexibility of cloud to react quickly to market opportunities. As it becomes more advanced and varied, cloud will become more complex from an operational perspective. Organisations need to ensure they have the resources to understand the nuances and the implications of these (cost, security, compliance).
Of course, migrating to the cloud goes beyond IT and impacts the entire business. This is why transparency is key and the strategy needs to be communicated to every level and department within the organisation. It is also important for those who are not focused on this area within the company to understand the benefits of cloud.
Having the right strategy and approach when moving to the cloud often alleviates or overcomes the obstacles associated with it. If you’re thinking about a cloud approach, make sure that you consider all of the associated elements including ongoing management, existing IT infrastructure, in-house resources and compliance. Failing to do so could be costly and, more worryingly, very risky.
To find out how Logicalis Ireland can help your organisation overcome these common barriers to cloud adoption and to help you identify the right cloud approach for your organisation, please contact the team today.