Cloud

More enterprises are moving to the cloud and implementing DevOps, containers and microservices, but their efforts are falling short of expectations. A recent study from the Ponemon Institute identifies some of the core challenges they face.

Organizations implementing cloud, DevOps, containers, and microservices are often surprised when the outcomes don’t match expectations. A recent survey by the Ponemon Institute, sponsored by hybrid cloud management platform provider Embotics, revealed that 74% of the 600 survey respondents who are responsible for cloud management believe DevOps enablement capabilities are essential, very important, or important for their organization. But only one-third believe their organization has the ability to deliver those capabilities.

Eighty percent believe that microservices and container enablement are essential, very important, or important, but only a quarter believe their organization can quickly deliver those capabilities. The lagging DevOps and microservices enablement costs the average enterprise $34 million per year, which is 23% of their average annual cloud management budget of $147 million.

“There are so many things that result in the loss of information assets and infrastructure issues that can be very costly for organizations to deal with. This rush to the cloud has created all sorts of issues for organizations,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The way organizations have implemented DevOps facilitates a rush-to-release mentality that doesn’t necessarily improve the state of security.”

Organizations assume that implementing a DevOps framework will necessarily result in software quality improvement and risk reduction because they can build in security early in the software development lifecycle (SDLC).

“That’s all theoretically true, but organizations are pretty sloppy about the way they’ve implemented software,” said Ponemon. “In other Ponemon studies, we’ve seen that there’s a difference between the DevOps that you want versus the DevOps that you get.”

Why hybrid cloud implementations are so tough

Shadow IT is one reason why cloud implementations are more costly and are less effective than they could be.

“Companies develop silos where different groups of people have different tools that aren’t necessarily compatible,” said Ponemon. “A lot of organizations think a cloud platform tool is fungible whether you buy it from Vendor A, B, or C and you’re going to get the same outcome, but that’s not true at all.”

Forty-six percent of survey respondents said their organizations’ consumption model is “cloud direct,” meaning that end users are bypassing IT and cloud management technologies. Instead, they’re communicating directly with clouds such as AWS or Microsoft Azure via native APIs or their own public cloud accounts.

The patchwork model of cloud adoption results in complex environments that provide little visibility and are difficult to manage. In fact, 70% of survey participants said they have no visibility into the purpose or ownership of the virtual machines in their cloud environment.

Interestingly, one cloud benefit often touted is that one does not have to understand where resources reside.

“You would expect if you’re operating in a cloud environment [that] it’s going to help you gain visibility because you don’t have to look very far to find your data, but it basically doesn’t work that way,” said Ponemon. “A lot of organizations don’t have the tools to understand where their machines are and where the data is located. They don’t have much control over the network layer and sometimes no control over the application layer so the end result becomes kind of messy.”

The lack of visibility and control expose an enterprise to several risks including negligence and cyberattacks that are “a perfect storm” for bad actors. Fifty-seven percent of survey participants believe users are increasing business risk by violating policies about where digital assets can reside.

“A lot of CSOs are angry at the lines of business because they can’t necessarily implement the security protocols they need,” said Ponemon. “The whole idea of getting things out quickly can be more important when a little bit slower delivery can result in a higher quality level.”

Ideally, organizations should have a single user interface that enables them to view their entire environment, although 68% of the survey respondents lack that capability. 

“Having a single user interface is really smart because you have one place where you can do a lot of cool things and have more control and visibility, but not all platforms work very well,” said Ponemon. “Platforms have to be implemented like software. It’s not like an appliance that you plug in. It requires a lot of stuff to make it work the right way.”

When a hybrid cloud management platform is implemented correctly it can enable a successful DevOps environment because there’s greater control over the hybrid cloud.

Hybrid cloud management is evolving

Hybrid cloud management maturity has three phases, according to Ponemon. In the first phase, hybrid IT develops organically because lines of business are procuring their own cloud solutions, typically without the involvement of IT or security.

“I think this whole cloud shadow issue is a real issue because it creates turf wars and silos,” said Ponemon. “Dealing with that can be very tough and that’s why we need to have management with an iron fist. There’s too much at risk so some people need to be more influential than others in the decision-making processes rather than running it organically.”

The companies that have matured to the second phase, use a cloud management platform (CMP 1.0), although they tend to experience disparities between the platform’s capabilities and their actual DevOps requirements. The Ponemon Institute defines CMP 1.0 as “solutions providing provisioning, automation, workflow orchestration, self-service, cloud governance, single-pane-of-glass visibility, capacity rightsizing and cost management across public, private and hybrid clouds.”

By comparison, the newer CMP 2.0 platforms provide those benefits and they reduce the friction and complexity associated with microservices, containers, cloud-native applications, and DevOps. CMP 2.0 also enables corporate governance and compliance without impeding development speed and agility. Sixty-three percent of survey respondents believe CMP 2.0 capabilities would reduce hybrid cloud management costs by an average of $34 million per year.