Most Cloud Decisions Hinge on Security

IT pros highly value application mobility and cloud interoperability, research says, but keeping data protected drives most cloud deployments today.

By Joanie Wexler March 25, 2020

As cloud-native applications and orchestration tools make their way into the IT arsenal, they’re teeing up a new chapter in cloud computing history, one that will allow for more dynamic movement of workloads as business requirements change.

According to a recent survey of IT pros, businesses around the world highly value having the flexibility to move workloads to a different cloud infrastructure to meet shifting business demands. However, they say security considerations are currently fueling many of their cloud deployment decisions.

Those surveyed by Vanson Bourne for the second annual Nutanix Enterprise Cloud Index (ECI) report said that the state of intercloud security is the biggest factor determining which clouds their enterprises will deploy. The U.K. researcher polled 2,650 IT professionals across multiple global geographies in 24 countries and industries in July.

What’s Dictating Decisions

Well over half (60%) of the IT pros surveyed said the ability to enforce consistent security policies and compliance across private and public cloud infrastructures dictates which types of clouds they’ll use.

Data security and compliance also took top honors as the biggest consideration in choosing a cloud environment to host a given application, virtual machine (VM), container or other workload. More than a quarter of respondents (26%) chose this factor as the most important one, with cost coming in a distant second (14%) as the biggest determinant.

Though security is clearly a dominant theme in cloud deployment decisions, enterprises struggle with getting it right.

“Maintaining the security aspect of the public cloud is the biggest challenge for us,” ECI respondent Brad Meyer, systems administrator at Middle Tennessee State University in Murfreesboro, Tenn., told The Forecast.

“The lack of expertise – of people with public cloud knowledge – is our struggle,” Meyer explained.

“Our people are already busy day in and day out. Figuring out how to implement security in public clouds” is a whole new learning process that requires time his staff simply doesn’t have, he said.

The Votes Are In: Hybrid Clouds Are Most Secure

2019 ECI results indicate that enterprises consider the hybrid cloud, which mixes some private cloud infrastructure with one or more public cloud services, the most secure IT model. When asked, more than a quarter of respondents (28%) tapped the hybrid model as the most secure, substantially surpassing those who said a fully private on-premises cloud (21%) was most secure and more than twice as many who said traditional, non-cloud-enabled, private data centers (13%) were. Public cloud services brought up the rear, with 9% choosing it as the most secure.

Historically, the greater the level of control an enterprise maintains over its data assets, the more secure those assets have been deemed to be, according to Roman Nemec, an Application Hosting Enterprise Architect at Honeywell, in Brno, Czech Republic.

“I don’t see much difference between private cloud and traditional data center,” Nemec said. “They are the most secure because they are inside the company.”

With a hybrid cloud putting at least some data assets under the security auspices of a third-party provider, however, why would most IT professionals vote for the hybrid model as the most secure?

The situation can perhaps be partly attributed to the well-documented shortfall of cybersecurity skills in general and cloud resources in particular.

“Given the shortage of cybersecurity talent, a public cloud provider that’s likely to have more of those resources on staff might do a better job than an in-house team,” said Ryan Arnold, IT Director at Acumen, LLC in Mesa, Ariz.

“Hybrid clouds can be very secure,” he said. “In the public cloud you don’t have to worry about physical security. We have a large footprint on Microsoft Azure, and they have extensive documentation as to what [legislative mandates] they comply with and how they lock down their infrastructure.”

He added: “Of course, at the application level, we still have to worry about access control, backing up our data, and malware.”

He’s referring to the shared-responsibility model for cybersecurity, pioneered by AWS, in which the cloud vendor secures the infrastructure itself but expects customers to deploy their own user authentication, authorization, access control and threat prevention capabilities.

[Related story: How Secure Is the Hybrid Cloud?]. or [Related story: 3 Essentials for Securing Hybrid Cloud]

Reaching Cloud Nirvana

For the second year in a row, a wide majority of the enterprises that participated in the ECI study (85%) ranked the hybrid cloud as the “ideal” IT operating model, in large part for the dynamic workload movement and security reasons discussed. The 85% number is down from 91% last year, and one reason could be the nascent state of tools for managing hybrid environments.

More than two-thirds (69%) of respondents agreed that while their organizations would benefit from a hybrid cloud, their current IT vendors didn’t provide the right solutions for building and managing a hybrid environment.

The industry needs to “make it easier to calculate public cloud costs, have simpler pricing, and consolidate portals,” said Arnold.

“It’s still very hard to predict what your spend is going to be in the public cloud. There’s been progress with tools that help calculate necessary power and man hours and that compare prices across platforms over a two-year period. They still have a way to go, but they’ve come a long way.”

Joanie Wexler is a contributing writer and editor with more than 20 years’ experience covering IT and computer networking technologies.