Cost, Cyber Risk and Compliance are Defining the Future of Cloud

AUG 19, 2019

by John Filitz, Trace3 Research Analyst

 

Cloud computing is fast becoming a ubiquitous element of enterprise computing. In the short term, the global cloud market is projected to grow at a robust rate of 18% annually, increasing the overall market from $270 billion (2018) to over $620 billion by 2023. This spike in demand for cloud services is driven by the adoption of Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) solutions. According to Rightscale’s State of the Cloud Report, 94% of enterprises surveyed reported using public cloud and 72% private cloud, with an increasing trend of running the majority of workloads off premise.

Given the rapid pace of cloud adoption and the shift away from legacy IT systems, implementation and management challenges are bound to occur. Some of the challenges include cost containment, lack of visibility, cyber risk, and compliance related issues.

For Trace3’s Research Director, Sean Daken, “managing multiple compliance frameworks (e.g., GDPR, HIPPA, SOX, etc.), the myriad complexities of securing multi-cloud and hybrid-cloud environments, and the inability to consistently optimize cloud economics” are the biggest challenges facing enterprises.

This article takes a deeper dive into how these factors play an outsized role in shaping the future of enterprise cloud computing.

High Costs

Rapidly escalating and unpredictable costs in public cloud environments are significant challenges in enterprise environment. Given the added complexity of configuration and orchestration, public cloud costs can unexpectedly increase from month-to-month and by magnitudes of several hundred percent.

A lack of visibility into cloud environments and poor cloud DevOps provisioning are considered the biggest drivers of cost in the cloud. Although challenges remain, emerging technology cost optimization applications are starting to yield significant cost savings for enterprises.

Cloud Misconfiguration

Cloud security too remains a significant challenge area for the enterprise. The growing threat landscape and the near constant stream of high-profile data breaches keeps executives up at night. In 2018 alone, more than two million cyber security incidents occurred, resulting in over $45 billion in losses.

A recent Risk Advisory note by the Securities Exchange Control (SEC) cited cloud misconfiguration as a leading risk to personal consumer data. This vulnerability was confirmed by the Digital Shadows report noting over 2.3 billion files exposed due to misconfiguration –an increase of 750 million files in the last year.

Data breaches due to cloud misconfiguration are becoming commonplace. Most recently Capital One, a financial services provider, was implicated in a data breach arising from cloud misconfiguration exposing over 100 million customer records. Other high-profile misconfiguration related breaches this year include the exposure of AWS S3 buckets in early 2019, containing 540 million Facebook user records. Other data vulnerabilities include sensitive data from the likes of Ford, TD Bank, and Netflix.

In June 2019, PCM, a US-based cloud solution provider (CSP) reported a breach affecting its information system, and in turn, its 2,000 customers. The PCM breach occurred as result of the compromise of an employee’s login credentials – with administrator-level privileges. This allowed the hackers to gain access to PCM and its customers’ accounts, including access to sensitive emails. Microsoft has since made multi-factor authentication mandatory for all CSPs that manage client Office365 accounts

Increasing Regulatory Complexity

In response to recent and ongoing data breaches, governments and regulatory bodies around the world are leading efforts to put increasingly stringent data privacy and security regulatory frameworks in place. Measures such as the General Data Protection Regulation (GDPR) in Europe and other similar efforts shape the future of the enterprise IT landscape.

In the US, the Federal Trade Commission (FTC) recently issued record fines for recent data security and privacy violations. At the same time, state-level regulatory action is garnering a lot of attention. Several states have either legislated or are currently enacting data privacy and security legislation. These efforts include the California Consumer Privacy Act (CCPA) with GDPR-like provisions protecting consumer data. The CCPA is considered the most stringent data privacy and security legislation in the US.

Other state legislative efforts include Colorado, Nevada, New York and Maine, adding to the regulatory complexity. Maine’s Internet Services Provider (ISP) bill, taking effect on July 1, 2020 is touted as the “toughest measures” on ISPs in the country, prohibiting the use, distribution, or selling of consumer data without consent.

The Way Forward

Given this increasingly complex IT enterprise landscape, managing your enterprise IT infrastructure in the cloud can be a daunting prospect for any business. With Trace3 as your Strategic Technology Partner, we can assist you in confidently managing your enterprise cloud ecosystem. We do this by leveraging our best-in-class enterprise cloud expertise to help you manage your risks, while taking advantage of opportunities in this the rapidly evolving technology frontier.

Learn how Trace3 can help your business with your Cloud Objectives

 

Leave a Reply

Your email address will not be published. Required fields are marked *