As 451 Research surveys and interacts with a wide variety of organizations, we constantly see evidence for the “one-two punch” from ‘digital transformation’ efforts. First, there is the technology disruption that comes from the wide scale adoption of cloud-based services. This is coupled with the organizational change inherent in the adoption of new delivery models such as DevOps that provide much faster response to business needs.
Containers, PaaS, and serverless trends
There are at least two interesting technology trends to keep in mind. First, organizations are choosing a variety of cloud-provided PaaS and SaaS options: why go through the hassle of setting up a database cluster on virtual machines when a fully-compatible managed database is a couple of API calls away? Second, compute options such as containers and functions-as-a-service are some of the top choices for newer developments.
The adoption of containers and, to a smaller extent, serverless functions also lines up nicely with another important trend: when it comes to compute workloads, organizations are choosing to keep portability in mind. This means, for example, choosing Kubernetes as the target orchestration platform, and looking at options such as knative and Istio for higher-level services. Interestingly, that portability is not just desired between cloud providers, but between on-premises and cloud as well. The data is quite clear that the short and medium-term outlook for enterprise compute is hybrid.
Integrated security is key in this cloud native world
This dynamic is a key motivation for security teams and individuals to adapt and, in many cases, rethink how they engage with their stakeholders and deliver value. For security professionals, this means understanding not only how the new technology stack works, but how it changes the threat models. For teams, it means finding ways to deliver security value within the processes and, importantly, timelines that developers and operations teams are now working under.
This needs to happen not a moment too soon. Data from 451 Research’s Voice of the Enterprise: Cloud, Hosting and Managed Services indicates that ‘security’, ‘compliance’ and ‘data protection’ are the top three factors when organizations consider a workload unsuitable for public cloud. With the potential cost and business value benefits on the line, the need to address these topics is urgent and expectations are high.
One of the more interesting data points from our surveys is below. Coming from 451 Research’s Voice of the Enterprise: Information Security series of studies, it highlights that, as a group, it seems that senior management within organizations is highly confident that cloud solutions can be used for mission-critical workloads. This means that those adopting cloud will be hard-pressed to ensure that their security choices are able to maintain adequate posture.
Both as an organizational function and as individual skillset, those working on security are well-advised to update skills, practices and tooling. On this latter point, one of the most important characteristics of newer cloud-native security technology is having the ability to integrate both across the delivery pipeline – from code through production – and across the stack – be able to cover the entire continuum of compute options now available.
As we consider the combination of newer technology choices, compressed timelines for delivery, and perceptions from senior leadership on the suitability of cloud for all types of workloads, including mission-critical ones, the advice could not be clearer: it’s time to evolve.
Learn more from 451 Research
Interested in learning more about 451 Research’s latest survey statistics and insights on the cloud native ecosystem? Watch our recent webinar, titled Cloud Native: Infrastructure Trends, Security Challenges, and Best Practices with 451 Research Senior Analyst Fernando Montenegro and Twistlock CTO John Morello.
- Cloud Native
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Beyond App Security: Securing Applications No Matter Where They LiveRead the Blog
Surveying the Container Orchestration LandscapeRead the Blog
Building the Right Toolbox for a Successful DevSecOps CareerRead the Blog
BOD 19-02: DHS Vulnerability Remediation RequirementsRead the Blog
CVE-2019-5021: Alpine Linux Docker Image VulnerabilityRead the Blog