Unlocking the Benefits of Public Cloud - Barracuda Networks

Unlocking the Benefits of Public Cloud A Barracuda Funded Survey

White Paper

Barracuda • Unlocking the Benefits of Public Cloud

Unlocking the Benefits of Public Cloud As a prominent cloud vendor, we are often asked for specifics on what people are doing, what platforms they are choosing, what benefits they are seeing, and how they are addressing cloud migration challenges. A year ago, we did a survey called “The Clouds Go Mainstream” because it seemed apparent to us that the cloud was no longer a leading-edge, experimental, non-core infrastructure. We took a deeper look at the cloud this year with the help of researcher Vanson Bourne. Together, we surveyed 1300 “cloud-savvy” respondents from all three major geographies (Americas, Europe/Middle East/Africa, and Asia/Pacific), and found that cloud adoption was indeed growing. Additionally, the sophistication of the customers’ dealing with the cloud was growing: 40% of respondents had some percentage of their infrastructure in the cloud. We also found that while 51% of organizations felt cloud providers offered “strong protection” for their cloud infrastructure, 62% had added additional security solutions to bolster their cloud protection. We found that customers are growing more comfortable living in hybrid environments— specifically, multi-cloud hybrid environments. Only half were storing confidential data in the public cloud, with the remainder keeping that sensitive data on-premises. They also believe the cloud will continue to gain momentum, address security concerns, and deliver value. Of the organizations already deploying public cloud, nearly 30% stated they saw a positive ROI within the first year of deployment, and there was nearly universal agreement that cloud benefits included better availability, lower costs, and better customer service for their users. Smaller organizations may lag behind bigger ones, but all are interested in leveraging the cost advantages, scalability, and simplified management of a cloud-based infrastructure as part of their IT stack, especially as they gain confidence with the cloud.

Page 2 of 13

Page 3 of 13


Demographics Behind Our Survey We asked the 1300 respondents to also identify their business sector. General questions about public cloud were asked to the full group; cloud-specific questions (usage, security solution deployed, etc.) were asked only of organizations reporting actual cloud usage (roughly 900 respondents).

Survey respondents by country UK

150

Germany

150

France

150 70

Belgium/Netherlands Austria

30 300

US 150

India 100

Australia Malaysia

50

Singapore

50

Indonesia

50

Hong Kong

50

Represented business sectors from responding organizations 262

IT, technology and telecoms Manufacturing and production

186

Retail, distribution and transport

175

Financial services

152

Public sector

135 120

Business and professional services Energy, oil/gas and utilities Construction and property Media, leisure and entertainment Other commercial sectors

55 43 36 136

Page 4 of 13


This white paper covers four areas: 1.

Background to respondents’ use of public cloud.

2.

Public cloud benefits organizations have seen so far.

3.

Challenges organizations see with using public cloud.

4.

Public cloud security.

Background Public Cloud Use It was important for us to understand how respondents approached the cloud. On average (of the respondents using the cloud), organizations have nearly 40% of their infrastructure in the public cloud today, and they expect to increase this to almost 70% within five years’ time. What’s interesting is that U.S. organizations lead the move to public cloud with 43.8% having some infrastructure in the cloud, but EMEA is nearly equal with 42.3%; APAC lags behind only a bit at 35%. Note: Public sector organizations have moved more slowly in all geographies, with 32% (on average) of their infrastructure in the public cloud.

Percentage of organizations’ infrastructure running in the public cloud Currently In Two Years’ Time

39.4% 55.59% 68.84%

In Five Years’ Time

The majority of organizations, (83%) said they used public cloud for storage, followed by data recovery (62%), and website and application hosting (58%). When we looked at business sectors regarding data storage, there was considerable uniformity. Only manufacturing and construction sectors reported higher use of cloud for public storage.

How do organizations leverage public cloud? 83%

Data storage Data recovery

62%

Website/application hosting

58%

Data analytics

57%

Customer Relationship Management (CRM) sytems

51% 44%

Application testing and development Desktop virtualization Development/testing

40% 34%

Because so many organizations reported using cloud for website and application hosting, we wanted to know the breakout between external-facing applications (which typically rely on some

Page 5 of 13


sort of web application firewall, either native to the cloud or from a third party) for security, and internal-facing applications (which are often protected through secure remote access solutions). The ratio of external to internal-facing applications was nearly 2 to 1.

Do organizations use public cloud for external-facing or internal-facing applications? We only or mostly run external-facing applications in the public cloud We only or mostly run internal-facing applications in the public cloud

63%

36%

Key Takeaway: Web applications are typically the easiest to deploy in the public cloud: This is called “lift and shift” and applications, which were hosted internally or by external hosting companies, are easily migrated to public cloud infrastructures, and they are often applications that get migrated first. While 4 out of 10 respondents reported that their organizations relied on public cloud deployments to expand their services – and often to replicate those over multiple regions – 30% said they only migrated selected services to the cloud and kept the balance on-premises. Another 23% said they used the public cloud as a virtual data center, moving virtual servers to the cloud. Additionally, 7% used the cloud only for new “born-in-the-cloud” solutions and kept the remainder of the infrastructure and applications on premises.

What do organizations say is their best use for public cloud?

1% 7% 0% 23%

40%

30% To expand our services and replicate it to multiple regions We migrate only selected services to public cloud while running the rest in our private datacentre We simply migrate existing servers to public cloud and use it as a co-located datacentre Mainly to build new “cloud-native” solutions with high usage of PaaS and SaaS services Don’t know Other

Key Takeaway: The inference here is that organizations are growing more comfortable with hybrid environments that deploy a range of public cloud services along with a more traditional on-premises infrastructure.

Page 6 of 13


Public Cloud Benefits Nearly all the respondents (99%) said that their organization has seen many benefits as a result of moving to the public cloud, including greater scalability and reduced IT expenditures. We looked at the geographical dispersion of cloud benefits and found that about 10% of APAC respondents were more likely to report that they gained improved security and access to applications. Respondents in EMEA on the other hand were less likely to cite improved security as one of the key drivers to public cloud (36%).

What benefits have organizations seen from using the public cloud? Greater scalability

52%

Reduced IT expenditure

52% 45%

Greater agility Improved security of applications

44%

IT staff spend less time on general maintenance

44% 42%

Better visibility of organization’s applications Improved IT security (other than applications)

39%

Improved security of access to applications

39%

Faster time to market Customers are comfortable giving personal data

32% 17%

We have not seen any benefits

0%

Don’t know

0%

Organizations were asked about their 10 biggest drivers for moving to the cloud, and over half felt that easy integration with legacy technology was a key driver. APAC, again, saw security as a stronger driver (60%) than the U.S. (54%) or EMEA (49%).

What are the ten most important drivers for choosing a public cloud service provider? 57%

Easy integration with legacy technology Strong protection of public cloud applications

54% 47%

Support offered by the public cloud service provider

46%

Strong protection of access to public cloud applications

45%

Strong protection of data in the public cloud

42%

Scalability of public cloud services

40%

Geographical location of where data is stored A high level of experience Effective disaster recovery An innovative approach

37% 35% 34%

Page 7 of 13


Because the cloud offers a variety of payment or licensing options over traditional on-premises infrastructures, we wanted to know what respondents thought of the various licensing options. 38% wanted the cloud provider fee to be based on usage, while 28% were comfortable with the more traditional “bring-your-own-license” approach. Only 19% saw the hourly “pay-as-you-go” option as their preference, but a large percentage (15%) said they had no preference, but instead made their decisions based on which was the most economical for their needs.

What are organizations’ preferred payment options for licensing public cloud solutions?

15%

1%

38%

18%

28% Usage - the fee paid to the cloud provider is based on usage BYOL (Bring Your Own License) Hourly - the fee paid to the cloud provider is based on the time that the solution is running We have no preference, we would go with whatever is cheapest Don’t know

Key Takeaway: As customers weigh licensing options by usage, per hour, unlimited, etc., we see customers beginning to understand how they can leverage different licensing options to gain greater cost control. This becomes more important when third-party vendors – such as security – are added to the mix. It’s critical that those third parties offer equivalent licensing options for how the customer is licensing their public cloud infrastructure. We also asked which provider or providers respondents were using. We found that, on average, organizations didn’t use a single cloud provider for everything – they used three! Microsoft Azure was the most popular – 57% overall with 57% as the average. Amazon Web Services (AWS) as the second, with an average of 48%, and Google Cloud Services as a close third with 47%. What’s worth mentioning is that Google Cloud Services (GCP) is significantly more popular in APAC (64%). We also found that 30% of organizations using the public cloud were also using IBM Bluemix. When asked why they chose multiple public cloud providers, organizations cited a number of reasons. Top of mind was that different providers had different strengths (63%), followed by the view that having multiple solutions increased security (51%), and helped keep costs down (42%). A third of organizations felt that they had to use more than one provider because no single public cloud could give them everything they required.

Page 8 of 13


Why do those organizations using more than one public cloud provider, do so? Asked to those who use more than one (907) 63%

Different providers have different strengths We feel it increases security

51%

It helps to keep costs down

42%

Different offices/branches of the organization choose to use different providers

37%

It helps to keep our infrastructure scalable

36%

No one provider can offer us everything we require from the cloud It ‘just happened’ over time There is no reason

33% 2% 0%

However, having multiple solutions does come at a cost – 47% reported that this resulted in a more complex IT environment, and 46% said this actually resulted in higher IT costs. Only 13% saw no negative impacts to using multiple cloud providers. Key Takeaway: Customers often end up with multiple cloud providers as well as on-premises (legacy) infrastructures. This can have implications on complexity and overall costs; and is further compounded when third-party solutions – such as security – are added to the mix. Therefore, customers are advised to look for third parties who support a wide range of ecosystems with the same or similar solutions.

Public Cloud Challenges While organizations were fairly universal in their praise for the public cloud, they weren’t shy about sharing the challenges they have seen and continue to see – 71% felt that security concerns restricted their ability to migrate workloads to the public cloud. Security threats such as phishing (50%), DDoS (47%), APTs (45%), and ransomware (41%) were top of mind. These examples (and cyberattacks in general) figured prominently in the concerns that they had with the public cloud.

Percentage of organizations where security has precluded their ability to migrate to public cloud, by geography Total

71%

APAC total

77% 74%

US total EMEA total

64%

Nine out of 10 (91% ) of organizations reported they had concerns over their use of public cloud, with cyberattacks being the chief concern at 54%. Over half (56%) had experienced at least one cyberattack, and 30% expect this to continue in the future.

Page 9 of 13


What are the concerns that organizations have regarding the use of public cloud? 54%

The impact of cyberattacks Keeping up with regulations (e.g. GDPR, PCI and HIPAA)

42%

Cost to maintain the use of cloud

39%

Shadow IT

30%

Lack of expert partner to work with for cloud security

28% 25%

Lack of in-house skills to maintain cloud Difficulty integrating cloud with legacy technology

21%

Poor availability

19%

We do not have any concerns

9%

When we examined the cyberattack issue more deeply, we found that the average number of attacks an organization had seen were five. We asked organizations what kinds of impacts they felt from cyberattacks, and over one-third felt that customers lost faith in that organization’s cybersecurity. Additionally, 27% saw an impact in regulartory fines, 24% in compensation payouts, and 21% had their businesses temporarily closed as a result of cyberattacks. Security is clearly a large concern.

Has your organization been targetted by a cyberattack?

1% 11% 3% 17%

30%

Average attacks: 5

25%

13% Yes, five to ten times Yes, two to five times Yes, only once No, but we expect that this will happen in the future No, and we do not expect that this will happen Don’t know Yes, more than ten times

Page 10 of 13


The challenge with security was further heightened with the information organizations are storing in public clouds. Over 50% of all organizations store some type of personal data (personnel records, medical records, etc.) in the public cloud, and nearly the same precentage (55%) store customer order history. Bank details were particularly concerning for organizations. By geography, we found that over 40% of all organizations, on average, were storing either customer bank details or employee bank details in the cloud. This figure is higher for APAC, and lowest for the U.S.

Percentage of organizations who store bank details in the public cloud, by geography 45%

Total

39% 53% 51%

APAC total 40%

EMEA total

US total

32% 38% 31%

Customer bank details Employee bank details

Key Takeaway: If we were able to ascertain from a simple survey that organizations are storing sensitive and financial data in the public cloud, then readers should assume that hackers already know this. The relative ease with which attackers can compromise organizations – as reported time over time in the media – should raise concerns over what kinds of security measures are put in place prior to storing such data. Many threats don’t reveal themselves until long after sensitive data has been compromised.

Public Cloud Security Since security loomed as a key issue in our survey, we asked respondents a number of detailed security-based questions. The Shared Responsibility Security Model – wherein cloud providers are responsible for the security of the cloud, while organizations using the cloud are responsible for the security of what they put in the cloud – is not new, and 72% felt they fully understood their cloud security responsibilities. This was in stark contrast to what organizations believed their IaaS or cloud provider was responsible to provide for security – 71% felt the cloud provider was responsible for customer data in the public cloud, and 66% for applications in the public cloud. When we looked at this data by region, we found EMEA was less optimistic about cloud security than the U.S. (64%) with APAC somewhere in between.

Page 11 of 13


What do organizations believe public cloud service providers are responsible to secure? 71%

Customer data in the public cloud Applications in the publc cloud

66% 65%

Operating systems in the public cloud 57%

Physical security of infrastructure 47%

Virtualisation security 39%

Hypervisors (virtual machine managers) Our IaaS provider is not responsible for any security

0%

Don’t know

0%

Of all the organizations surveyed, 52% were confident that their move to the cloud was secure: APAC was most confident at 59%, EMEA least confident at 43%. But large differences emerged when we looked at this question by sector. Expectedly, only 28% of media, leisure, and entertainment organizations felt their cloud infrastructure was secure, while IT, technology, and telecomms organizations were the most confident (56%).

How many organizations are totally confident the cloud is secure, by sector? 52%

Total IT, technology and telecoms

56%

Financial services

56%

Other commercial sectors

56% 55%

Energy, oil/gas and utilities

52%

Manufacturing and productions

50%

Public sector Construction and property

49%

Business and professional services

48% 47%

Retail, distribution and transport Media, leisure and entertainment

28%

Page 12 of 13


More important was how these organizations approached public cloud security. Three out of 5 (62%) respondants said that they had included additional security solutions in their public cloud infrastructure (in the U.S., this figure is 67%). Only a small portion of organizations either had no plans to include additional security or hadn’t thought about it. A third of companies who hadn’t implemented additional or third-party security solutions planned to add them to their cloud infrastructure.

Have organizations added additional security solutions to public cloud instances? 62% Total

34% 3% 1% 67%

US total

30% 2% 1% 66%

APAC total

32% 2% 0% 57%

EMEA total

Yes

No, but we plan to

37% 4% 2% No and we have no plans to

Don’t know

We asked about several specific types of security solutions being added to the cloud. These ranged from relatively basic configuration strategies (64% are routing branch locations’ traffic through a central secured MPLS or other circuit to the cloud) to SD-WAN and other distriputed solutions (28%).

Key Takeaways: Companies deploying the most common security routine – routing branch locations’ traffic through a central security solution – generally find these solutions lack scale and cost benefits as their cloud leverage increases. Companies that look at distributed security solutions such as next-generation firewalls and web application firewalls closer to the point of access eliminate those issues, but find new ones in managing multiple devices. Therefore, look for vendors who can provide a common management scheme – either in their products or using public cloud security infrastructures – to simplify managing and monitoring ongoing security.

Conclusion By and large, companies are accelerating their usage of the public cloud and have gained some familiarity with the general challenges – particularly the security issues that are inherent in the public cloud. They are deploying more hybrid networks and are leveraging multiple clouds,


Page 13 of 13

gaining scalability and flexibility by utilizing individual cloud providers’ strengths and licensing options. The key takeaway for readers is that there are still security issues with cloud deployments; however, there are also numerous choices for organizations to enhance their cloud security. As a leading cloud security provider, Barracuda has already addressed many of the challenges and concerns that organizations raised in this survey. We have sought to address growing hybrid infrastructures by providing products that operate in similar fashion whether on-premises or in the cloud, and leverage all the innovations that cloud providers build into their infrastructures. Barracuda remains out in front in regards to licensing options – for example, we were the first firewall offered in AWS with metered or consumption-based licensing. Barracuda solutions are Cloud Ready and designed for a hybrid world: our on-premises and cloud solutions can work seamlessly together to protect customers’ data and applications regardless of where they reside. Barracuda is a great choice for organizations that are just beginning their cloud journey or finding new ways to unlock the value of the public cloud. To learn more about Barracuda’s cloud security solutions, visit the Barracuda Cloud Ready web page.

About Barracuda Networks, Inc. (NYSE: CUDA) Barracuda (NYSE: CUDA) simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside. These powerful, easy-to-use and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud and hybrid deployment configurations. Barracuda’s customer-centric business model focuses on delivering high-value, subscription-based IT solutions that provide end-to-end network and data protection. For additional information, please visit barracuda.com. Barracuda Networks, Barracuda, and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the US and other countries. US 1.0 • Copyright © Barracuda Networks, Inc.

Barracuda Networks Inc. 3175 S. Winchester Boulevard Campbell, CA 95008 United States t: 1-408-342-5400 1-888-268-4772 (US & Canada) e: [email protected] w: barracuda.com