As a prominent cloud vendor, we are often asked for specifics on what people are doing, what platforms they are choosing
Unlocking the Benefits of Public Cloud A Barracuda Funded Survey
White Paper
Barracuda • Unlocking the Benefits of Public Cloud
Unlocking the Benefits of Public Cloud As a prominent cloud vendor, we are often asked for specifics on what people are doing, what platforms they are choosing, what benefits they are seeing, and how they are addressing cloud migration challenges. A year ago, we did a survey called “The Clouds Go Mainstream” because it seemed apparent to us that the cloud was no longer a leading-edge, experimental, non-core infrastructure. We took a deeper look at the cloud this year with the help of researcher Vanson Bourne. Together, we surveyed 1300 “cloud-savvy” respondents from all three major geographies (Americas, Europe/Middle East/Africa, and Asia/Pacific), and found that cloud adoption was indeed growing. Additionally, the sophistication of the customers’ dealing with the cloud was growing: 40% of respondents had some percentage of their infrastructure in the cloud. We also found that while 51% of organizations felt cloud providers offered “strong protection” for their cloud infrastructure, 62% had added additional security solutions to bolster their cloud protection. We found that customers are growing more comfortable living in hybrid environments— specifically, multi-cloud hybrid environments. Only half were storing confidential data in the public cloud, with the remainder keeping that sensitive data on-premises. They also believe the cloud will continue to gain momentum, address security concerns, and deliver value. Of the organizations already deploying public cloud, nearly 30% stated they saw a positive ROI within the first year of deployment, and there was nearly universal agreement that cloud benefits included better availability, lower costs, and better customer service for their users. Smaller organizations may lag behind bigger ones, but all are interested in leveraging the cost advantages, scalability, and simplified management of a cloud-based infrastructure as part of their IT stack, especially as they gain confidence with the cloud.
Page 2 of 13
Page 3 of 13
Barracuda • Unlocking the Benefits of Public Cloud
Demographics Behind Our Survey We asked the 1300 respondents to also identify their business sector. General questions about public cloud were asked to the full group; cloud-specific questions (usage, security solution deployed, etc.) were asked only of organizations reporting actual cloud usage (roughly 900 respondents).
Survey respondents by country UK
150
Germany
150
France
150 70
Belgium/Netherlands Austria
30 300
US 150
India 100
Australia Malaysia
50
Singapore
50
Indonesia
50
Hong Kong
50
Represented business sectors from responding organizations 262
IT, technology and telecoms Manufacturing and production
186
Retail, distribution and transport
175
Financial services
152
Public sector
135 120
Business and professional services Energy, oil/gas and utilities Construction and property Media, leisure and entertainment Other commercial sectors
55 43 36 136
Page 4 of 13
Barracuda • Unlocking the Benefits of Public Cloud
This white paper covers four areas: 1.
Background to respondents’ use of public cloud.
2.
Public cloud benefits organizations have seen so far.
3.
Challenges organizations see with using public cloud.
4.
Public cloud security.
Background Public Cloud Use It was important for us to understand how respondents approached the cloud. On average (of the respondents using the cloud), organizations have nearly 40% of their infrastructure in the public cloud today, and they expect to increase this to almost 70% within five years’ time. What’s interesting is that U.S. organizations lead the move to public cloud with 43.8% having some infrastructure in the cloud, but EMEA is nearly equal with 42.3%; APAC lags behind only a bit at 35%. Note: Public sector organizations have moved more slowly in all geographies, with 32% (on average) of their infrastructure in the public cloud.
Percentage of organizations’ infrastructure running in the public cloud Currently In Two Years’ Time
39.4% 55.59% 68.84%
In Five Years’ Time
The majority of organizations, (83%) said they used public cloud for storage, followed by data recovery (62%), and website and application hosting (58%). When we looked at business sectors regarding data storage, there was considerable uniformity. Only manufacturing and construction sectors reported higher use of cloud for public storage.
How do organizations leverage public cloud? 83%
Data storage Data recovery
62%
Website/application hosting
58%
Data analytics
57%
Customer Relationship Management (CRM) sytems
51% 44%
Application testing and development Desktop virtualization Development/testing
40% 34%
Because so many organizations reported using cloud for website and application hosting, we wanted to know the breakout between external-facing applications (which typically rely on some
Page 5 of 13
Barracuda • Unlocking the Benefits of Public Cloud
sort of web application firewall, either native to the cloud or from a third party) for security, and internal-facing applications (which are often protected through secure remote access solutions). The ratio of external to internal-facing applications was nearly 2 to 1.
Do organizations use public cloud for external-facing or internal-facing applications? We only or mostly run external-facing applications in the public cloud We only or mostly run internal-facing applications in the public cloud
63%
36%
Key Takeaway: Web applications are typically the easiest to deploy in the public cloud: This is called “lift and shift” and applications, which were hosted internally or by external hosting companies, are easily migrated to public cloud infrastructures, and they are often applications that get migrated first. While 4 out of 10 respondents reported that their organizations relied on public cloud deployments to expand their services – and often to replicate those over multiple regions – 30% said they only migrated selected services to the cloud and kept the balance on-premises. Another 23% said they used the public cloud as a virtual data center, moving virtual servers to the cloud. Additionally, 7% used the cloud only for new “born-in-the-cloud” solutions and kept the remainder of the infrastructure and applications on premises.
What do organizations say is their best use for public cloud?
1% 7% 0% 23%
40%
30% To expand our services and replicate it to multiple regions We migrate only selected services to public cloud while running the rest in our private datacentre We simply migrate existing servers to public cloud and use it as a co-located datacentre Mainly to build new “cloud-native” solutions with high usage of PaaS and SaaS services Don’t know Other
Key Takeaway: The inference here is that organizations are growing more comfortable with hybrid environments that deploy a range of public cloud services along with a more traditional on-premises infrastructure.
Page 6 of 13
Barracuda • Unlocking the Benefits of Public Cloud
Public Cloud Benefits Nearly all the respondents (99%) said that their organization has seen many benefits as a result of moving to the public cloud, including greater scalability and reduced IT expenditures. We looked at the geographical dispersion of cloud benefits and found that about 10% of APAC respondents were more likely to report that they gained improved security and access to applications. Respondents in EMEA on the other hand were less likely to cite improved security as one of the key drivers to public cloud (36%).
What benefits have organizations seen from using the public cloud? Greater scalability
52%
Reduced IT expenditure
52% 45%
Greater agility Improved security of applications
44%
IT staff spend less time on general maintenance
44% 42%
Better visibility of organization’s applications Improved IT security (other than applications)
39%
Improved security of access to applications
39%
Faster time to market Customers are comfortable giving personal data
32% 17%
We have not seen any benefits
0%
Don’t know
0%
Organizations were asked about their 10 biggest drivers for moving to the cloud, and over half felt that easy integration with legacy technology was a key driver. APAC, again, saw security as a stronger driver (60%) than the U.S. (54%) or EMEA (49%).
What are the ten most important drivers for choosing a public cloud service provider? 57%
Easy integration with legacy technology Strong protection of public cloud applications
54% 47%
Support offered by the public cloud service provider
46%
Strong protection of access to public cloud applications
45%
Strong protection of data in the public cloud
42%
Scalability of public cloud services
40%
Geographical location of where data is stored A high level of experience Effective disaster recovery An innovative approach
37% 35% 34%
Page 7 of 13
Barracuda • Unlocking the Benefits of Public Cloud
Because the cloud offers a variety of payment or licensing options over traditional on-premises infrastructures, we wanted to know what respondents thought of the various licensing options. 38% wanted the cloud provider fee to be based on usage, while 28% were comfortable with the more traditional “bring-your-own-license” approach. Only 19% saw the hourly “pay-as-you-go” option as their preference, but a large percentage (15%) said they had no preference, but instead made their decisions based on which was the most economical for their needs.
What are organizations’ preferred payment options for licensing public cloud solutions?
15%
1%
38%
18%
28% Usage - the fee paid to the cloud provider is based on usage BYOL (Bring Your Own License) Hourly - the fee paid to the cloud provider is based on the time that the solution is running We have no preference, we would go with whatever is cheapest Don’t know
Key Takeaway: As customers weigh licensing options by usage, per hour, unlimited, etc., we see customers beginning to understand how they can leverage different licensing options to gain greater cost control. This becomes more important when third-party vendors – such as security – are added to the mix. It’s critical that those third parties offer equivalent licensing options for how the customer is licensing their public cloud infrastructure. We also asked which provider or providers respondents were using. We found that, on average, organizations didn’t use a single cloud provider for everything – they used three! Microsoft Azure was the most popular – 57% overall with 57% as the average. Amazon Web Services (AWS) as the second, with an average of 48%, and Google Cloud Services as a close third with 47%. What’s worth mentioning is that Google Cloud Services (GCP) is significantly more popular in APAC (64%). We also found that 30% of organizations using the public cloud were also using IBM Bluemix. When asked why they chose multiple public cloud providers, organizations cited a number of reasons. Top of mind was that different providers had different strengths (63%), followed by the view that having multiple solutions increased security (51%), and helped keep costs down (42%). A third of organizations felt that they had to use more than one provider because no single public cloud could give them everything they required.
Page 8 of 13
Barracuda • Unlocking the Benefits of Public Cloud
Why do those organizations using more than one public cloud provider, do so? Asked to those who use more than one (907) 63%
Different providers have different strengths We feel it increases security
51%
It helps to keep costs down
42%
Different offices/branches of the organization choose to use different providers
37%
It helps to keep our infrastructure scalable
36%
No one provider can offer us everything we require from the cloud It ‘just happened’ over time There is no reason
33% 2% 0%
However, having multiple solutions does come at a cost – 47% reported that this resulted in a more complex IT environment, and 46% said this actually resulted in higher IT costs. Only 13% saw no negative impacts to using multiple cloud providers. Key Takeaway: Customers often end up with multiple cloud providers as well as on-premises (legacy) infrastructures. This can have implications on complexity and overall costs; and is further compounded when third-party solutions – such as security – are added to the mix. Therefore, customers are advised to look for third parties who support a wide range of ecosystems with the same or similar solutions.
Public Cloud Challenges While organizations were fairly universal in their praise for the public cloud, they weren’t shy about sharing the challenges they have seen and continue to see – 71% felt that security concerns restricted their ability to migrate workloads to the public cloud. Security threats such as phishing (50%), DDoS (47%), APTs (45%), and ransomware (41%) were top of mind. These examples (and cyberattacks in general) figured prominently in the concerns that they had with the public cloud.
Percentage of organizations where security has precluded their ability to migrate to public cloud, by geography Total
71%
APAC total
77% 74%
US total EMEA total
64%
Nine out of 10 (91% ) of organizations reported they had concerns over their use of public cloud, with cyberattacks being the chief concern at 54%. Over half (56%) had experienced at least one cyberattack, and 30% expect this to continue in the future.
Page 9 of 13
Barracuda • Unlocking the Benefits of Public Cloud
What are the concerns that organizations have regarding the use of public cloud? 54%
The impact of cyberattacks Keeping up with regulations (e.g. GDPR, PCI and HIPAA)
42%
Cost to maintain the use of cloud
39%
Shadow IT
30%
Lack of expert partner to work with for cloud security
28% 25%
Lack of in-house skills to maintain cloud Difficulty integrating cloud with legacy technology
21%
Poor availability
19%
We do not have any concerns
9%
When we examined the cyberattack issue more deeply, we found that the average number of attacks an organization had seen were five. We asked organizations what kinds of impacts they felt from cyberattacks, and over one-third felt that customers lost faith in that organization’s cybersecurity. Additionally, 27% saw an impact in regulartory fines, 24% in compensation payouts, and 21% had their businesses temporarily closed as a result of cyberattacks. Security is clearly a large concern.
Has your organization been targetted by a cyberattack?
1% 11% 3% 17%
30%
Average attacks: 5
25%
13% Yes, five to ten times Yes, two to five times Yes, only once No, but we expect that this will happen in the future No, and we do not expect that this will happen Don’t know Yes, more than ten times
Page 10 of 13
Barracuda • Unlocking the Benefits of Public Cloud
The challenge with security was further heightened with the information organizations are storing in public clouds. Over 50% of all organizations store some type of personal data (personnel records, medical records, etc.) in the public cloud, and nearly the same precentage (55%) store customer order history. Bank details were particularly concerning for organizations. By geography, we found that over 40% of all organizations, on average, were storing either customer bank details or employee bank details in the cloud. This figure is higher for APAC, and lowest for the U.S.
Percentage of organizations who store bank details in the public cloud, by geography 45%
Total
39% 53% 51%
APAC total 40%
EMEA total
US total
32% 38% 31%
Customer bank details Employee bank details
Key Takeaway: If we were able to ascertain from a simple survey that organizations are storing sensitive and financial data in the public cloud, then readers should assume that hackers already know this. The relative ease with which attackers can compromise organizations – as reported time over time in the media – should raise concerns over what kinds of security measures are put in place prior to storing such data. Many threats don’t reveal themselves until long after sensitive data has been compromised.
Public Cloud Security Since security loomed as a key issue in our survey, we asked respondents a number of detailed security-based questions. The Shared Responsibility Security Model – wherein cloud providers are responsible for the security of the cloud, while organizations using the cloud are responsible for the security of what they put in the cloud – is not new, and 72% felt they fully understood their cloud security responsibilities. This was in stark contrast to what organizations believed their IaaS or cloud provider was responsible to provide for security – 71% felt the cloud provider was responsible for customer data in the public cloud, and 66% for applications in the public cloud. When we looked at this data by region, we found EMEA was less optimistic about cloud security than the U.S. (64%) with APAC somewhere in between.
Page 11 of 13
Barracuda • Unlocking the Benefits of Public Cloud
What do organizations believe public cloud service providers are responsible to secure? 71%
Customer data in the public cloud Applications in the publc cloud
66% 65%
Operating systems in the public cloud 57%
Physical security of infrastructure 47%
Virtualisation security 39%
Hypervisors (virtual machine managers) Our IaaS provider is not responsible for any security
0%
Don’t know
0%
Of all the organizations surveyed, 52% were confident that their move to the cloud was secure: APAC was most confident at 59%, EMEA least confident at 43%. But large differences emerged when we looked at this question by sector. Expectedly, only 28% of media, leisure, and entertainment organizations felt their cloud infrastructure was secure, while IT, technology, and telecomms organizations were the most confident (56%).
How many organizations are totally confident the cloud is secure, by sector? 52%
Total IT, technology and telecoms
56%
Financial services
56%
Other commercial sectors
56% 55%
Energy, oil/gas and utilities
52%
Manufacturing and productions
50%
Public sector Construction and property
49%
Business and professional services
48% 47%
Retail, distribution and transport Media, leisure and entertainment
28%
Page 12 of 13
Barracuda • Unlocking the Benefits of Public Cloud
More important was how these organizations approached public cloud security. Three out of 5 (62%) respondants said that they had included additional security solutions in their public cloud infrastructure (in the U.S., this figure is 67%). Only a small portion of organizations either had no plans to include additional security or hadn’t thought about it. A third of companies who hadn’t implemented additional or third-party security solutions planned to add them to their cloud infrastructure.
Have organizations added additional security solutions to public cloud instances? 62% Total
34% 3% 1% 67%
US total
30% 2% 1% 66%
APAC total
32% 2% 0% 57%
EMEA total
Yes
No, but we plan to
37% 4% 2% No and we have no plans to
Don’t know
We asked about several specific types of security solutions being added to the cloud. These ranged from relatively basic configuration strategies (64% are routing branch locations’ traffic through a central secured MPLS or other circuit to the cloud) to SD-WAN and other distriputed solutions (28%).
Key Takeaways: Companies deploying the most common security routine – routing branch locations’ traffic through a central security solution – generally find these solutions lack scale and cost benefits as their cloud leverage increases. Companies that look at distributed security solutions such as next-generation firewalls and web application firewalls closer to the point of access eliminate those issues, but find new ones in managing multiple devices. Therefore, look for vendors who can provide a common management scheme – either in their products or using public cloud security infrastructures – to simplify managing and monitoring ongoing security.
Conclusion By and large, companies are accelerating their usage of the public cloud and have gained some familiarity with the general challenges – particularly the security issues that are inherent in the public cloud. They are deploying more hybrid networks and are leveraging multiple clouds,
Barracuda • Unlocking the Benefits of Public Cloud
Page 13 of 13
gaining scalability and flexibility by utilizing individual cloud providers’ strengths and licensing options. The key takeaway for readers is that there are still security issues with cloud deployments; however, there are also numerous choices for organizations to enhance their cloud security. As a leading cloud security provider, Barracuda has already addressed many of the challenges and concerns that organizations raised in this survey. We have sought to address growing hybrid infrastructures by providing products that operate in similar fashion whether on-premises or in the cloud, and leverage all the innovations that cloud providers build into their infrastructures. Barracuda remains out in front in regards to licensing options – for example, we were the first firewall offered in AWS with metered or consumption-based licensing. Barracuda solutions are Cloud Ready and designed for a hybrid world: our on-premises and cloud solutions can work seamlessly together to protect customers’ data and applications regardless of where they reside. Barracuda is a great choice for organizations that are just beginning their cloud journey or finding new ways to unlock the value of the public cloud. To learn more about Barracuda’s cloud security solutions, visit the Barracuda Cloud Ready web page.
About Barracuda Networks, Inc. (NYSE: CUDA) Barracuda (NYSE: CUDA) simplifies IT with cloud-enabled solutions that empower customers to protect their networks, applications and data, regardless of where they reside. These powerful, easy-to-use and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud and hybrid deployment configurations. Barracuda’s customer-centric business model focuses on delivering high-value, subscription-based IT solutions that provide end-to-end network and data protection. For additional information, please visit barracuda.com. Barracuda Networks, Barracuda, and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the US and other countries. US 1.0 • Copyright © Barracuda Networks, Inc.
Barracuda Networks Inc. 3175 S. Winchester Boulevard Campbell, CA 95008 United States t: 1-408-342-5400 1-888-268-4772 (US & Canada) e:
[email protected] w: barracuda.com