Banks are recognising the benefits of cloud computing – but progress remains slow.

That’s the verdict of consulting firm Accenture, who has released a new report focused on how banks need to win in the digital age.

The report, which showcased the opinions of 35 executives at global banks who were responsible for technology and information security, found very few to have been out of the loop altogether. Only 3% of those polled said they did not have a cloud strategy. The majority (40%) said they had agreed upon best practices but gotten no further, while 31% had core practices in place and 26% said they had core practices and measures for continuous improvement.

Spending on cloud services within IT budgets is predicted to rise in the coming years – but it is not exactly a huge acceleration. While those who are spending up to a fifth of their IT budget on cloud will remain at 17% across the next three years, by 2021 almost half (46%) of those polled said they would be spending 11-15% of their budgets on cloud services. This is up from 29% today.

When it came to cloud technologies transforming the operating model in IT, the consensus was again somewhat tepid. The majority – 43% – of those polled said they did expect their transition to cloud to drive changes in operating models, but they had not defined what the model was. 31% said they were in the process of defining and moving to a new operating model, with 26% going full steam ahead on the new paradigm.

“Banks recognise the need to build future IT systems on cloud platforms, and there are pockets of cloud deployment across most banks,” the report noted. “But many banks still lack a comprehensive cloud strategy that will enable a rapid shift to the cloud, and very few have defined an enterprise-level operating model for transferring existing applications to the cloud and systematically adding cloud-based applications and capacity.”

This need for banks to step up their initiatives has been covered by this publication previously. Writing in August, Roberto Mircoli of Virtustream noted how banks, more than many other industries, do not work to a ‘one cloud fits all’ idea. “Financial institutions must carefully select the CSP that is right and suitable for their needs,” Mircoli wrote. “Likewise, any CSP that an institution works with must have a firm understanding of the relevant compliance landscape.

“It is important to be able to demonstrate that a judgement call can be made when required,” added Mircoli. “This is where the CSP must have the deepest and broadest expertise on what it takes to migrate complex mission critical systems to the cloud.”

You can read the full report here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

The role of the cloud access security broker (CASB) will become ever-more important in the context of organisational security.

According to analyst firm Gartner, through 2023 “at least 99%” of cloud security issues will be the fault of the customer. The notion of shared responsibility – one which regular readers of this publication may well be sick of hearing given its frequency – needs to be hammered home again. Cloud vendors are predominantly responsible for security of the cloud – protecting infrastructure – while the customer is responsible for security in the cloud, such as the data, applications, and identity and access management.

Writing for this publication in August, Hatem Naguib, SVP security at Barracuda Networks, noted his belief that many organisations misunderstand this model. “The organisations benefiting the most from public cloud are those that understand their public cloud provider is not responsible for securing data or applications, and are augmenting security with support from third party vendors,” wrote Naguib.

CASBs, therefore, are something of an intermediary in this process. Sitting in between a company’s on-premises infrastructure and a cloud provider’s infrastructure, they can take the responsibility away from the customer end. This can be through greater visibility of who and what is accessing data in various clouds, enforcing security and identity policies, threat protection, and compliance.

With this in mind, Gartner’s latest Magic Quadrant for CASBs makes for an interesting read. In all, 13 vendors made the cut, with four tightly bunched in the leaders’ section; Bitglass, McAfee, Netskope, and Symantec.

One of the more egregious security errors organisations can make is through exposed storage buckets. According to recent McAfee research, there are thousands of individual misconfigurations in companies’ IaaS and PaaS public cloud instances. Worryingly, 5.5% of AWS S3 buckets analysed were set to ‘world read’ permissions.

McAfee claimed in February to be the only CASB which was able to provide visibility into third party risk and identify exposed S3 buckets. Indeed, after the acquisition of Skyhigh Networks closed at the start of this year, Gartner notes, McAfee’s offering was one of the first to raise awareness of shadow IT. The analyst firm notes its ‘comprehensive’ dashboard and much improved visibility processes for sensitive content as strengths. For weaknesses, the report warned over future performance given McAfee’s ‘spotty’ execution of acquisitions.

Of the other leaders, Bitglass was praised for various technical attributes, including watermarking of documents and automated learning, although noting its name did not come up as often as its rivals in client inquiries. Netskope – which acquired Sift Security in July to improve its threat detection capabilities – was given good marks for a comprehensive risk database and access control policies, albeit with a ‘minor’ increase in inquiries around installation challenges and service performance. Symantec, whose acquisition of Blue Coat in 2016 included Perspecsys and Elastica, two previous CASBs in the latter’s portfolio, has strong service discovery and usage but a ‘cumbersome’ UI.

The other companies which made the cut are an interesting list of security specialists and huge names. In the second category, naturally, are Cisco, Oracle and Microsoft – the latter two placed as challengers – while CensorNet, CipherCloud, Forcepoint, Palo Alto Networks, Proofpoint and Saviynt were also analysed.

As ever with these things, it really pays to do due diligence: work out your organisation’s specific needs and which vendor ticks the most boxes. Indeed, any concerns about a company’s cloud use should prompt an exploration of these companies at the least. As Gartner notes, the agility of the CASBs – born and made in the cloud – far outstrips the wider cloud service providers. Indeed, Gartner adds that while Microsoft has Microsoft Cloud App Security (MCAS), an Azure house looking for a full cloud security strategy needs more Microsoft products than its CASB.

Ultimately, the state of where things are today can be summed up by a comment from Netskope CEO Sanjay Beri. “The challenges presented by the cloud necessitate a shift from legacy vendors toward a security cloud that was built from the ground up with the unique characteristics of the cloud in mind,” he said. “This includes real-time visibility into and control over all cloud services, robust data loss prevention, the ability to prevent and remediate cloud threats, and enablement of granular dynamic access control that governs usage in real time for any user from any device across all cloud services.”

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Alibaba has hailed a 90% year-on-year increase in its cloudy operations – posting quarterly revenues of $825 million (£636m).

Total revenue for the company was at $12.4 billion (£9.57bn), meaning cloud contributed to 6.6% of the overall pot. Overall revenues rose 54% year over year, representing the first time the company’s growth did not break 55% in seven quarters.

Among Alibaba Cloud’s highlights over the past three months were a partnership with Intel around edge computing, further expansion in the Asia Pacific region, as well as the opening of data centre operations in London.

On the architectural side, Alibaba cited the release of Apsara 2.0 as a ‘comprehensive upgrade’ to its cloud operating system, promising more efficient network connections and the ability to bring edge computing to connected devices at scale.

The company’s continual exploration and expansion has been of interest for some time. As multi-cloud becomes the de facto setting for many organisations noting performance benefits with different workloads, Alibaba feels it can seize the opportunity to be the second or third provider in Europe and other markets. Around the time of the London news breaking, the company rebuffed claims that it was scaling back its US operations.

Regardless, Alibaba Cloud’s global footprint is getting bigger. According to a note published by data and analytics firm GlobalData in October, the company was gaining significantly in Asia Pacific outside of its Chinese heartland. Figures from Synergy Research argued Alibaba had the most market share in APAC outside of AWS, putting it in fourth position overall despite not being in the top five vendors in any other geography.

Daniel Zhang, Alibaba Group CEO, noted the sense of opportunity coming with what he described as a ‘setback in the global economy’ – with cloud as a part of it.

“First, we see opportunity to greatly expand our addressable market by executing our new retail strategy that digitalises store-based operations,” he told analysts. “Second, we have built a technology platform that empowers the digital transformation of enterprises in China. This will not only create new ways of sales and distribution, but also driving innovation in the entire value chain of retail operations.

“At the core, our data insights on both enterprises and consumers and our leading cloud computing technologies created a unique Alibaba business operating system for this digital era,” added Zhang.

You can read the company’s full financial results here (pdf).

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Another example of an ‘industry cloud’, albeit this time with a twist: car hire firm Avis is tapping into Amazon Web Services (AWS) to help with connected car data analysis.

Avis is using AWS Connected Vehicle Solution, the infrastructure behemoth’s product which focuses on transporting vehicle data to Amazon’s cloud securely, with low latency and low overhead.

Options for customers include local computing within vehicles, as well as data processing and storage. The technology can be seen as essentially a three-way process between AWS Greengrass, which takes AWS’ cloud to local devices, S3 storage, and Lambda, AWS’ serverless offering.

Avis has more than 100,000 connected cars in its fleet today and will be uploading data from a variety of vehicle manufacturers for data management and analytics purposes. The company’s goal with the AWS move is to persuade partners on board with the promise of anonymised connected car data which could glean insights around smart city planning, such as road conditions and traffic volume data.

“The platform we built leveraging AWS’s connected vehicle solution gives us advanced data management and scalable analytics capabilities for our connected car platform,” said Arthur Orduna, Avis Budget Group chief innovation officer. “We now have the ability to scale up based on demand and our data is backed by AWS’s software and massive infrastructure, so we have access to new insights-driven tools, storage resources, and first-class security.”

AWS is by no means the only major cloud provider to be exploring this area. One of Microsoft’s more recent pieces of customer braggadocio has been around its work with Volkswagen. The result is the Volkswagen Automotive Cloud, which uses most of the aces in Microsoft’s pack to create a real-time experience, from Azure IoT, to PowerBI and Skype. Similarly, BMW is tapping Microsoft’s AI services to build an intelligent agent in its cars.

The ‘automotive cloud’ concept is a particularly interesting one – vehicle manufacturers are feeling increasingly comfortable partnering with tech companies and playing to each other’s strengths. The continued partnerships pursued by Intel and its subsidiary Mobileye are bearing fruit; BMW was an early adopter, with Fiat Chrysler getting on board later. Last week, it was announced that Volkswagen – albeit not an official member of the group – would launch a ‘mobility as a service’ self-driving taxi operation in Israel next year.

Avis and AWS’ partnership dates back to last year when the former helped provide a skill for Amazon Alexa.

Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

The majority of top brass at UK organisations say they concerned about the digital skills divide – yet only a small percentage are willing to invest in digital skills training for existing staff.

That’s the key finding from a report by cloudy software firm Domo. The study, titled ‘Leading at the Speed of Data’ and which polled 107 CEOs in total, found a generational gap in some areas. 84% of CEOs aged between 25 and 34 said data could ‘be a threat’ to the future of their business, while just over half of over 55s said the same.

In total, 71% of all respondents said a lack of data access and skills could put their organisation at risk. While only 17% said they would invest in training for existing staff, few more (18%) said they planned to invest in recruiting employees with strong digital skills. The gap, therefore, could not be more pronounced.

As may not be entirely surprising, the generational divide is strong when it comes to working routines. The research found that more than half (54%) of 25-34 year olds check analytics and email first thing in the morning and last thing at night, while four in five CEOs over the age of 45 prefer to wait until they are in the office before checking in.

“In any growing business, CEOs need to become the digital leaders, ensuring the right training and tools to maximise every possible opportunity,” said Ian Tickle, SVP and general manager of Domo EMEA. “It’s well within their grasp, especially when it comes to the little things like real-time access, which many said would make their jobs easier, that technology can provide. It’s just a matter of actioning it sooner, rather than later to ensure the risk doesn’t become a reality.”

The cloud and digital skills gap has been discussed for about as long as the rise of cloud and digital itself. For those who have the ammunition at their disposal, the prize is a good one: according to Q2 data from UK-based technical recruiter Experis, a skilled employee at one of the cloud behemoths can expect anywhere between £64,000 and £71,000 as their salary. Contractors can rate for approximately between £450 and £500 per day.

Yet getting those skills? That’s a different story. As many who have grappled with them will be aware – not least from a security perspective, as this publication reported last month – the likes of Amazon Web Services (AWS) and Microsoft Azure are complex, but comprehensive. The rise of cloud cost management companies is in no small part down to companies adopting a major cloud provider, but not using its most efficient settings.

Knowledge gaps are everywhere – yet organisations are however in place which can help. Technical recruiters certainly have skin in the game. Writing for this publication in May, Alex Bennett, of Firebrand Training, saw serverless, multi-cloud and machine learning (ML) as key skills to read up on if you want to be a star candidate in 2019 and beyond. Naturally, many of these courses are run by the cloud behemoths themselves; AWS’ Lambda tutorials and webinars, Microsoft’s MCSA Machine Learning course, and so on.

For another perspective, Cloud Academy – whose training plans span AWS, Azure and Google, as well as DevOps, serverless and ML – last month launched two new products aimed at providing greater visibility for potential scholars. Cloud Roster, a job roles matrix, analyses real-time data aimed at giving a full picture of trending technologies, while Cloud Catalog offers a stack ranking of technologies by popularity and geography based on data from developer community platforms.

The message here? Don’t wait for companies to send you out to a training course. If you want to get ahead, get in there yourself first.

You can read the full Domo report here (email required).

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Analysis What about Big Blue Hat? Or how about Big Purple? Any offers for ‘in the pink?’ The proposed coming together of IBM and Red Hat, costing the former $34 billion in total enterprise value, is the stuff of dreams for caption writers. But what does it mean for the cloud industry and the two companies involved?

From IBM’s perspective, this is a continuation of a long-standing message. Those who have followed the company closely – for instance, when announcing its multi-cloud management tool earlier this month – would note their position that many enterprises are only a short way along their cloud journey. “This is the next chapter of the cloud,” said IBM CEO Ginni Rometty in a statement. “It requires shifting business applications to hybrid cloud, extracting more data and optimising every part of the business, from supply chains to sales.”

Red Hat owns amazing assets for this cloud era, has great developer love – and provides access to pretty much every CIO on the planet

And it’s fair to say that if it’s hybrid and open you want, then Red Hat is the best place to go. As the company explained at its London customer forum as far back as 2016, the company saw itself as the second player in Kubernetes – behind Google – and the second player in Docker, behind…well, Docker. Being open is key to both companies’ ethos. “Joining forces with IBM will provide us with a greater level of scale, resources and capabilities to accelerate the impact of open source as the basis for digital transformation and bring Red Hat to an even wider audience,” said Red Hat CEO Jim Whitehurst.

Containers are key in this equation – indeed, they are key to both quicker app deployment and multi-cloud initiatives. Indeed, while the likes of Amazon Web Services (AWS), Microsoft and Oracle became members of the Kubernetes-controlling Cloud Native Computing Foundation (CNCF) last year, IBM was a founder member in 2015. Todd Moore, IBM VP for open technologies, sits as the CNCF’s governing board chair. Red Hat, meanwhile, has Kubernetes-based platform OpenShift.

It makes an interesting fit – but was the news a surprise? Sort of. One industry executive predicted that Red Hat would get acquired this year – but they got the wrong company. Sacha Labourey, CEO of continuous delivery software firm CloudBees, posited in January that Red Hat would be bought by Google. While the target was slightly off, the sentiment was bang on.

Why? Labourey noted in a Medium post two reasons why the move was ‘inevitable’ – why Red Hat would need an open-looking IT behemoth as  surrogate, and vice versa. “Red Hat owns amazing assets for this cloud era, has great developer love and also provides access to pretty much all CIOs on the planet,” Labourey wrote. “[It] acts as a fantastic gateway to the public cloud.” On the flip side, Red Hat’s long-standing commitment to open source means that, while its yearly revenues north of $3 billion are valiant, it can’t compare to those with more billable proprietary offerings. Labourey noted VMware as an example of the latter.

Bill Mew, a 16-year veteran of IBM and now a cloud industry pundit, noted a similar convergence; IBM’s move from products to services under former CEO Lou Gerstner – albeit still making most of its money through middleware and mainframes, a ship Rometty continues to turn around – combined with Red Hat’s lack of profitability.

“The jewel in Red Hat’s crown is OpenShift,” said Mew. “As these two services organisations seek to merge their very different cultures, they are pinning their hopes on OpenShift providing a means of managing complex hybrid and multi-cloud environments.”

Yet there was a caveat. What happens when businesses are no longer struggling with the complexity of container deployment? “The problem [IBM and Red Hat] face is that they have no ecosystem control,” Mew added. “The hyperscalers hold all the cards here. Offering to provide workload portability to avoid lock-in and offering to help overcome complexity will only go so far.”

Offering to provide workload portability to avoid lock-in and offering to help overcome container complexity will only go so far

The analysts however seem to be more optimistic. IBM and Red Hat both received stellar marks in Forrester’s recent reports around public cloud development-only platforms and enterprise container platforms – and a combination of the two could see domination.

“The combined company has a leading Kubernetes and container-based cloud-native development platform, and a much broader open source middleware and developer tools portfolio than either company separately,” said Dave Bartoletti, Forrester VP and principal analyst. “While any acquisition of this size will take time to play out, the combined company will be sure to reshape the open source and cloud platforms market for years to come.”

Time will of course tell as to how this blockbuster acquisition will go. But as it transpires, Labourey’s initial bet could have been right all along. According to CNBC, citing sources familiar with the matter, Red Hat had discussed a potential sale with various buyers before going with IBM – including Google.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

More organisations are putting their sensitive data in the public cloud – so it comes as no surprise that cloud threats, and mistakes in SaaS, IaaS and PaaS implementation are at an all-time high.

That is the key finding from a new report by McAfee, which argues the old bugaboo of shared responsibility continues to kick in and give organisations a kick in the teeth when it comes to cloud security.

The study, the security firm’s latest Cloud Adoption and Risk Report, analysed aggregated and anonymised cloud usage data for more than 30 million users globally. Among the findings were that more than one in five (21%) of all files in the cloud contained sensitive data, while the sharing of sensitive data with a publicly accessible link has gone up 23% year over year.

Organisations have more than 2,200 individual misconfigurations per month in their infrastructure as a service and platform as a service public cloud instances, the report noted. In other words, this means an average of 14 misconfigured instances running at any one time. This makes for interesting reading when compared with findings from Netskope earlier this month, which found a plethora of violations among users’ systems based on the Center for Internet Security (CIS) benchmark. The vast majority of these were related to identity and access management.

Even more worryingly, the report found that 5.5% of AWS S3 buckets analysed were set to ‘world read’ permissions. This, as regular readers of this publication will be more than aware, can essentially be a come-and-steal-my-data plea to nefarious actors. As far back as July last year, AWS was sending emails to customers to ‘promptly review’ their S3 buckets and ensure world read was only for such instances as public websites or publicly downloadable content.

McAfee warned of the risks organisations are taking when it came to IaaS security, which encompasses the aforementioned identity and access, as well as applications, network controls and host infrastructure. As the shared responsibility model notes, providers are responsible for security of the cloud, while customers are responsible for security in the cloud.

Multi-cloud has become de rigueur; while 94% of IaaS and PaaS use is in AWS, more than three quarters (78%) of organisations have both AWS and Azure. Continuous auditing and monitoring of each infrastructure and platform configuration is the only way forward, the report argues.

“Operating in the cloud has become the new normal for organisations – so much so that our employees do not think twice about storing and sharing sensitive data in the cloud,” said Rajiv Gupta, McAfee SVP of cloud security. “Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing.

“In order to continue to accelerate their business, organisations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS,” added Gupta.

Writing for this publication in April, Micah Montgomery, cloud services architect at Mosaic451, noted that AWS is highly secure, but only when configured properly – and it is companies’ responsibility to ensure so. Montgomery gave five tips to organisations: know what you are doing; know what data you have; take advantage of the tools available to secure your AWS environment; beware AWS’ complexity; and ask for help if needed.

“In a general IT environment, there is a management console for every area and tool,” wrote Montgomery. “Routers, switches, firewalls, servers, and data storage all have their own, different tools, and each tool has its own management console. Once you add a cloud environment, you add another management console.

“There are already hundreds of ways to screw things up in an on-premises data environment,” added Montgomery. “The cloud adds yet another layer of complexity, and organisations must understand how it will impact their overall cyber security.”

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Amazon Web Services (AWS) hit almost $6.7 billion (£5.2bn) in revenues for its most recent quarter – up almost 10% from the previous quarter and marking a 45% jump from this time last year.

Despite Amazon’s overall figures being a slight disappointment for investors and analysts – shares dipped in after-hours trading after total quarterly revenues of $56.6bn missed the $57.1bn target – AWS continues to reach new heights.

Of particular interest is the operating income statistic. AWS profit broke $2bn for the most recent quarter. This represents more than half of Amazon’s overall profit of $3.7bn. Net income was $2.8bn.

Responding to an analyst question around AWS’ improvements, Brian Olsavsky, chief financial officer, noted the operating margin. “A lot of that is based on effiencies of our data centres,” he said, “not only for the AWS business [but] also for our Amazon consumer businesses, who is AWS’ biggest customer.”

AWS got a mere 27 mentions in total among Amazon’s company highlights. These included partnerships with Accenture and Capgemini announced in September, while on the customer side Samsung Heavy Industries was announced in August to help bring shipbuilding into the cloud. AWS also announced earlier this month it was to launch its first African data centre, putting it in line with Microsoft. One eye is on re:Invent, which kicks off in Las Vegas a month today, so expect a little bit of stockpiling between now and then  – this reporter is particularly interested in what comes out with regards to conversational programming, for instance.

So, as the final quarterly reveal of 2018 – albeit with some companies beginning to classify their 2019 financial year – how does this compare with the other major cloud infrastructure players? Alphabet announced total revenues of $33.7bn for its most recent quarter, up 21% from this time last year. While the company does not break out its specific cloud figures, ‘other revenues’, of which Google Cloud is a part, hit $4.64bn, up almost 30% from the previous year’s equivalent.

In the subsequent analyst call, Google CEO Sundar Pichai cited security and AI as key facets to the company’s cloud growth. This publication has noted both of these areas within Google’s overall strategy; while the company’s pre-packaged AI services, launched in August, were ahead of the pack, the rollout of its managed cloud-hosted hardware security module (HSM) a week after was necessary to keep in check with AWS and Azure.

Earlier this month, former Google Cloud product management lead Amir Hermelin took to Medium in a farewell post to bemoan what he saw as the company’s two major strategic errors when it was pushing through its cloud vision. Hermelin said the company spent too long analysing AWS’ and Azure’s moves, as well as underestimating the value of the enterprise market. Infiltrating machine learning into all aspects of its cloud story with the aim of being a clear market leader in the former, Hermelin added, was much more like it.

Microsoft, as this publication put it yesterday, has a message which barely changes from quarter to quarter. The figures simply went up; a 76% rise in Azure revenue year over year, and its two primary revenue buckets which consider cloud initiatives – productivity and business processes and intelligent cloud – going up 19% and 24% year on year respectively. Total quarterly revenue, of $29.1 billion, was a 19% yearly increase.

Ultimately, the market keeps getting bigger and the leading players all continue to increase their market share. Synergy Research, an analyst firm which has long since covered the infrastructure market, puts Amazon at holding just over one third (34%) of the market right now, well ahead of Microsoft (14%), who made significant gains, IBM and Google (both 7%), and Alibaba (4%).

The question is: how long can this go on for? John Dinsdale, a chief analyst at Synergy, noted year-on-year growth rate dropping slightly – yet this is not a major surprise given the scale of the market today. “The growth rates are tailing off at some of the leading cloud providers but that is just the law of large numbers kicking in,” said Dinsdale. “You cannot keep on growing at 100% when you reach massive scale.”

You can read Amazon’s full financial results here and Alphabet’s here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Identity and access management (IAM) is seen as an important tool for determining who’s who in a nefarious cloud landscape – but organisations are struggling to get to grips with it, according to new research.

The latest Cloud Report from cloud access security broker (CASB) Netskope has revealed the majority of Center for Internet Security (CIS) benchmark violations occurring in Amazon Web Services (AWS) environments fall under the IAM remit.

The data, which comes from anonymised Netskope Security Cloud customer accounts, found that 71.5% of violations were related to identity and access management, compared with 19% for monitoring. EC2 was the most likely resource where organisations fell foul, accounting for two thirds (66.2%) of violations, with IAM itself only comprising 4.5%. 86% of breaches were classified as critical.

Netskope argues that this represents a gap in organisations’ plans for cloud security compared with their actual implementations. “While many organisations have controls around cloud services and implemented things like multi-factor authentication and single sign-on solutions, IaaS/PaaS identity and access policies still need to be set,” the report notes. “Many of the IAM violations involve instance rules and access to resources or password policy requirements – simple fixes that may not have been a focus when first setting up roles and instances.

“There has been a lot of focus on micro-segmentation security technologies for I/PaaS workloads, but of note are simple IAM policies that can be addressed directly in AWS without an external security solution,” the report adds.

Enterprises use an average of 1,246 cloud services – an increase of 5.5% compared with February’s previous analysis. HR and marketing, with averages of 175 and 170 per enterprise, are the most popular by a distance – yet 96% and 98% of these apps respectively are not enterprise-ready.

It is a similar story across the board. 94% of finance and accounting services are not deemed enterprise-ready, while the figure drops to only 93% for CRM and IT service and application management. Only cloud storage – with an average of 28 services being used per organisation – comes out of the figures with any respect, although more than two thirds (67%) are still not ready for the enterprise.

One interesting note is around the research methodology; while AWS was analysed because of its market share, the report noted the importance organisations were attaching to multi-cloud. This naturally gives security teams an even bigger headache than before.

“As organisations increasingly adopt a multi-cloud approach, IT teams must continuously assess the security of their public cloud infrastructure and be aware of the data moving in and out of those services,” said Sanjay Beri, Netskope founder and CEO. “Enterprises should consider using the same security profiles, policies and controls across all services – SaaS, IaaS and web – in order to reduce overhead and complexity as the use of cloud services scales.”

You can read the full report here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

It would not have been beyond the realms of possibility for this publication to open its analysis of Microsoft’s Q119 results by simply providing a link to Q418 and leaving it at that. After all, Redmond’s message has barely changed. Whereas July’s headline was ‘Microsoft Cloud drives record fourth quarter results’, this time around it is ‘Microsoft Cloud strength powers record first quarter results.’

Microsoft issued its most recent financials last night with overall revenue at $29.1 billion (£22.6bn), down 3% from the previous quarter but a 19% increase on this time last year. As ever, specific Azure figures were not given, but Microsoft noted a 76% rise in revenue growth.

Cloud revenues are based on two of Microsoft’s revenue buckets; productivity and business processes, primarily for software, which at $9.8bn for the quarter went up 19% year on year, while intelligent cloud, which focuses more on infrastructure including Azure, had a 24% yearly increase at $8.6bn. Amy Hood, Microsoft chief financial officer, said guidance was for these buckets to be at between $9.95bn-$10.15bn and $9.15-$9.35bn for Q2 respectively.

Speaking to analysts following the results, CEO Satya Nadella noted a similar theme mentioned during his Ignite keynote in Orlando last month. Microsoft’s mission, Nadella explained at the time, was to help customers become best-in-class technology companies in their own right. In other words, don’t be a supplier a customer depends on for one aspect and then sneak behind their back and compete with them on another.

Much of what was said would be familiar to those who saw the Ignite address albeit with subtle differences. Where the key customers unveiled there were Royal Dutch Shell and BMW, this time it was Volkswagen and Mastercard mentioned. “Azure is the only hyperscale cloud that extends to the edge across identity, data, application, platform, as well as security and management,” said Nadella. “We introduced 100 new Azure capabilities this quarter alone, focused on both existing workloads like security and new workloads like IoT and edge AI.”

Responding to a question around slowed capex growth, the Microsoft CEO explained the company’s intelligent cloud and intelligent edge ethos was being spread across every business line; from Azure, of course, to Dynamics 365, to gaming. It is a unified, long-term message, Nadella added. “For the first time, what you see across Microsoft is really one platform which spans all of these businesses and all of the margin structures that are there represented in it,” he said.

Dux Raymond-Sy, CMO of SharePoint and Office-centric vendor AvePoint, noted that this was the ‘complete cloud story’ and that Microsoft would reap the rewards. “While other providers can attempt to claim ascendancy on IaaS or PaaS technology, only Microsoft, with its balance of IaaS, PaaS, Dynamics 365 and Office 365 services, has created the complete cloud story for its customers, which is what is enabling them to grow at such a rapid rate, as exhibited this quarter and last quarter in particular,” he said.

Shares did indeed rise on the back of the earnings beat – but a large, AWS-shaped threat looms large on the horizon. Amazon reports its financials later today; last time out, AWS revenue was at $6.1bn, a near 50% jump on the previous year. At the time, Synergy Research maintained the Seattle-based provider was ‘in a league of its own.’

You can read Microsoft’s full Q119 results here.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.