(c)iStock.com/Arie J. Jager

More research has arrived detailing the importance of embracing shadow IT as opposed to cordoning it off, this time from NTT Communications, which has found almost four in five (78%) of organisations have employees using cloud services without the knowledge of IT.

The research, which polled 500 IT and business decision makers across the EU, found that more than half (57%) believe shadow IT practices are happening across at least half of the departments in their organisation, while a similar number (56%) admit they have no idea where their shadow IT data is being stored. Three quarters (77%) of IT decision makers are aware that shadow IT practices are going on in their organisations.

62% of respondents argued that ease of set up was their primary motivation for subverting IT rules, while almost one in three (29%) said shadow IT was a cheaper alternative to the official option.

The findings are particularly eye-opening because, in the case of not knowing where data is being stored, such oversights would fail to pass muster in the new EU General Data Protection Regulation, leaving organisations at risk of major fines.

“Our recommendation is that IT departments jettison the ‘ministry of no’ approach and instead work with their business colleagues to understand why the shadow IT solutions they are currently using are better than those that the IT department can offer,” said Len Padilla, NTT Europe VP product strategy. “This consultative approach will enable organisations to get a full view of their IT estate.

“This will effectively create an amnesty with which to achieve compliance – while retaining the edge employees are looking for to carry out their jobs and ensure the success of the business,” he added.

Earlier this week, research from cloud security provider CloudLock found that more than a quarter of cloud apps connected to corporate environments were seen as high risk, creating security as well as compliance fears.

(c)iStock.com/LeoWolfert

A new piece of research from cloud security provider CloudLock argues that more than a quarter of cloud apps connected to corporate environments were seen as high risk.

The report, the firm’s Q2 2016 Cloud Cybersecurity Report, gave a generally pessimistic warning over the threats of shadow IT. From 2014 to 2016, CloudLock has observed an almost 30 times increase in apps used under shadow IT, from 5,500 to almost 160,000. What’s more, over half of third party apps are banned because of security concerns.

The level of risk is defined by CloudLock’s Cloud Application Risk Index (CARI), which evaluates any potential threat across access scopes, community trust ratings, and application threat intelligence, taking into account past breaches and security certifications, as well as community sourced intelligence.

27% of the 156,796 apps overall were considered high risk, compared with 58% at medium risk and 15% at low risk, while the researchers found that across all industries there was a relatively even mix of low, medium and high risk applications. Finance, for instance, has only 8% of apps used in their organisations which are considered low risk by CloudLock – perhaps a surprise given the strict data compliance plans that are normally in place.

On average, an organisation’s users connect 733 third party apps to the corporate environment, the researchers argue. Naturally, this has its peaks and troughs; healthcare providers (138 on average) and media and entertainment (422) pale when compared to retail (2,498) and manufacturing (2,169), but when normalised by size, media, higher education, and technology are the largest consumers. “In these industries with more tech-savvy users, applications are abundant and increasing in use at faster rates,” the report notes.

“The shift to the cloud creates a new, virtual security perimeter that includes third-party apps granted access to corporate systems,” said Kaya Firat, CloudLock director of customer insights and analytics. “Today, most employees leverage a wide variety of apps to get their jobs done efficiently, unwittingly exposing corporate data and systems to malware and the possibility of data theft.”

You can read the full report here.

(c)iStock.com/caracterdesign

On June 23, a referendum is being held to determine whether Britain should leave or remain in the European Union. But what does this mean for businesses – and in particular, what does it mean with regard to the upcoming EU General Data Protection Regulation?

In April this year, after months of mooting and deliberation, the European Union set out new data protection laws that businesses will have to adhere to within two years or face significant fines – up to 4% of worldwide annual turnover. These new protocols include the right to be forgotten, a right to transfer data to another service provider without vendor lock-in, and the right for a user to know when their data has been hacked.

Recent research argues many UK businesses are less than confident about complying to the rules by the 2018 deadline. More than a quarter (26%) of companies polled by Trend Micro back in April admitted they didn’t know how much time they had, with one in five unaware of what the new legislation details. Earlier this week, research from cloud security services provider Netskope argued that three quarters of cloud-based apps currently in use by businesses would fail the GDPR test on data privacy.

The issue is, however, that if the UK votes to leave the EU in just under two weeks’ time, will it be an excuse for bad practice to continue? Jonathan Mepsted, UK managing director of Netskope, argues it shouldn’t, with the vast majority of UK companies still being bound by the legislation. “The text of the legislation clearly states that it applies to any organisation trading in the European Union, regardless of where that organisation is based,” he told CloudTech. “Companies in a post-Brexit UK would need to comply with the GDPR in the same way as any US, Norwegian or Swiss organisation seeking to do business in the European Union.”

This is a view which is backed up by law firm Simmons & Simmons. In an article published in its eLexica online resource in March, even though it argues a post-Brexit UK may not want to reproduce some of the more onerous requirements of the GDPR, but adds that whatever the vote, businesses should begin to review their existing compliance programmes as a matter of course. Mepsted added: “British companies would be well advised to start preparing for the GDPR immediately – if they haven’t started already.”

For Netskope, there is a link between businesses being concerned and the proliferation of cloud apps and the data within them. “Cloud apps create unstructured data which, by their very nature, are more difficult to manage,” said Mepsted. “However, IT teams are also aware that unstructured data [is] explicitly included within the GDPR and therefore require special attention.

“Whatever the outcome of the UK’s EU referendum on June 23, getting a grip on cloud app use across the organisation will remain a crucial element to avoid falling foul of the GDPR and is arguably the best place to start the journey towards compliance,” he added.

Picture credit: “The Crunchies Awards 2008”, by “Nandor Fejer”, used under CC BY / Modified from original

Amazon Web Services (AWS) has launched AWS Migration Competency, a list of more than 30 long-standing partners in cloud delivery, consulting, mobility and more to help customers with deeper migrations.

With the AWS Partner Competency Program, which has validated that each partner has demonstrable expertise in helping enterprise customers migrate applications and infrastructure to AWS, the IaaS giant aims to reduce the complexity of adoption, with delivery partners including Cognizant and Accenture among others.

Kate Miller, AWS strategic communications manager, wrote in a company blog post: “Workload migration is a key milestone of the customer journey on AWS, and helping customers map out a clear and comprehensive migration strategy is a top priority in which AWS Partner Network partners can provide enormous support.

“But customers need guidance to ensure they’re connecting with the right AWS Partners who’ve proven they have a strong AWS practice, have demonstrated customer success, and have demonstrated technical proficiency throughout the different phases of migrations.”

One of the accredited delivery partners is managed hosting provider Logicworks. The New York-based firm, which regularly contributes to this publication, recently put together a piece from solutions architect Tenpa Kunga on his eureka moment when first dealing with AWS. “What I do every day is of a completely different order of magnitude than what I did 10 years ago,” he wrote. “Maybe 10 years ago I could spend a day to fix one hard drive. Now I spend that day building out entire systems and with automation, I can make sure that the changes I make later are persistent and documented.

“In other words, I have become the conductor of vast systems rather than the firefighter of broken machines – virtual or otherwise.”

In previous weeks, AWS has launched X1 instances, seen as the most memory-intensive of any SAP-certified cloud instance available today, while earlier this week part of the firm’s EC2 service in Sydney fell over for six hours, causing the usual mix of anger and frustration, as well as other commenters who argued Australia needs another geographic data centre location.

You can find a full list of AWS partners here.

(c)iStock.com/FrankRamspott

Three quarters of cloud apps used by businesses are not equipped for the upcoming EU General Data Protection Regulation (GDPR), according to the latest study from cloud security services provider Netskope.

The report comes hot on the heels of a survey conducted by the firm back in February which argued businesses were not sure if they would keep up with the upcoming legislation, which is set to drop in two years’ time and includes provisos over the right to be forgotten, as well as the user’s right to know when their data has been hacked.

According to the research, employees used on average 777 cloud apps in a given organisation – a figure which was a slight increase from previous years. Netskope argues that 75% of the more than 22,000 apps tracked did not stand up to upcoming EU data privacy scrutiny. The majority of these violations (73.6%), perhaps not surprisingly, came from cloud storage apps. Almost 95% of the apps analysed were also not deemed to be enterprise-grade.

Yet this may not be the worst news to come out of the report. Netskope also found that 11% of enterprises surveyed were using sanctioned – in other words, IT-approved – apps laced with malware, with more than a quarter (26.2%) of malware in these apps shared with users, either internally, externally, or publicly.

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Netskope CEO and founder Sanjay Beri. “When the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralised, consistent way that works across all apps is paramount for organisations to understand how they use and protect their customers’ personal data.”

(c)iStock.com/scanrail

Hewlett Packard Enterprise (HPE) and Cisco continue to battle it out for supremacy in the cloud infrastructure market with HPE having the slight advantage, according to the latest note from Synergy Research.

The note, which assesses the most recent Q1 data, sees Cisco just ahead of HPE and Dell in public cloud hardware, but HPE more dominant in the private cloud hardware space, capturing more than 20% of the overall market. In cloud software, Microsoft has more than 40% share and is streets ahead of nearest competitor VMware, but given the relatively nascent size of the market sees the Redmond giant in third place for the overall poll.

Even though both HPE and Cisco gained market share in the previous quarter, HPE slightly widened its advantage, according to Synergy. Overall, the global cloud infrastructure market grew by 13% in Q1 – a drop-off from the usual 20% run rate which the analyst house describes as a ‘typically soft’ quarter following the usual Q4 peak.

Recent research on cloud infrastructure insists that the move to an entirely public cloud is not quite within organisations’ grasps.

A study from VMTurbo found more than half of organisations did not have a multi-cloud strategy in place, while companies were in some cases reluctant to have a public cloud first data strategy, with customer requests and HIPAA compliance in the way.

Jeremy Duke, Synergy Research Group founder and chief analyst, argues that with spend on cloud services and software as a service growing by 50% and 30% per year respectively, the cloud figures are not surprising – but on premise IT systems are going to be entrenched for some time.

“There is little surprise that cloud operator capex continues to drive strong growth in public cloud infrastructure,” said Duke. “But on the enterprise data centre side too, we continue to see a big swing towards spend on private cloud infrastructure as companies seek to benefit from more flexible and agile IT technology.

“The transition to cloud still has a long way to go,” he added.

(c)iStock.com/pablographix

Moving to a DevOps approach in your organisation has long been advocated as being a good idea – but what benefits does it provide? A new piece of research from managed cloud services provider Claranet argues better quality of applications is the key reason to move over.

The study, which surveyed 900 IT decision makers across Europe, argues the classic reason for moving to DevOps, greater business agility, is not a catch-all. Indeed agility (55%) was only the third most popular benefit, behind greater apps (60%) and a better understanding between employees (56%). Increased profitability (55%), better customer satisfaction (52%), and greater operational efficiency (50%) were also highly cited. Not one person surveyed said there were no benefits of a DevOps approach in their organisation.

Almost a third (32%) of firms polled said they are implementing DevOps practices, up from 26% the year before, yet almost all (92%) said they had experienced some difficult in the implementation process. Lack of time to automate tasks was the most frequently cited bugbear, with almost half of respondents (47%) arguing for it; conflict with historic ITIL (44%), skills shortages (43%) and a lack of understanding in how to implement DevOps strategically (40%) also cited.

“We are at a position in the software industry where cloud, or dynamic and changeable infrastructure, has given us the opportunity to change how we design, deliver and operate our software systems – which is where DevOps comes in,” said Neil Thomas, Claranet product director, adding: “But businesses need to have the right infrastructure and management processes in place for it to work effectively.”

The move to DevOps, much like enterprise mobility, often comes with a question of ‘is it right for my organisation?’. For Robert Reeves, CTO of Datical, speaking to this publication in January, the answer was in black and white – DevOps is right for every organisation because the alternative is silos, which is wrong for every organisation.

Claranet argues similarly, although adds that culture can be a major stumbling block. “At a very simplistic level, developers look to change things while operations teams look to preserve them,” said Thomas. “They need to welcome the changes involved in this shift in approach, be ready to adapt to changing circumstances and be more flexible about job functions.”

(c)iStock.com/wavebreakmedia

Enterprise file sync and share (EFSS) firm Egnyte has announced the launch of Egnyte Protect, a product which aims to give IT and line of business greater control and visibility of their content both in the cloud and on-premise.

The move positions Egynte away from the traditional EFSS buckets and moves the firm towards data and information governance, a space Egnyte claims to be worth eight times more than their current opportunity. Isabelle Guis, chief marketing and strategy officer at Egnyte, argues Protect should be thought of as ‘another layer of security’ for organisations.

“You can ensure that the right person has access to the right content at the right time,” Guis tells CloudTech. “What’s happening today is someone gets granted access to the marketing folder and [it’s] on SharePoint – this person can access without even knowing it the finance and marketing folder, but on Egynte the marketing folder only. We will raise a flag and tell IT there is an anomaly here.”

The design of Protect is intended to be open, and features partnerships with Box, SharePoint, and others. In terms of how the idea came about, after the company tried out pure cloud EFSS there was a clear reaction from customers; we love the cloud, but we cannot migrate everything over. Most of this is down to regulation and compliance. As a CloudTech article from earlier this week examined, if data is HIPAA regulated, or if it is military-based, or if a customer requests it, then they just cannot move it.

Hence a lightbulb moment; gaining visibility over content throughout the entire lifecycle. As Egnyte argues, apps are in the cloud, but the content is still on-premise. The various analytics gleaned from years of pushing the EFSS solution – Egnyte claims to have more than 40,000 customers worldwide – helped get the right information out there.

Regarding branding – a subject Guis acknowledges is important given her job role – it is a clear change. “We see ourselves as a content intelligence platform,” explains Guis. “EFSS has great benefits to be a service used by the line of business, but also be of interest to IT – we understand the line of business and we understand IT and it allows us because of our architecture to collect loads of analytics.

“We decided that the highest demand for now was content governance,” she adds. “That’s what our customers were asking for, and that compliments very well our enterprise file sync and share. There are synergies where you want to enable productivity and business agility, but at the same time you want to keep your IP secure.”

Egnyte’s history has been an interesting one, if not having the highs and lows of other players in the storage industry. The company’s CEO, Vineet Jain, repeatedly eschewed the huge funding rounds that became de rigour in the space – Egynte’s total funding across five rounds is less than half of Box’s series E – and by combining a laser focus on enterprise from day one as well as not going overboard with the venture capital means a slow and steady business philosophy, only launching in Europe two years ago.

The firm anticipates it will become cash-flow positive by Q3 this year, and Guis notes that this is without the help of Protect. “From a timing perspective, enterprises are becoming more mature, they realise that fighting shadow IT is a gigantic task – every day with new applications coming it’s almost a lost battle,” she says. “They need to find another way to scale, and to keep control without preventing the business productivity.”

The company has also rebranded its traditional file sync and share product to Egnyte Connect. You can find out more about Protect here.

(c)iStock.com/wavebreakmedia

Enterprise file sync and share (EFSS) firm Egnyte has announced the launch of Egnyte Protect, a product which aims to give IT and line of business greater control and visibility of their content both in the cloud and on-premise.

The move positions Egynte away from the traditional EFSS buckets and moves the firm towards data and information governance, a space Egnyte claims to be worth eight times more than their current opportunity. Isabelle Guis, chief marketing and strategy officer at Egnyte, argues Protect should be thought of as ‘another layer of security’ for organisations.

“You can ensure that the right person has access to the right content at the right time,” Guis tells CloudTech. “What’s happening today is someone gets granted access to the marketing folder and [it’s] on SharePoint – this person can access without even knowing it the finance and marketing folder, but on Egynte the marketing folder only. We will raise a flag and tell IT there is an anomaly here.”

The design of Protect is intended to be open, and features partnerships with Box, SharePoint, and others. In terms of how the idea came about, after the company tried out pure cloud EFSS there was a clear reaction from customers; we love the cloud, but we cannot migrate everything over. Most of this is down to regulation and compliance. As a CloudTech article from earlier this week examined, if data is HIPAA regulated, or if it is military-based, or if a customer requests it, then they just cannot move it.

Hence a lightbulb moment; gaining visibility over content throughout the entire lifecycle. As Egnyte argues, apps are in the cloud, but the content is still on-premise. The various analytics gleaned from years of pushing the EFSS solution – Egnyte claims to have more than 14,000 customers worldwide – helped get the right information out there.

Regarding branding – a subject Guis acknowledges is important given her job role – it is a clear change. “We see ourselves as a content intelligence platform,” explains Guis. “EFSS has great benefits to be a service used by the line of business, but also be of interest to IT – we understand the line of business and we understand IT and it allows us because of our architecture to collect loads of analytics.

“We decided that the highest demand for now was content governance,” she adds. “That’s what our customers were asking for, and that compliments very well our enterprise file sync and share. There are synergies where you want to enable productivity and business agility, but at the same time you want to keep your IP secure.”

Egnyte’s history has been an interesting one, if not having the highs and lows of other players in the storage industry. The company’s CEO, Vineet Jain, repeatedly eschewed the huge funding rounds that became de rigour in the space – Egynte’s total funding across five rounds is less than half of Box’s series E – and by combining a laser focus on enterprise from day one as well as not going overboard with the venture capital means a slow and steady business philosophy, only launching in Europe two years ago.

The firm anticipates it will become cash-flow positive by Q3 this year, and Guis notes that this is without the help of Protect. “From a timing perspective, enterprises are becoming more mature, they realise that fighting shadow IT is a gigantic task – every day with new applications coming it’s almost a lost battle,” she says. “They need to find another way to scale, and to keep control without preventing the business productivity.”

The company has also rebranded its traditional file sync and share product to Egnyte Connect. You can find out more about Protect here.

Update: A previous version of this article stated that Egynte had 40,000 global customers instead of 14,000. This has since been corrected.

(c)iStock.com/TERADAT SANTIVIVUT

A study released by VMTurbo argues more than half (57%) of organisations polled do not have a multi-cloud strategy in place.

The survey, which polled 1,368 organisations, also found 35% had no private cloud strategy while 28% did not have a public cloud strategy. VMTurbo was keen to note, however, that not having a strategy in this instance did not mean organisations had not examined a cloud strategy before dismissing it and sticking with on-prem; they had given adoption ‘little or no thought at all’.

31% said they had a mix of public cloud and on-prem, while an additional 28% of respondents said they did not use public cloud. 2.5% said they used only public cloud.

Responses were interesting when it came to deciding what wouldn’t be part of the public cloud first data strategy. For smaller organisations, data was generally allowed but not when it was HIPAA regulated or requested by a customer, but for those with 201 to 1000 employees and 1,001 or more employees, many responses indicated that no data could reside in the public cloud. For organisations of all sizes, compliance – especially HIPAA – and cost were key reasons why they were reticent to use public cloud.

Only 7.8% of respondents said they have not built a public cloud within their organisation, while 39% said they planned and implemented their private cloud between one and two years. Not surprisingly, larger organisations are paying for greater functionality in their private cloud; hosting VMs was the most popular among businesses of all sizes (90% for large, 67% for small), while SaaS (76% and 38% respectively) and PaaS integration (55% and 23% respectively) had similar trends. Firms of up to 200 employees only tended to have more features to their private cloud than those with 201 to 1000 workers.

Naturally, VMTurbo advocates a multi-cloud strategy as the answer, yet three in five organisations (60%) said they take over a year to plan and build their multi-cloud offerings. 6% of respondents admitted their infrastructure took more than three years to complete. 31% said they own or plan to build a multi-cloud.

“What is clear from the data is that differences in organisational structure, asset inheritance and application requirements all impact the financial effect of public and private cloud adoption,” the report notes, adding: “Multi-cloud, and eventually hybrid cloud, must of necessity reconcile these trade-offs to strike the optimal blend of capital and operational expense; application availability, reliability and performance; security and compliance and manageability.”

You can find a link to the full report here (email required).