StackRox, a provider of cloud-native, container and Kubernetes security, warned in its previous report that the security implications for Kubernetes were beginning to spill over to adoption – and the release of its updated winter study have proved the company right.

The paper, the winter edition of its State of Container and Kubernetes Security Report, was put together alongside 451 Research and polled more than 500 industry professionals.

94% of those polled said they had experienced security incidents in their container environments during the previous 12 months. As is frequently the case with other cloud security snafus, human error – in this case misconfigured containers – can be found as a root cause, a trend which StackRox said was ‘alarmingly common.’

More than two thirds (69%) of those polled said they had experienced a misconfiguration incident; just over a quarter (27%) found a security incident during runtime, with a similar number (24%0 having a major vulnerability to remediate.

86% of respondents said they were running containerised applications in Kubernetes – the same number as in the spring survey. However, the way Kubernetes is being used is changing rapidly, as more organisations put trust in the hyperscalers managing their workloads. Just over a third (35%) of respondents said they manage Kubernetes directly today – down from 44% six months ago – with more respondents (37%) using Amazon EKS. More than one in five (21%) say they use Azure AKS and Google GKE, with both representing a significant increase from spring.

In a similar theme, maturation is increasing in terms of cloud-only environments. While hybrid deployments remain more popular – 46% compared to 40% for cloud-only – it represented a big drop from the 53% who cited it six months ago. For cloud-only, organisations remain predominantly trusting a single cloud, although multi-cloud deployments are becoming more popular.

The previous report, issued in July, gave more of a general warning on container security. Six months prior, two in three organisations said they had more than 10% of their applications containerised – yet two in five were concerned their container strategy did not sufficiently invest in security. This time around, only 28% of organisations polled said they had fewer than 10% of their containers running in production – down from 39% last time.

“One of the most consistent results we get on our own surveys of DevOps and cloud-native security technologies is how important security is for these environments,” said Fernando Montenegro, principal analyst at 451 Research. “It is interesting to see how this observation fits well with the StackRox study, highlighting the need for both engineering and security professionals to have visibility and properly deploy security controls and practices for container and Kubernetes environments.”

You can read the full report here (email required).

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Adopting cloud technologies has become a common strategy among organisations across all sectors taking the road towards digital transformation. The benefits are evident: businesses that maximise all that the cloud has to offer often see a significant improvement in productivity.

However, the journey is not without its stumbling blocks and organisations that fail to prepare will all too often end up taking one step forward, two steps back. Migrating to the cloud presents an array of security and implementation risks which must be resolved if the technology is to be truly taken advantage of. The implementation of any new technology often presents plenty of bugs which must be dealt with. Ignore these issues, and businesses will find themselves falling foul of hackers who will capitalise on any chinks in an organisation’s armour. 

So, as organisations transition to the cloud, they face a number of strategic challenges. To what extent should they adopt hybrid multi-cloud technology platforms? How do they keep data safe? And how can they foster a progressive culture that enables them to maintain IT security and drive productivity?

Laying the groundwork

Incorporating any new technology should, of course, be preceded by a well thought out strategy. But businesses striving to gain a competitive edge by speeding up their digital transformation can be tempted into taking shortcuts when migrating to a new technology, and the process can become plagued with mistakes.

Failure to put a robust strategy in place can lead to devastating problems further down the line – a costly error which we’ve seen organisations make far too many times. It’s been reported that in January 2020 alone, 1.5 billion records were breached, highlighting the worrying scale of cyber attacks and data breaches impacting on businesses that continue to operate with a weak IT security infrastructure in place. 

The size of the organisation is immaterial. Attackers have become so sophisticated that no business can claim to be 100% safe. Retail has become one of the most targeted industry sectors, enticing cyber criminals with a rich pool of data where it's all too easy to identify individuals and their payment information. Moreover, what makes this scenario more complex is that retail is undergoing one of the greatest transformations it has experienced in decades. It’s never been more critical for organisations moving to the cloud to develop a robust and secure cloud strategy. 

Security by design

Regardless of size, all businesses need to appreciate that, despite their best efforts, their IT systems will never be entirely secure. As hackers and their methods evolve, organisations will need to stay one step ahead by constantly evaluating and improving security measures. This is only possible if organisations take a ‘security by design’ approach, instead of ‘by addition’. Retrofitting cybersecurity into systems is no longer a sufficient or effective way to operate and will hit an organisation’s back pocket just as hard as it hits its technology infrastructure. 

Since cybersecurity is mission critical, it stands to reason that businesses need to give it the attention, care and resource that it warrants. This means clarifying the separation of layers and functions. In the case of WAN environments, the desired outcome is that they reinforce one another instead of masking blind spots or creating joints that are a point of weakness where threats can infiltrate essential systems. 

Culture: The glue that holds a security strategy together

The concept of a physical office or workspace as a perimeter to be protected is increasingly a thing of the past. Most organisations have capabilities to operate virtually and staff can now work from almost anywhere. And, while the cloud is mostly responsible for enabling these productivity benefits, it creates security threats too.

The reality is that human error is at the root of nearly one in five of data breaches; and whilst almost 75% of attacks are perpetrated from outside an organisation, more than one in four involved insiders. Employees are often the weakest links, and hackers are more than aware of this fact. Educating all colleagues, and not just senior management, about cybersecurity is therefore vital.

Nurturing a security culture across an entire organisation is paramount – if executed effectively, it will transform security from a one-time event and the responsibility of an IT team into being a positive part of the firm’s day to day operations and culture.

Just as organisations need to continuously evaluate the cybersecurity infrastructure in place, they also need to make employee education an ongoing priority. Helping employees to understand the implications of a cybersecurity attack will also highlight the importance of continuous diligence; after all, an organisation’s security will only ever be as strong as its weakest link.

It is only through unifying technology, culture and employees that an organisation’s critical data can remain safe. Succeed at this, and organisations will lay the right foundations in order to confidently explore all the advantages that the cloud has to offer.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Bobby Hellard

Google Cloud’s shopping list shows no signs of abating, with the company announcing the acquisition of Cornerstone Technology, a mainframe specialist.

The 30-year-old provider, based in the Netherlands, has an overall remit of ‘helping customers protect and improve their investments in essential legacy enterprise applications’, in Cornerstone’s own words. Cornerstone uses automation to break down programs, turn them into services, and then make them cloud-native.

This includes COBOL, which to the potential surprise of many is still used by many enterprises. A recent study from Micro Focus, the language’s arbiter, noted that for more than two thirds of businesses polled, COBOL app modernisation was a preferred strategy to replacement and retirement.

“As the industry increasingly builds applications as a set of services, many customers want to break their mainframe monolith programs into either Java monoliths or Java microservices,” wrote Howard Weale, Google Cloud director of transformation practice in a blog post. “This approach to application modernisation is at the heart of the Cornerstone toolset.”

Google Cloud made a spree of acquisitions in 2019 under the leadership of CEO Thomas Kurian. The standout deal was for business intelligence platform Looker in June, valued as a $2.6 billion all-cash transaction. Other deals were for data migration service provider Alooma in February, storage firm Elastifile in July, and VMware workload runner CloudSimple in November.

The acquisition of Cornerstone will, as the name suggests, form a significant chunk of Google’s ‘mainframe-to-Google-Cloud-Platform’ offerings.

“For decades, companies have relied on a mainframe architecture to run their mission-critical workloads, but it often holds developers back from taking advantage of new technologies that enable them to innovate more quickly,” explained Weale. “Cloud computing presents the opportunity to modernise your applications and your infrastructure, resulting in better capabilities and allocation of your resources so your organisation can focus on your core business.”

The obvious target for this acquisition is IBM, whose mainframe business remains significantly profitable. At the same time the Cornerstone acquisition dropped, this reporter received a separate communique from IBM which touted the company as a top three cloud vendor ‘far ahead’ of Google.

IBM cites Google’s eventual disclosure of its cloud revenues – $2.6bn for the most recent quarter, compared with IBM’s reported $6.8bn – as key. Yet measuring an apples-to-apples comparison across all services remains tricky. For cloud infrastructure services alone, according to figures from Synergy Research earlier this month, Google holds 8% of the market, compared with 6% for IBM.

Financial terms of the Cornerstone acquisition were not disclosed.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Steve Cassidy

The hyperscale cloud providers are looking at Internet of Things (IoT) offerings and connectivity amid a swath of emerging technologies – and according to a new note from ABI Research, cloud suppliers will grow their share of IoT data and analytics management revenues from $6 billion (£4.6bn) to $56bn (£43bn) in the next six years.

The way to do this, the analyst firm notes, is through partnerships. As ABI sees it, public cloud vendor revenues, while impressive, still come primarily through streaming, storage, and data orchestration. Analytics services across cloud vendors, however, are less differentiated – and therefore the need for collaboration is key for now.

One area in which public clouds are doing it for themselves is through streaming. ABI said this was the one analytics technology that all cloud vendors were building into their solution portfolios; Amazon Web Services (AWS), Microsoft, Google, IBM and Oracle all touting proprietary offerings while Cloudera, Teradata et al were building solutions leveraging open source technology.

Ultimately, a lot of strategy right now is focused on co-opetition in the IoT space. AWS and Azure, for instance, have partnered with Seeq for its advanced analytics capabilities, while Oracle, Cisco, and Huawei are expanding their edge portfolio.

“The overall approach shown by cloud suppliers in their analytics services reflects the dilemma they face in the complex IoT partnership ecosystem,” said Kateryna Dubrova, ABI research analyst. “Effectively, do they rely on partners for analytics services, or do they build analytics services that compete with them?

“Ultimately, businesses are moving to an analytics-driven business model which will require both infrastructure and services for continuous intelligence,” Dubrova added. “Cloud vendor strategies need to align with this reality to take advantage of analytics value and revenues that will transition to predictive and prescriptive solutions.”

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Digital transformation is hugely important and extremely difficult. No matter what form an organisation’s transformation takes, it’s bound to introduce new and unanticipated challenges and costs even as it leads to positive long-term outcomes.

While increased challenges and costs are a normal part of digital transformation, they can trigger C-suite leaders to recalibrate their thinking of transformation initiatives and ask to see immediate proof of ROI. When this question inevitably comes up, leaders tend to look for obvious ways to deliver a positive ROI no matter how early in the transformation process they may be.

Too often, the “obvious” solution is to reduce staff whose work is scheduled to be made redundant by new digital processes. In reality, though, such a simplistic solution to the complex problem of calculating the ROI of something as complex as a digital transformation rarely works. In fact, in our experience, immediate downsizing of experienced staff is one of the biggest possible ROI killers in digital transformation initiatives. 

Here’s a look at why, and what organisations can do to realise a sustainable and positive ROI.

Why downsizing tanks the ROI of digital transformation

The simple reason downsizing ends up costing more money than a company will save is that it causes an immediate and dramatic loss of institutional knowledge. We tend to underestimate the value of institutional knowledge, mostly because it’s not often discussed and it’s nearly impossible to quantify. However, underestimating its value can prove expensive in short order.

What usually happens is that, when transformation initiatives aim to digitise processes, internal leaders assume they no longer need employees who used to handle those processes manually. These people are downsized. Short-term ROI numbers look amazing: the savings resulting from a change in headcount makes the digital transformation initiative look like an immediate success.

In reality, though, what typically happens is that, shortly after downsizing or right-sizing a particular team, the organisation realises it still needs certain key skills and that those skills were directly provided by the people who were let go. If the organisation is lucky, it’s able to rehire these people – as contractors – at a significant premium. If not, the downsized workers aren’t interested in returning and the organisation ends up paying their old salary (or more) for a less-experienced person to fill the role.

All told, we usually see it as 30% to 50% less expensive to maintain existing staffing levels during digital transformation initiatives than to develop new employees. Let’s take a look at why.

The ROI-positive alternative to downsizing

A more cost-effective alternative to downsizing current staff following the engagement of a digital transformation initiative is to retain and reskill your best employees. While you may not need all of the skills you have on staff today, it’s rarely wise to let that talent go when you don’t yet know what the final state of your organisation will be post transformation. 

We are constantly amazed at how adaptive teams are to new challenges and opportunities when given the chance to make meaningful contributions in new areas of the business – and they do so with a base of institutional knowledge that can’t easily be recreated.

What’s more, when you maintain your existing workforce, the only cost you incur is that of retraining. You won’t be training for corporate, culture, or industry knowledge, as you would with a new employee. Once your existing employees learn the skills necessary to do the work your organisation now needs, they’ll be able to execute more efficiently than new employees would thanks to their deep institutional knowledge.

Today, with the presence of employer review sites like Glassdoor, it’s important to remember that your current and former employees have a voice and that voice can and will impact your reputation. Get enough negative reviews about how you handled the execution of a strategic initiative, and you could find yourself struggling to recruit the talent you need to get your new digital processes off the ground. This is an all-too-common situation where nobody wins.

ROI-positive digital transformation demands a big-picture view

Even in the best of times, calculating the ROI of a digital transformation initiative can be difficult. The amount of change introduced into a business during these initiatives is substantial. When the alternative to transformation is risking your relevance with customers, partners, and employees, taking the time to invest in the upfront work and the complex management needed to successfully execute the transformation will be worth its weight in gold as the business executes in new ways.

While the most successful digital transformation initiatives define goals from the beginning, many initiatives launch without any clear, measurable goals. If this describes your organisation, take heart: it’s not too late to calculate ROI. Keep in mind, though, that to do so in a way that accurately reflects your financial reality for the long term, you’ll have to look beyond the simplistic short-term measure of cutting costs by downsizing your staff.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Roland Moore-Colyer

Bobby Hellard

Bobby Hellard