Why Enterprises Struggle with Hybrid Cloud and DevOps - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

08:15 AM
Connect Directly

Why Enterprises Struggle with Hybrid Cloud and DevOps

More enterprises are moving to the cloud and implementing DevOps, containers and microservices, but their efforts are falling short of expectations. A recent study from the Ponemon Institute identifies some of the core challenges they face.

Organizations implementing cloud, DevOps, containers, and microservices are often surprised when the outcomes don't match expectations. A recent survey by the Ponemon Institute, sponsored by hybrid cloud management platform provider Embotics, revealed that 74% of the 600 survey respondents who are responsible for cloud management believe DevOps enablement capabilities are essential, very important, or important for their organization. But only one-third believe their organization has the ability to deliver those capabilities.

Eighty percent believe that microservices and container enablement are essential, very important, or important, but only a quarter believe their organization can quickly deliver those capabilities. The lagging DevOps and microservices enablement costs the average enterprise $34 million per year, which is 23% of their average annual cloud management budget of $147 million.

"There are so many things that result in the loss of information assets and infrastructure issues that can be very costly for organizations to deal with. This rush to the cloud has created all sorts of issues for organizations," said Larry Ponemon, chairman and founder of the Ponemon Institute. "The way organizations have implemented DevOps facilitates a rush-to-release mentality that doesn't necessarily improve the state of security."

Image: Shutterstock
Image: Shutterstock

Organizations assume that implementing a DevOps framework will necessarily result in software quality improvement and risk reduction because they can build in security early in the software development lifecycle (SDLC).

"That's all theoretically true, but organizations are pretty sloppy about the way they've implemented software," said Ponemon. "In other Ponemon studies, we've seen that there's a difference between the DevOps that you want versus the DevOps that you get."

Why hybrid cloud implementations are so tough

Shadow IT is one reason why cloud implementations are more costly and are less effective than they could be.

"Companies develop silos where different groups of people have different tools that aren't necessarily compatible," said Ponemon. "A lot of organizations think a cloud platform tool is fungible whether you buy it from Vendor A, B, or C and you're going to get the same outcome, but that's not true at all."

Forty-six percent of survey respondents said their organizations' consumption model is "cloud direct," meaning that end users are bypassing IT and cloud management technologies. Instead, they're communicating directly with clouds such as AWS or Microsoft Azure via native APIs or their own public cloud accounts.

The patchwork model of cloud adoption results in complex environments that provide little visibility and are difficult to manage. In fact, 70% of survey participants said they have no visibility into the purpose or ownership of the virtual machines in their cloud environment.

Interestingly, one cloud benefit often touted is that one does not have to understand where resources reside.

"You would expect if you're operating in a cloud environment [that] it's going to help you gain visibility because you don't have to look very far to find your data, but it basically doesn't work that way," said Ponemon. "A lot of organizations don't have the tools to understand where their machines are and where the data is located. They don't have much control over the network layer and sometimes no control over the application layer so the end result becomes kind of messy."

The lack of visibility and control expose an enterprise to several risks including negligence and cyberattacks that are "a perfect storm" for bad actors. Fifty-seven percent of survey participants believe users are increasing business risk by violating policies about where digital assets can reside.

"A lot of CSOs are angry at the lines of business because they can't necessarily implement the security protocols they need," said Ponemon. "The whole idea of getting things out quickly can be more important when a little bit slower delivery can result in a higher quality level."

Ideally, organizations should have a single user interface that enables them to view their entire environment, although 68% of the survey respondents lack that capability. 

"Having a single user interface is really smart because you have one place where you can do a lot of cool things and have more control and visibility, but not all platforms work very well," said Ponemon. "Platforms have to be implemented like software. It's not like an appliance that you plug in. It requires a lot of stuff to make it work the right way."

Larry Ponemon
Larry Ponemon

When a hybrid cloud management platform is implemented correctly it can enable a successful DevOps environment because there's greater control over the hybrid cloud.

Hybrid cloud management is evolving

Hybrid cloud management maturity has three phases, according to Ponemon. In the first phase, hybrid IT develops organically because lines of business are procuring their own cloud solutions, typically without the involvement of IT or security.

"I think this whole cloud shadow issue is a real issue because it creates turf wars and silos," said Ponemon. "Dealing with that can be very tough and that's why we need to have management with an iron fist. There's too much at risk so some people need to be more influential than others in the decision-making processes rather than running it organically."

The companies that have matured to the second phase, use a cloud management platform (CMP 1.0), although they tend to experience disparities between the platform's capabilities and their actual DevOps requirements. The Ponemon Institute defines CMP 1.0 as “solutions providing provisioning, automation, workflow orchestration, self-service, cloud governance, single-pane-of-glass visibility, capacity rightsizing and cost management across public, private and hybrid clouds.”

By comparison, the newer CMP 2.0 platforms provide those benefits and they reduce the friction and complexity associated with microservices, containers, cloud-native applications, and DevOps. CMP 2.0 also enables corporate governance and compliance without impeding development speed and agility. Sixty-three percent of survey respondents believe CMP 2.0 capabilities would reduce hybrid cloud management costs by an average of $34 million per year. 

 For more on hybrid cloud and DevOps check out these articles:

5 Steps to Put a Faltering DevOps Plan Back on Track

5 Things You Should Know About Hybrid Cloud

Why DevOps Is Your Key to Becoming a Digital Entity

The Cloud Isn’t Just About Saving Money


Lisa Morgan is a freelance writer who covers big data and BI for InformationWeek. She has contributed articles, reports, and other types of content to various publications and sites ranging from SD Times to the Economist Intelligent Unit. Frequent areas of coverage include ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll