Maksim Kabakou - stock.adobe.com
Demand for cloud computing continues to soar, but there are concerns that many Australian and New Zealand (ANZ) enterprises need to develop more sophisticated cloud and data management capabilities, so they can reap the full benefit of cloud services and not be exposed to security breaches.
Worldwide, technology analyst firm Gartner predicted a 17.3% surge in demand for public cloud services, taking the market globally to $206bn in 2019. In Australia, cloud demand is rising even faster, with the local market expected to grow by 20.6% to reach A$5.6bn over the next year.
Meanwhile, rival analyst IDC predicted that although just four public clouds will host 80% of cloud infrastructure and platform services, the overwhelming majority of enterprises will have multicloud and hybrid cloud architectures in place.
It pointed to an era when enterprises would need a sophisticated grasp of cloud orchestration and data management. A recent IDC report on cloud maturity in Asia-Pacific showed that 85% of organisations in the region are still in the early stages of cloud maturity – although it identified Singapore, Australia and New Zealand users as somewhat more advanced.
The findings serve as a reminder that no matter how committed an organisation is to cloud, it cannot abdicate its responsibilities for keeping data secure and private and ensuring the services it provides to customers are up and running.
In September 2018, the Australian Prudential Regulation Authority (APRA) released a paper on the use of cloud computing, stressing that “the nature of cloud computing services necessitates the allocation of responsibility for the implementation of controls between the provider and the client”.
The APRA noted that while cloud suppliers have contractual obligations to their clients, enterprises cannot entirely outsource their obligations.
Instead, enterprises should have a strategy that would allow them to continue operations and meet obligations following a loss of service, preserve the quality and security of critical and sensitive data, and comply with legislative and prudential requirements.
This is commonly referred to as the shared responsibility model – an area where Australian enterprises might be a little undercooked.
Elliott Spira is co-founder and chief technology officer (CTO) of GorillaStack, an Australian company that works with enterprises and small to medium-sized businesses to manage cloud resources.
GorillaStack, however, tends to get called in to work with a company that is nearing the end of its cloud migration when it is hitting some level of scale. Some of these businesses, Spira said, are nascent cloud users without much cloud security.
Cloud skills gap
Spira also touched on cloud skills, or the lack thereof, as companies moved to the cloud. “No one is going to be able to do something they have never done before. There’s a quantum jump between running your own datacentre to consuming computing through an API [application programming interface],” he said.
“And even if you bring in a consultant, you still need expertise on your own team. Data has a lifecycle, a system has a lifecycle and at some point it becomes legacy and will need to be rebuilt,” he said, adding that this is when the internal cloud skills become essential.
Internal skills are also critical to meet the shared responsibility that APRA requires. While only a segment of Australian business is regulated by APRA, its cloud paper provides useful guidance on the sorts of issues that cannot be simply be handed over to a third-party cloud supplier.
These include identity and access management, incident detection and response management, data loss prevention, vulnerability management, configuration management, encryption and key management. In addition, oversight of the scope and coverage of audits initiated by the service provider, as well as planning for business recovery in the event of a cloud failure or outage, are just as critical.
Data management snags
As companies move to multiple and hybrid cloud architectures, the challenges become magnified. According to Nigel Mendonca, ANZ country manager for Tableau, the days of organisations trying to hold everything in a single repository are over.
Mendonca said enterprises recognised the need to seek insights from multiple data sources – in-house, in the cloud and from third parties. The more experienced Australian organisations were comparable to the rest of the world in terms of orchestrating that data, he added.
However, Mendonca acknowledged that there was a big gap between leaders and laggards, and that Australia was probably a little behind international peers in terms of its move to democratise access to data regardless of where it was held.
He advised organisations to look at the data they have before moving it to the cloud. “What sorts of compliance obligations do you have? Are you subject to the GDPR [General Data Protection Regulation]? Once it’s classified, you can map out what data lives where.”
GorillaStack’s Spira called for cloud users to carefully review different cloud offerings to ensure they have one that meets the requirements of data that will be stored there.
The biggest mistakes he had seen were from organisations which had not considered tagging or indexing their data so they could find it again. “To tag manually is a pain, but you can automate it from the beginning,” he said.
Pooyan Asgari, chief data officer of Domain Group, said Australian enterprises were “not that mature” in terms of their approach to cloud management and use of data, ranking most businesses an “early stage two” out of a possible four stages of maturity.
He stressed the importance of cloud computing as it makes information easier to access and share, but noted that this often required businesses to add another layer to their infrastructure – using systems such as Snowflake to get a single view of data across multiple clouds.
Ramneek Gupta, managing director and co-head of venture investing at Citi Ventures, said at the recent Sibos conference in Sydney that one of the challenges facing many organisations worldwide was that while many aspired to having data lakes, many managed little more than “data puddles”.
Gupta said as data has a form of density or gravity, and to be able to extract insights from data, it was important for organisations to create a virtualised data collection and an abstraction layer called a data fabric on top of that. This would require a degree of cloud wrangling maturity that has yet to be developed by many Australian enterprises.
Read more about cloud computing in Australia
- Virtualisation juggernaut VMware rolls out its hybrid cloud service in Australia and halves the entry price to sweeten the deal for enterprises.
- The Australia and New Zealand Banking Group has signed up for the Google Cloud Platform to help its bankers deliver data insights to institutional customers.
- Organisations in Australia and New Zealand are bullish on IT spending, particularly in cloud infrastructure services and cloud applications, a TechTarget study has found.
- The Digital Transformation Agency has become the first government agency in Australia to test the use of Microsoft Office 365 in a secure cloud.