An August Abundance of Data
#Clouds, costs, and identity. There's a common theme running through all the cloudy reports lately, whether focused on #security or not - costs. The cost of a breach, the cost of managing a multi-cloud menagerie, the cost of not paying attention to consumer perceptions.
Maybe it's the macro-environment, but there is suddenly a huge spotlight on the cost of everything. It's typically said that complexity is the enemy of security, but it's starting to look like complexity is also the enemy of efficiency and budgets. Apparently, complexity does not play well with others.
To find out just how anti-social complexity is, let's dig into the data!
Complexity Causing Conflicts
Cisco 2022 Hybrid Cloud Report Despite using the term hybrid to describe what is really multi-cloud - which is like saying 'gnarly' instead of 'sick' today - this report had some great insights beyond the expected validation that multi-cloud is a thing and yes, increased operational complexity is a top challenge for multi-cloud. The most interesting insight?
58% of respondents are moving workloads between on- and off-premises environments weekly
This report from Tanzu - wait, VMware, no wait, Broadcom - had some really good data points around observability. Like some deep, full-stack points which was meta enough to make me do a little dance. In particular, this question was worth the entire survey as it illustrated exactly why full-stack #observability is increasingly important to every organization.
How many technologies (clouds, microservices, networks, VMs, containers, storage, APIs, etc.) are involved in a typical cloud application request:
I read this every year, and every year I wonder if the researchers have cool superhero names like Rogue and Storm and Wolverine. Cause that'd be SO cool. And then I want one, but I can't decide what it would be. Anyway, this research found (gasp) that most (79%) organizations aren't deploying a #zero-trust architecture. Sorry, but that's not surprising given that (a) most vendors can't define what that means, let alone customers and (b) it's still early days. Give it another 1-2 years, and that number will flip on its head. In other news, this study found that the average cost of a data breach was $4.35M USD.
But wait, there's more! Apparently, 60% of organizations studied stated that they increased the price of their services or products because of the data breach.
If I had written this, it would have read: 60% of organizations studied admitted that they increased the price.
New to me Jumio (which means this report is doing at least one of its jobs) polled consumers about their perceptions of digital identity and related stuffs.
Recommended by LinkedIn
The study found that 2/3 of consumers would be more likely to engage with a financial services business if they have robust identity verification.
The question I have is this: are financial services institutions clearly articulating their identity verification process publicly or as part of the onboarding experience? Cause I want to know how consumers are learning this information. And what constitutes robust? I have questions, the report does not have answers.
Another new to me (good job, marketing!) vendor provided some awesome insights about digital asset and risk management. Really, this one was super good and it was hard to choose just one factoid to share, so I picked a multi-data point one.
58% of organizations confirm they have 75% asset coverage. Leaving 42% with very spotty coverage for business critical categorization for assets.
This is important, because if you cannot correctly categorize a digital asset, you cannot correctly manage access to it or apply the proper level of security controls to protect it.
And finally, another new company and report. I stumbled on this one courtesy of my friend David Linthicum, who pointed out that the technical challenges of multi-cloud are finally coming home to roost by causing budgetary pain.
Nearly half (49%) said that managing complex multicloud environments was a core challenge to managing cloud costs. This may be in part due to the number of tools being used to manage multiple clouds - 38% use 3, 32% use 2, and 21% use 4 or more.
Interesting Reads
Things I read that I found interesting enough to actually 'save' and make a note about.
The key point made in this one is that legacy identification methods – paper-based proof – was not designed for a digital world. That seems obvious, but consider that photocopies/images of official (government issued) documents are not recognized as actual proof for most things. The blog also highlights the importance of protecting #privacy as we try to move forward with digital identity initiatives – a task at which we have thus far proved incapable of succeeding. Also note that this issue will continue to be raised if the #metaverse actually starts to become a thing people want to use.
Yes, I did say "if".
And that's all I'm going to say about that.
Although I left the field quite a while ago, I was delighted to see this article hit my inbox. May I never stop learning from your insights. Thank you, Lori!