Security Gaps in the Digital Transformation Journey

In a recent webinar produced in partnership with 451 Research, part of S&P Global Market Intelligence, Kelly Shortridge and Fernando Montenegro discussed the elements necessary for security teams to better engage with DevOps. But to realize that kind of transformation, context is needed.

Digital transformation is a holistic process. It’s a journey that every organization goes on, and challenges are sure to arise on that journey. To drill down into some of the challenges and gaps that companies are facing, 451 Research runs their ongoing Voice of the Enterprise survey program. From that program, we’ve extracted key insights on how this process looks for many enterprise organizations and what is needed to realize the kind of coordination needed between DevOps and security.

Right now, digital transformation is real for over 90% of respondents in one of the surveys, and nearly 50% are already executing to some degree, meaning the rest are in stages of planning and evaluating potential next steps. As part of this, 60% indicated that they see IT becoming more strategic in this process. But with key skills missing in the areas of cloud expertise and information security, there are gaps to fill.

The Collaborative Nature of Digital Transformation

One of the biggest takeaways in 451’s research is that digital transformation is more collaborative and involves more people than traditional IT projects. This will have a substantial impact on security as new initiatives are implemented.

In fact, 60% of respondents now indicate that non-IT functions/roles will have more influence on decisions related to their organization’s workloads/applications.

Base: All respondents (n=510)

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019 & 2020

A number of respondents indicated they are involving more people in the conversation. As you involve more people there is more friction in communication. Getting people to communicate better across silos in a large organization is increasingly important because of this.

The Future of Workload Deployment

Another somewhat cloudy element is the deployment location for workload and applications. While  38% of respondents indicate the majority of their workloads are on-premises in 2020, only 15% respond that they expect the majority of their workloads will be on-premises by 2022, with an even split among on-premises private cloud, hosted private cloud, third-party colocation, IaaS, and SaaS making up the rest. We’re very likely to see a hybrid future in aggregate, meaning there is no single answer to future workload. Security teams need to remain nimble to respond to such diverse needs.

Q. Thinking about all of your organization’s workloads/applications, where are the majority of these currently deployed?

Q. And thinking about all of your organization’s workloads/applications, where will the majority of these be deployed two years from now?

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2020

The future is cloudy because it’s more of a hybrid. There is increased nuance around being able to support multiple environments and multiple trends. This will increase the need for communication and collaboration between stakeholders.

A Nuanced View of Modernization Destination

Another major shift seen between 2019 and 2020 is an increase in the number of respondents who indicated that they plan to modernize or refactor and shift their approach to mission-critical legacy applications and workloads. For many of these organizations, there is no direct path to the cloud. They are modernizing on-premises, with more modern applications and infrastructure architectures deployed locally. At the same time, fewer are taking a lift and shift approach to the process, down from 17% to 10% year over year.

Base: All respondents (n=496)

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019 & 2020

For years, the push had been to lift and shift everything away from on-premises to the cloud. In the last few years, that movement has reversed and many organizations are looking for more creative, hybrid approaches to maintain control over their applications and workloads. But why? Let’s take a closer look at the reasons why this is happening from both the IT and management perspective.

Driving Factors in Workload Placement Decisions

So with more organizations indicating they will modernize on-premises, what factors are influencing that decision most?

Base: All respondents

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2020

The reasons for this decision vary significantly between IT/engineering managers and senior management in an organization. For example, while 48% of respondents indicated data and system security are important, only 32% of senior management indicated this as a reason, compared to 50% of IT and Engineering managers surveyed. Contrast that with 50% of senior managers saying they want to leverage existing IT infrastructure and datacenter investments and 56% indicating they want to optimize application performance and uptime by staying on-premises, and there is a gap in the approach and reasoning behind it among respondents.

Some organizations are opting to keep more things on-prem, but the reason to do so varies significantly between stakeholders and departments. Of course, there are also some misconceptions about the security benefits of modernizing infrastructure in the cloud versus on-premises. The benefits of a distributed, immutable, and ephemeral (DIE) approach to deployment is starting to emerge in the collective consciousness of enterprise organizations and will likely significantly impact how this is viewed going forward. Regardless of future trends, however, there’s a very different understanding of security needs and benefits between people actually hands-on with the applications and those in senior management.

Determining How to Proceed with DevOps Adoption

William Gibson famously said, “the future is already here — it’s just not evenly distributed.” We’re seeing that for many organizations there is a gap in execution they are working to close. There are different perspectives on what digital transformation should look like, how it will be executed, and what benefits should be gained. Whether it’s a concern over security or the desire to amortize existing investments, a diverse range of voices will influence how organizations approach DevOps adoption.

Watch the full replay of Divided We Fail: How Security Teams Can Better Engage With DevOps to learn more about the relationship between DevOps and security teams and how existing and developing digital transformation efforts impact that relationship.