Cloud Infrastructure Governance Has Room for Significant Improvement in 2018
February 08, 2018

Josh Stella

The calendar may read 2018, but paper-based checklists and other manual practices for infrastructure governance still rule, according to the recent State of Cloud Infrastructure Governance survey of more than 300 IT professionals, commissioned by Fugue.

While not necessarily surprising, the slowness of enterprise IT departments to embrace automated, cloud-native solutions for the cloud infrastructure challenges they face has resulted in IT infrastructure that is often ungoverned and insecure. And this is despite the fact that the cloud can be more secure as traditional data centers.

The Current State of Cloud Infrastructure Governance Is Poor

The main finding of the survey reveals that the current state of cloud infrastructure governance at enterprise organizations is poor: in spite of an ever-increasing number of security breaches, 62 percent of the survey respondents rely on manual reviews before infrastructure is provisioned, and 42 percent have no cloud infrastructure governance processes in place. So, it wasn't at all surprising that the survey further revealed that 28 percent of IT professionals aren't confident their cloud infrastructure is secure. In addition, 31 percent of application developers either don’t understand infrastructure risk or don’t know what to do to mitigate it.

Digging a little deeper into the "why" of these statistics, the number one reason IT professionals say their organizations haven't fully implemented infrastructure governance is that compliance and security slow down innovation (55 percent).

Another 44 percent say they struggle to keep track of all the infrastructure they have running, and an equal number struggle to identify and respond to infrastructure risks. More than a third (39 percent) cite the lack of collaboration between security, compliance and IT.

Some Sobering Compliance and Security Breach Statistics

Compliance issues and operations go hand-in-hand with infrastructure governance. According to the survey, 60 percent of respondents rely on manual remediation for policy violations and configuration drift, and 17 percent don’t validate compliance before infrastructure is provisioned.

This overall failure to have automated, cloud-native infrastructure governance in place has real consequences. IT departments can't be sure they're in compliance, and that brings with it significant risk, particularly if they're operating under a compliance regime like HIPAA, PCI or NIST 800-53. A reliance on manual reviews also brings the risk of human error and unacceptably long Mean Times to Remediation.

Moving to security issues, the survey showed that, when data breaches occur, the C-suite is considered responsible. Specifically, when asked who should be held accountable when a data breach occurs, nearly half (47 percent) of IT professionals said the CEO, followed by the CIO (32 percent); VP of Cloud (31 percent); CTO (23 percent); and Cloud Architect (22 percent).

Infrastructure Governance Will Improve in 2018 via Governance Automation

Only time will tell what 2018 has in store for the state of IT infrastructure governance. Based on the 2017 survey results, and what I hear in the industry, I'm confident that we're going to see more high-profile data breaches related to misconfigured cloud infrastructure. But we'll also see more focus on automated, cloud-native approaches to the problem. Enterprises will start to realize that their traditional tools and methods for compliance, security and cost controls simply don't work well in the cloud. They're inadequate in addressing the risks. They don't scale well. They slow down innovation. They waste money and resources.

The good news is that the things that make cloud governance so challenging, such as the rapid change and the nature of API-driven, software-defined infrastructure, also represent the opportunity to radically improve infrastructure governance. This is all possible today.

What's the Solution?

Optimized infrastructure governance is attainable but not with manual reviews and remediation, which are slow and prone to error. They also don’t scale. Only fully automated, cloud-native solutions can keep up with the pace of change that is outstripping human ability to govern IT infrastructure and operations in a fast, secure and compliant way.

Josh Stella is CTO of Fugue
Share this

Industry News

February 27, 2020

Datadog announced an integration with Nessus from Tenable.

February 27, 2020

Talend announced the Winter ‘20 release of Talend Data Fabric.

February 27, 2020

Alcide announced that the Alcide Kubernetes Security Platform now supports compliance scans for PCI and GDPR, enabling DevOps to deliver regulatory compliance checks rapidly and seamlessly alongside Alcide’s leading Kubernetes security capabilities.

February 26, 2020

Perforce Software released a free tool for organizations considering open source software - OpenLogic Stack Builder.

February 26, 2020

Applause announced a new partnership with Infosys to provide broader end-to-end digital experience testing services to clients.

February 26, 2020

RapidMiner announced the release of its platform enhancement, RapidMiner 9.6. This update prioritizes people – not technology – at the center of the enterprise AI journey, providing new, unique experiences to empower users of varying backgrounds and abilities.

February 25, 2020

JFrog announced the availability of the "JFrog Platform," a hybrid, multi-cloud, universal DevOps platform.

February 25, 2020

Nureva added new agile canvas templates to Span Workspace, including a heat map developed by Jeff Sutherland, the co-creator of Scrum and founder of Scrum Inc. and Scrum@Scale.

February 25, 2020

Agiloft announced the addition of its new Agiloft AI Engine, complete with prebuilt AI Capabilities for contract management and an open AI integration that allows customers to incorporate custom-built AI tools into the no-code platform.

February 24, 2020

Cloudify announced that its latest product update - Cloudify version 5 - features an Environment as a Service component, designed to achieve consistent delivery and management of hybrid-cloud services and network infrastructures across CI/CD pipelines - at scale.

February 24, 2020

Checkmarx announced new enhancements to its Software Security Platform to empower more seamless implementation and automation of application security testing (AST) in modern development and DevOps environments.

February 24, 2020

Rapid7 and Snyk announced a strategic partnership to deliver end-to-end application security to organizations developing cloud native applications.

February 20, 2020

The American Council for Technology and Industry Advisory Council (ACT-IAC), the premier public-private partnership dedicated to advancing government through the application of information technology, officially announced the release of the DevOps Primer.

It was produced through a collaborative, volunteer effort by a working group from government and industry, hosted by the ACT-IAC Emerging Technology Community of Interest (COI).

February 20, 2020

DLT Solutions, a subsidiary of Tech Data, launched the Secure Software Factory (SSF), a framework that provides the U.S. public sector with consistent development and deployment of high-quality, scalable, resilient and secure software throughout an application’s lifecycle.

February 20, 2020

Netography announced the general availability of the company’s Security Operations Platform.