SmartBear announced its acquisition of QMetry, provider of an AI-enabled digital quality platform designed to scale software quality.
The calendar may read 2018, but paper-based checklists and other manual practices for infrastructure governance still rule, according to the recent State of Cloud Infrastructure Governance survey of more than 300 IT professionals, commissioned by Fugue.
While not necessarily surprising, the slowness of enterprise IT departments to embrace automated, cloud-native solutions for the cloud infrastructure challenges they face has resulted in IT infrastructure that is often ungoverned and insecure. And this is despite the fact that the cloud can be more secure as traditional data centers.
The Current State of Cloud Infrastructure Governance Is Poor
The main finding of the survey reveals that the current state of cloud infrastructure governance at enterprise organizations is poor: in spite of an ever-increasing number of security breaches, 62 percent of the survey respondents rely on manual reviews before infrastructure is provisioned, and 42 percent have no cloud infrastructure governance processes in place. So, it wasn't at all surprising that the survey further revealed that 28 percent of IT professionals aren't confident their cloud infrastructure is secure. In addition, 31 percent of application developers either don’t understand infrastructure risk or don’t know what to do to mitigate it.
Digging a little deeper into the "why" of these statistics, the number one reason IT professionals say their organizations haven't fully implemented infrastructure governance is that compliance and security slow down innovation (55 percent).
Another 44 percent say they struggle to keep track of all the infrastructure they have running, and an equal number struggle to identify and respond to infrastructure risks. More than a third (39 percent) cite the lack of collaboration between security, compliance and IT.
Some Sobering Compliance and Security Breach Statistics
Compliance issues and operations go hand-in-hand with infrastructure governance. According to the survey, 60 percent of respondents rely on manual remediation for policy violations and configuration drift, and 17 percent don’t validate compliance before infrastructure is provisioned.
This overall failure to have automated, cloud-native infrastructure governance in place has real consequences. IT departments can't be sure they're in compliance, and that brings with it significant risk, particularly if they're operating under a compliance regime like HIPAA, PCI or NIST 800-53. A reliance on manual reviews also brings the risk of human error and unacceptably long Mean Times to Remediation.
Moving to security issues, the survey showed that, when data breaches occur, the C-suite is considered responsible. Specifically, when asked who should be held accountable when a data breach occurs, nearly half (47 percent) of IT professionals said the CEO, followed by the CIO (32 percent); VP of Cloud (31 percent); CTO (23 percent); and Cloud Architect (22 percent).
Infrastructure Governance Will Improve in 2018 via Governance Automation
Only time will tell what 2018 has in store for the state of IT infrastructure governance. Based on the 2017 survey results, and what I hear in the industry, I'm confident that we're going to see more high-profile data breaches related to misconfigured cloud infrastructure. But we'll also see more focus on automated, cloud-native approaches to the problem. Enterprises will start to realize that their traditional tools and methods for compliance, security and cost controls simply don't work well in the cloud. They're inadequate in addressing the risks. They don't scale well. They slow down innovation. They waste money and resources.
The good news is that the things that make cloud governance so challenging, such as the rapid change and the nature of API-driven, software-defined infrastructure, also represent the opportunity to radically improve infrastructure governance. This is all possible today.
What's the Solution?
Optimized infrastructure governance is attainable but not with manual reviews and remediation, which are slow and prone to error. They also don’t scale. Only fully automated, cloud-native solutions can keep up with the pace of change that is outstripping human ability to govern IT infrastructure and operations in a fast, secure and compliant way.
Industry News
Red Hat signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to scale availability of Red Hat open source solutions in AWS Marketplace, building upon the two companies’ long-standing relationship.
CloudZero announced the launch of CloudZero Intelligence — an AI system powering CloudZero Advisor, a free, publicly available tool that uses conversational AI to help businesses accurately predict and optimize the cost of cloud infrastructure.
Opsera has been accepted into the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS.
Spectro Cloud is a launch partner for the new Amazon EKS Hybrid Nodes feature debuting at AWS re:Invent 2024.
Couchbase unveiled Capella AI Services to help enterprises address the growing data challenges of AI development and deployment and streamline how they build secure agentic AI applications at scale.
Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem.
Traefik Labs unveiled the Traefik AI Gateway, a centralized cloud-native egress gateway for managing and securing internal applications with external AI services like Large Language Models (LLMs).
Generally available to all customers today, Sumo Logic Mo Copilot, an AI Copilot for DevSecOps, will empower the entire team and drastically reduce response times for critical applications.
iTMethods announced a strategic partnership with CircleCI, a continuous integration and delivery (CI/CD) platform. Together, they will deliver a seamless, end-to-end solution for optimizing software development and delivery processes.
Progress announced the Q4 2024 release of its award-winning Progress® Telerik® and Progress® Kendo UI® component libraries.
Check Point® Software Technologies Ltd. has been recognized as a Leader and Fast Mover in the latest GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPPs).
Spectro Cloud, provider of the award-winning Palette Edge™ Kubernetes management platform, announced a new integrated edge in a box solution featuring the Hewlett Packard Enterprise (HPE) ProLiant DL145 Gen11 server to help organizations deploy, secure, and manage demanding applications for diverse edge locations.
Red Hat announced the availability of Red Hat JBoss Enterprise Application Platform (JBoss EAP) 8 on Microsoft Azure.
Launchable by CloudBees is now available on AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).