EMEA is set for a dynamic year in this respect, as the average organisation plans to deploy 18 app services in the next 12 months, compared to the 2016 global average of just 11. As the threat landscape continues to evolve in complexity, speed and availability were for the first time deemed less important that overall application protection, with the most important services cited including network firewalls, anti-virus and SSL VPN solutions.
The highest area of investment for 2017 in EMEA was the use of on-premise private clouds (46%). Almost half of respondents (48%) stated the private cloud would have the most strategic importance to their organisation in the next two to five years, and that three quarters (76%) of their apps would be in the cloud by 2017.
The most important security feature was that the cloud should provide the same level of security and auditability as other similar on-premises services (61%). This hints that organisations are concerned about the disruption moving to the cloud can have on operations.
Nevertheless, respondents indicated that a shift towards a more agile, multi-cloud world is gaining momentum. Globally, four out of five respondents indicated they are adopting hybrid cloud models. The main challenge here is maintaining consistent security policies across multiple environments (25% of respondents).
“Businesses are putting their money where their strategy is when it comes to cloud,” said Martin Walshaw, senior engineer, F5 Networks.
“There are still challenges to overcome but the global shift to embrace hybrid scenario clearly shows a growing recognition that agility and speed can be achieved without compromising security, provided there are consistent policies and solutions in place.”
On a global scale, the more apps a company has deployed, the greater motivation to reap the operational benefits of the cloud, with respondents running the largest number of applications (3,000+) reporting the highest percentage of apps in the cloud.
A new era of security vigilance is required as security teams expand beyond traditional firewalls and legacy enterprise perimeters. Organisations with a web application firewall (WAF) and DDoS mitigation services had the highest confidence in their ability to withstand an application-level attack and interestingly, cloud-first organisations have more confidence in their security.
“This past year, not a week went by without some hack or vulnerability making the headlines,” said Walshaw. “And yet there is no sign that security breaches are slowing digital transformation. Our report shows how the sometimes-competing demands of customer and data protection inform companies’ deployment of apps and app services, and can usher in security best practice at a time when it’s needed most.”
The top security challenges cited were the increased sophistication of attacks (64%) followed by employees underestimating the impact of not following security policy (53%). However, despite over half naming employees as one of the top challenges, a third (32%) admitted a lack of IT security skills or training within a company was challenging.
On a global scale, the increase in app services and continued expansion to the cloud is driving organisations to automation and orchestration to scale operations across environments. As a result, over half of respondents now view API-enabled infrastructures and templates as important, up from 31% and 22% last year, respectively. Scalability and OpEx reduction remain the top two drivers for the use of SDN frameworks and companies are increasingly showing a tendency toward standardisation, with 39% relying on only one framework in 2017, compared to 32% in 2016.