The Multi-Cloud is The New Normal, But Creates Key Security Challenges

The age of the multi-cloud is upon us, but that comes at a cost to security. In a nutshell, this is the key finding of Radware’s new research: Application Security in a Multi-Cloud World.

The report, sponsored by Radware and conducted by Osterman Research, shows the extent to which multi-cloud and hybrid cloud deployments are adopted by organizations and the security challenges they bring with them.

Although many of the findings are already recognized in common industry sentiment, the degree to which these market trends are unfolding and the speed in which they are diffused were surprising.

The Multi-Cloud is the New Normal

One of the report’s key findings is the level to which multi-cloud and hybrid cloud has become the new industry normal.

The report indicates that adoption of the public cloud, by now, is virtually ubiquitous. Only 1% of respondents are not using public cloud services to host workloads or applications, and this figure is expected to drop to a mere 0.4% during the next 12 months. This means that a full 99% (and an expected 99.6%) of organizations are currently deploying assets in the public cloud.

Moreover, once organizations migrate to the public cloud, adoption doesn’t stop there. The majority of organizations deploy applications across more than one cloud environment. Currently, 58% of respondents use two or more public cloud environments, and this figure is expected to rise to 60% during the next 12 months. Organizations using three or more cloud environments increased in the past 12 months from 13% to 21% and is expected to rise to 25% a year from now.

At the same time, 42% of organizations are using a single public cloud environment, down from 47% 12 months ago.

[You may also like: A New Security Approach for the New Age of the Multi-Cloud]

On-Prem Datacenters and Private Clouds Aren’t Going Anywhere

In parallel to the increased adoption in multi-cloud deployments, on-premise data centers aren’t going anywhere, either.

According to the survey results, 81% of organizations still deploy applications on hardware-based, on-premise data centers. This is slightly down from 84% last year and expected to go down to 76% within 12 months. Although the findings show that usage of on-prem data centers is slowly trending down, they also indicate that more than three out of four organizations fully expect to be using their hardware data centers next year.

In addition, the report shows the extent to which private cloud deployments are embedded within organizations. Today, 82.6% of organizations deploy applications in a private cloud setting, which is actually expected to increase slightly to 82.8% within 12 months.

The survey also looked at the aggregate number of platforms organizations are running — combinations of on-premise data centers, private cloud services, and multiple public cloud environments. The results showed that 41% of respondents are currently running across three different environments, 34% are running on four platforms, and 10% are running across five or more environments.

A case in point, 45% of respondents are deploying applications in on-prem data centers, on private cloud services, AND at least two public cloud environments.

Multiple Environments Leading to Security Gaps

The survey examined not only the proliferation of computing and cloud environments, but also the related security implications. The results show that as organizations increase the number of cloud platforms they use, they also increase their risk and chance of data exposure and breach.

Over half of respondents (51%) indicated that the quality of protection of cloud applications is a ‘problem’ or ‘extreme problem.’ Similarly, 41% of respondents believe that unified visibility (logging and reporting) across multiple environments is a problem or extreme problem, and 38% believe the same of security coverage and protection between platforms.

Emphasizing this point, only 30% of respondents were ‘confident’ or ‘extremely confident’ in their ability to apply consistent and robust application security across multiple cloud environments.

The biggest problem, however, is that discrepancies between cloud environments are leading to serious application and data risks. According to the survey, 69% of respondents acknowledged that they knew about data breaches or exposures due to variations in how application security was configured across different cloud platforms.

[You may also like: Securing Applications in the Multi-Cloud: Where Should Organizations Start?]

Numerous Barriers to Achieving Multi-Cloud Application Security

In addition to admitting to general security challenges posed by cross-cloud application deployment, respondents also provided insights into key barriers. Respondents rated the following activities as ‘significant’ or ‘extremely significant’ challenges:

  • Sharing applications’ SSL keys with third-party security vendors (50%)
  • Making changes to DNS routing to redirect application traffic to security tools (50%)
  • Having tools only secure applications on a single platform (e.g., one specific cloud environment) (48%)
  • Latency added by existing security solutions (40%)

When respondents were asked about which security capabilities were important, some of the key responses included:

  • Threat intelligence on current and emerging threat vectors (62% indicating ‘important’ or ‘extremely important’)
  • Consistent security, logging, management and reporting across all on-premise, private cloud and public cloud environments (54%)
  • Best-in-class tools that protect against a specific attack vector, but can be integrated with other tools for comprehensive protection (49%)
  • Deployment without changes to DNS routing (46%)
  • Comprehensive protection against multiple attack vectors (e.g., web, API, DDoS and bot attacks) within a single tool (41%)

As the results above demonstrate, organizations understand the requirement for achieving full application security in cross-cloud environments, which is at once high-quality, comprehensive, frictionless and centralized.

The challenge for vendors, however, is coming up with innovative, out-of-the-box solutions, which address these needs within the context of a cloud-first approach.

Click here to get a copy of the full report, highlighting our key findings.

Register for a special webinar with experts from Radware and Osterman Research, who will discuss the results of this survey and the cybersecurity implications.

Eyal Arazi

Eyal is a Product Marketing Manager in Radware’s security group, responsible for the company’s line of cloud security products, including Cloud WAF, Cloud DDoS, and Cloud Workload Protection Service. Eyal has extensive background in security, having served in the Israel Defense Force (IDF) at an elite technological unit. Prior to joining Radware, Eyal worked in Product Management and Marketing roles at a number of companies in the enterprise computing and security space, both on the small scale startup side, as well as large-scale corporate end, affording him a wide view of the industry. Eyal holds a BA in Management from the Interdisciplinary Center (IDC) Herzliya and a MBA from the UCLA Anderson School of Management.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center