top of page

To The Cloud & Beyond

By AJ Tomas

 


 

Summary


Despite the dislocations caused by the pandemic, 2020 was arguably a banner year for cloud computing. The top cloud-native companies raised private capital at sky-high valuations. HashiCorp raised $175 million at a $5.1 billion valuation, and Stripe was reportedly in talks to raise a new funding round at a $70 billion+ valuation. In the public markets, Snowflake’s IPO was one of the most anticipated public offerings of the year, opening at $245 per share. The adoption of public clouds such as GCP, AWS, Azure, continued to accelerate as teams were forced to work in distributed environments. Survey results show that both enterprises and SMBs are looking to increase their workloads and data stored in the public cloud within the next twelve months.


We are certainly still in the early stages of the cloud. Companies that already have tremendous scale are continuing to grow in the double digits. Looking to the decade ahead, we can expect to see more equity value generated by cloud companies and the continued migration towards the public cloud. Therefore, with all of the workload and data on the public cloud, the need for companies to continuously secure information in an agile development environment and against dynamic new threats will become increasingly mission-critical. Currently, the average cost of a data breach is between $8.64 million and, on average, it takes 279 days to identify a breach. These attacks have material impacts on business organizations. Cloud-deployed SaaS solutions will be able to help developers secure the infrastructure before or during deployment, and continuously monitor the company’s assets.


Even in these early days of the cloud and cloud security software in particular, we are already starting to see venture investing giants like Sequoia Capital, New Enterprise Associates, Lightspeed Ventures and Index Ventures back emerging technologies that protect cloud assets.


Cloud In 2020


Private and Public Cloud Companies


The data collected and aggregated by Bessemer Venture Partners illustrates the growth story of the cloud. 2019 to 2020 was specifically a year of many milestones for cloud companies as a whole. Enterprise SaaS and IaaS both crossed the $100 billion run rate. The private cloud crossed the $1 trillion market capitalization marker. However, there are two sets of figures in particular stand out. First, the tremendous creation of equity value, particularly over the last four years, illustrates that businesses are embracing the benefits of the public cloud and how it can empower businesses to create and capture value in new ways. Second, companies that are already at scale continue to grow in the double digits. This is because cloud powers software products. It is the engine driving the continued growth of software. As such, if software is powering the technology industry as it eats the world, and “cloud is eating software,” then the cloud’s TAM goes beyond just the software market, extending to a portion of the technology industry as a whole.


Cloud Utilization


Leveraging the public cloud empowers businesses in many ways from facilitating collaborative continuity to provide new technological solutions to their customers. Most enterprises are currently adopting a hybrid cloud strategy. This involves either having multiple public clouds and multiple private clouds, or utilizing multiple public clouds while maintaining a singular private, on-premise cloud. As the data shows, public cloud adoption (i.e., Google Cloud Platform, Amazon Web Services, Microsoft Azure) is accelerating amongst enterprises and SMBs.


Flexera’s annual State of the Cloud report sampled 750 businesses (enterprise and SMB) across North America and Europe. More specifically, organization decision makers such as CTOs were asked to answer a series of detailed questions about their current and planned future cloud usage. There are four key takeaways from the survey data.


1. Cloud Strategies: Multi-cloud and Hybrid cloud

A snapshot of where enterprise workloads and data are being stored.


2. Migration: Increased Public Cloud Adoption


The following 3 key indicators together point to the increasing migration of SMB and enterprise data to the cloud. First, over 47% of respondents have self-reported a cloud spend of at least $2.4 million. Second, both enterprises and SMBs claim that their organization, pre-pandemic, has already been planning to increase their workloads and data stored on the public cloud over a 12 month time frame. Finally, despite the pandemic, a majority of businesses project their cloud spend to increase. COVID-19 has helped accelerate existing public cloud migration tailwinds due to the critical need to digitize certain services and the difficulties of utilizing an on-premise solution during a pandemic.


3. Cost Sensitivity: Demand for Centralized Software Platforms


Businesses are becoming less willing to pay for multiple cybersecurity vendors. 82% of the sampled enterprises indicated that managing their cloud spend is a challenge. Both enterprises and SMBs alike exceed their cloud spend budgets by an average of 23% and estimate 30% of their cloud spend is wasted. Organizations are ultimately looking for a unified platform that allows their internal IT and developer teams to run multi-functional software that enables the company to protect their sensitive data themselves. As such, software-as-a-service will continue to be the prominent method of delivery, moving away from the conventional account-based enterprise sales model of legacy cybersecurity software vendors.


4. Security: Searching for Scalable, Cost-Effective Solutions


Despite the challenge of managing cloud spend, security remains the foremost top-of-mind issue to business organizations. As the data shows, 83% of enterprises indicated that security is the top challenge versus spend, governance, and expertise. This concern for securing their cloud infrastructure is reflected in the use of tools such as Ansible and HashiCorp’s Terraform to configure their cloud. This is because even simple port misconfigurations could result in businesses leaving the proverbial front door to their enterprise network open.



Investment Themes in Emerging Cloud Technologies


The exponential growth in value of cloud companies and the accelerating migration to the cloud is a popular topic of discussion within the technology community. Looking to the future, we are still in the early days of the cloud and, as Bessemer Venture Partners predicts, the growth in equity value of private cloud unicorns will continue along the exponential path. As such, with more workloads and data in the cloud, a key concern arises: protecting information that is being stored and utilized in the public cloud.


A lot of legacy vendors on-premise cloud cybersecurity companies are obsolete; they’re not fit to protect cloud-native assets. The shared responsibility model of the public cloud is also a cause of confusion for many businesses as they do not understand what their cloud service provider is responsible for. These problems are further confounded by the fact that malicious agents are utilizing automated tools to hack into enterprise networks and illicitly obtain sensitive information.


In sum, the pain points facing enterprises and SMBs alike can be grouped into three high-level buckets.


1. Complexity

- Difficult to enforce thousands of rules in distributed environments

- Misunderstanding of what the cloud service provider is responsible for


2. Visibility

- Difficult to uphold shared responsibility model due to poor visibility into

cloud assets

- Inability to effectively monitor the most basic level issues and

misconfigured controls which lead to the exposure of data storage

resources to the internet

3. Dynamism

- No distinct “permeter” to defend in the public cloud

- Ever-changing threats driven by malicious agents using automated tools


Theme 1: Investing in the DevOps Shift Left

  • Developers are important decision makers within organizations and are often the point of target in the bottoms-up SaaS sales model

  • Developers need tools with a specific set of features that enable them to adapt to agile development process

  • As developer teams continue to work in distributed environments, they need policy frameworks that will allow them to ensure compliance at scale

  • DevSecOps has to stay on pace with the dynamic surface of attack generated by new, automated threats

“…the pattern that I recognized actually goes all the way back to when I was a product manager in the Windows group. And I saw that developers don’t want to have to deal with complexity — they want to have the complexity managed for them.”

- Scott Sandell, Partner at New Enterprise Associates


Theme 2: Investing in Cloud Asset Visibility


Businesses not knowing what assets they have convolutes the ability for IT professionals to identify policy violations and remediate security threats. More importantly and arguably lesser known, is the security vulnerability due to zombie cloud resources. In fact, some of the most recent, high-profile data breaches stemmed from a vulnerability generated by orphaned infrastructure that invited hackers into the organization’s cloud environment. Enterprises therefore need to have a clear inventory of their cloud assets in order to identify any potential threats and quickly remediate breaches.


Clearer asset inventories would also help enterprises control the costs associated with securing their cloud networks. Enterprises are in fact beginning to use automated tools that, for example, shut down workloads after hours and rightsize instances. The next generation of tools will be able to facilitate more nuanced policies that help businesses manage their cloud spend as well as keep their data secure.


Key Features to Watch

  • Remediation: Auto-remediation vs. One-click Fix

- Faster time to remediation → Lower the potential magnitude of breach

- Time is MONEY! → Opportunity cost for a developer’s time is high


  • Policy Implementation: Policy-as-Code Frameworks

- Codify security policies to ensure adherence to best practices, test policies

before or during deployment, and facilitate compliance at scale

- According to a survey conducted by the SANS Institute in May 2020, policy

execution automation and threat hunting automation are the leading

priorities of the sampled developers


  • Number of Clouds Supported

- A singular, unified solution for enterprises that utilize multiple public

clouds

  • Compliance Auditing

- Features that collect and aggregate specific sets of information particularly

for businesses in highly regulated industries like healthcare and financial

services.

Comments


bottom of page