Cloud & Security
Key Takeaway:
Several reports project organizations' mass adoption of the cloud in the upcoming years (as much as 60% in 2 years) with proven value in multiple use cases. This movement will promote a pro-security posture and install digital immune system practices that benefit customers. As a consequence, a closer regulatory oversight is expected.
Trend Type: Technology
Sub-trends: Kubernetes investment proliferates, Companies cloud mass adoption, Industry Cloud Platforms, Security Opportunity
Mckinsey’s research shows that companies are looking to move about 60 percent of their IT estate to the cloud by 2025. They estimate $3 trillion of EBITDA value is up for grabs by 2030 in companies worldwide. The value across the 700 use cases Mckinsey has analyzed breaks down into the following areas:
i) “Rejuvenate” includes the value from IT savings, operational cost savings, and digital risk reduction. The total value at stake is $873 billion in EBITDA, with IT cost optimization improvements accounting for $155 billion, digitization of core operations for $311 billion, and improved business resilience and risk reduction for $407 billion.
ii) “Innovate” includes the value that is essentially revenue related, with use cases such as advanced analytics, IoT, and automation driving growth, optimizing business operations, and improving time to market. The total value at stake is $2.3 trillion in EBITDA, with $612 billion coming from innovation-driven growth and $1.7 trillion from accelerated product development and hyper scalability.
iii) “Pioneer” covers the range of emerging technologies, including creating new, cloud-based business models and integrating with cutting-edge technologies such as 5G, blockchain, and quantum computing. These technologies are still relatively new, so their impact cannot be accurately quantified.
And although general cloud solutions might serve part of the organizations’ needs while moving their IT estate, industry clouds create value for organizations by incorporating cloud services traditionally purchased separately into pre-integrated but customizable industry-relevant solutions. As such, they can increase organizational agility, speed innovation, and accelerate time to value. On that note, Gartner predicts that by 2027, more than 50% of enterprises will use industry cloud platforms to accelerate their business initiatives.
In addition – and very much in line with McKinsey – Forrester predicts that in 2023, 40% of firms will take a cloud-native-first strategy. In its 2022 Infrastructure Cloud Survey, it was revealed that cloud decision-makers had implemented containerized applications which now account for half of the total in decision-makers organizations. Kubernetes (K8s) are orchestrating them at scale. Therefore, in 2023 organizations will accelerate investment in K8s as a distributed compute backbone for current applications and new workloads that can run more efficiently in K8s’ environments. These workloads will span a range of technology domains, including AI/ML, data management, IoT, 5G, edge computing, and blockchain. K8s will also propel application modernization with DevOps automation, low-code capabilities, and site reliability engineering.
And with companies already making much more significant commitments to modernizing their tech through moving to the cloud in 2022, not only the pace of development can increase as much as ten times, but security has changed from being a blocker to being an enabler with the security role being given central stage. The critical point isn’t that the cloud is more secure; moving to the cloud offers companies a huge opportunity to rethink their security posture. In 2023 that trend will accelerate as security becomes much more automated, partly thanks to the investments cloud service providers (CSPs) are making in their own risk capabilities and tooling.
The other significant shift we can expect regarding cloud and risk is in the regulatory environment. As more heavily regulated industries such as banking and pharma move to the cloud, regulators are rethinking the pressure points. They are already becoming more prescriptive about security and compliance standards and are considering other issues, such as the significant concentration risk. What if one of the big CSPs goes down, and 30 banks go with it? In 2023, we expect to see the contours of new policy start to emerge.