‘Captivity Clouds’ – A Trap For Modern Day Security Leaders
Posted: Thursday, Apr 18

i 3 Table of Contents

‘Captivity Clouds’ – A Trap For Modern Day Security Leaders

Today, many organisations are trapped in what’s known as a ‘captivity cloud,’ where they are locked-in with a single product or service but face substantial challenges when attempting to integrate or transition to other solutions and providers across the broader cloud ecosystem.

Captivity clouds have left organisations within the confines of heavily restricted ecosystems. Many are finding their tool sets severely limited and, in some cases, hampering their ability to effectively address and navigate security threats, sparking significant concerns among security teams and chief security officers (CSOs).

How Did We Get Here?

In the last several years, organisations across Australia have seen a dramatic increase in the adoption of SaaS-based applications to help teams efficiently and collaboratively operate in a hybrid work environment. However, as cloud computing becomes increasingly universal, it’s becoming equally competitive, with large providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure left fighting to maintain their share of the market.

Historically, the underlying hardware between the major platforms has remained largely homogenous, leaving cost-based differentiation as the primary revenue strategy for many large providers. However, they still need new ways to attract growth, and bundling in and releasing custom platform-specific software provided an exciting competitive route. Unfortunately, this has left customers having to pick between seemingly similar software solutions that are beholden to a specific cloud provider, or alternatively, a third-party non-lock-in software solution.

How Are These Practices Hamstringing Businesses?

IT and security teams have been handed a monumental challenge: connect remote teams, on-premises teams and infrastructure, multiple cloud environments, SaaS apps, and more, so they function like a single, secure environment. But doing so is difficult with a range of incompatible infrastructure reducing operability and cohesion.

With providers prioritising service consumption over interoperability and imposing constraints like egress fees, lock-in practices, and uncompetitive bundling, businesses feel powerless over their IT space; in fact 40% of IT and security leaders acknowledge that they’re losing control over their IT and security environments due to current systems.

For CISOs and security teams, this issue is further compounded by the diverse policies and security control points imposed by different cloud providers, exacerbating the challenge of effectively managing data flows and policies. What’s worse is that this is happening at a time when many are also contending with a surge in cybersecurity incidents. Services built around the initial product that draws businesses in are often not tailored to the organisation’s specific security needs, leaving businesses vulnerable to a number of threats and challenges. In addition, over-reliance on multiple cloud providers can lead to a decreased emphasis on maintaining a strong security posture, creating a cumbersome environment that CISOs then have to navigate.

Security issues come to light when organisations conduct a security audit which identifies new threats or weaknesses that must be addressed, requiring new solutions and products. If some of those products have proprietary parts that don’t slot into other security products, teams suddenly find themselves wasting time trying to get everything to work together rather than focusing on and preparing for cyber threats. Needless to say, this is not an effective security approach for any organisation targeted by ransomware, spear phishing, and other types of cyberattacks, especially when a business’s reputation, data and systems are on the line.

How To Break Free?

Organisations should have the flexibility to choose elements from various cloud providers and seamlessly migrate data to foster innovation and leverage optimal features. This is where the ‘Connectivity Cloud’ comes in, a unified, programmable cloud platform approach that delivers secure, performant, any-to-any connectivity between all networks (enterprise and Internet), cloud environments, applications and users. It encompasses a variety of security, connectivity, and developer services, but most importantly, it allows organisations to fit solutions in wherever needed and consolidate many critical services onto a single platform with unified visibility and control.

A staggering 98% of organisations acknowledge the immense value a connectivity cloud that offers secure, performant, and “any-to-any” connectivity has, with nearly half believing it would accelerate digital transformation and reduce the attack surface area. Leaders also foresee increased productivity, faster time-to-market, and overall revenue growth by adopting such a solution.

Transitioning to connectivity clouds doesn’t necessitate an all-at-once approach; instead, it can be achieved incrementally, whether through individual connections, websites, or users, empowering organisations to reclaim control and realise the full potential of their cloud services one step at a time.

Steve Bray
Steve Bray is Head of Australia and New Zealand at Cloudflare. In this role, he is responsible for leading the company’s mission in the region of delivering a safer, faster, and more reliable Internet experience. This includes growing Cloudflare’s presence and brand recognition in Australia and New Zealand and optimising its reach to customers through sales and channel partners. Steve has over 25 years of experience across innovative cloud-based software companies and has held multiple leadership positions in multinational tech companies, including Salesforce, Zendesk, and Oracle. In these roles, Steve oversaw the development of long-term strategic plans and led sales teams in delivering growth and adoption of new and existing IT infrastructure technology.
Share This