Hey there, it’s your survey analysis pal: me! O’Reilly recently published its 2021 cloud survey, and it’s got some great insights into cloud usage, migration, and strategy. Here are three things I thought I’d look at more deeply:
-
Across industries, organizations are using multiple clouds in a very real way.
-
Organizations seem too ambitious about the number of applications they’ll be able to move to the cloud in the next year.
-
Security is an interesting, now often discussed type of cloud lock-in.
Cloud by industry
For me, the most interesting findings are on cloud usage in each industry. The main takeaway is that every industry uses public cloud and that there’s a high amount of use across industries, as shown in this chart:
From our partners:
Source: O’Reilly Cloud Adoption 2021 Report
I’m not sure if “cloud” here means public cloud or private cloud, so we’ll assume that it can mean both, with people likely swaying more towards public cloud.
Equally interesting is which public cloud each industry tends to favor. This diagram shows provider usage by industry:
Source: O’Reilly Cloud Adoption 2021 Report
First, as shown in the rest of the survey results, the ranking of public cloud providers is the same as it’s been every year for as long as I can remember: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. Here, respondents could pick more than one answer. Azure edges out AWS in two categories, most notably government.
Source: O’Reilly Cloud Adoption 2021 Report
Second, as the chart above shows, the survey results show how real “multi-cloud” is across industries. Respondents could pick more than one cloud, naturally, so what that can imply here is that many organizations are using multiple cloud providers.
Source: O’Reilly Cloud Adoption 2021 Report
I’m biased here, but this demonstrates why we’re focusing on multi-cloud so much at VMware. As is the nature of heterogeneous IT, organizations will have “lots of everything” to manage and that is complicated. A recent benchmark study of more than 2,500 organizations shows that the more clouds are used, the more organizations struggle with multi-cloud. If not properly groomed and managed over your portfolio’s lifetime, you end up with legacy apps and services that slow down new innovation. However, if you manage the portfolio well with a common ops approach (think site reliability engineering, or SRE), set of tools, and platform, you can take advantage of the best-of-breed services across clouds, including the on-premises services you depend on.
Overly optimistic about modernizing
Most respondents said that their organization was taking a cloud-first approach for new applications. To aggregate the numbers in the chart, here, only 15 percent of people were “cloud second”…or straight-up “cloud not.” This desire to run applications in the public cloud fits with what I’ve heard from large organizations over the years, and I think it matches what we’d all expect in 2021.
That’s just new apps, though. I don’t have an estimate or survey on-hand to validate it, but my theory is that the majority of apps running in the world are traditional, on-premises apps. Indeed, as we saw in the cloud technology usage responses above, once you combine private and on-premises, it starts to feel like most apps in the world are not running on the public cloud. To follow that cloud-first mandate, many of those apps need to be modernized.
Modernizing a typical enterprise’s app portfolio is a huge task. I’ve been lucky to talk with people about this over the years, and what I’ve learned is to set the right expectations. Namely, that it won’t happen all at once, in the first year, or maybe even the second. Our Tanzu Labs modernization practice follows this principle by prioritizing apps to modernize based on business need and value, in addition to technical complexity. Typically, these teams target 6 to 10 weeks to modernize an app or service, which is quick for most organizations. You can hear an example of that in this overview from Air France KLM:
I bring all this up because, as I was reading the survey report, the one thing that made me crumple up my nose and say “oh boy…” were numbers around how many applications respondents are planning on moving to cloud next year:
Almost half (48%) said they plan to migrate 50% or more of their applications to the cloud in the coming year; the largest group (20%) said they plan to migrate 100% of their applications. (We wonder if, for many of these respondents, a migration was already in progress.) 16% said they plan to migrate 25% of their applications. 36% answered “not applicable.”
If you have a small application portfolio, these aspirations might be achievable, especially if those apps have little integration and dependency on older back-office services. But, once you cross a certain threshold of apps, your expectations around the rate of modernization have to be tempered. For example, take the rate of 6 weeks to modernize an application. If you have one team, that means they can modernize 8 to 9 apps in a year, but that assumes minimal vacation: maybe not two weeks off for the holidays, spring break, and definitely no summer vacation. Let’s say you had 10 teams, then you could do 90 apps in a year. Keep in mind, though, that most organizations start small, with just one or two teams as they learn not only new coding techniques and do the actual modernizing of apps, but also as they learn to use new platforms, the clouds they’re moving towards. Also, typically, these “apps” are just slices of other applications: the payment system, the warehouse search app, the curbside return app.
Be careful about these kinds of estimates. Especially for larger, older organizations, thinking you’re going to migrate 100 percent of apps in a year is, to use a technical term, not cool.
Security as a type of lock-in
The responses around compliance and security are especially interesting. For example, security was the top barrier to moving applications between clouds. Security is an interesting type of lock-in that I haven’t really thought about before, but it makes total sense. After the security team has spent all that time learning about the new cloud platform, the new way applications are written and run, and to build out their policy…then you move to a different cloud and the process starts over again. More meetings!
The other top barrier to moving applications between clouds is what you’d expect: the ability for applications to be fully portable.
In both cases, targeting a common platform or layer, regardless of which cloud or where the app is running, is one lock-in management tactic. If you’re moving an application between two different infrastructure stacks, there’s certainly no way to avoid doing a round of security auditing, but at least you’ll have less to look at because you already trust the common platform layer. This was a great lesson learned from the US Air Force, which was able to reduce post-development audit time from 10 months to a week because they used a platform layer.
So, you can see how “DevSecOps” becomes an important part of your multi-cloud capabilities.
The rest
I’ve only picked out the topics that interested me, but there’s more I haven’t covered. For example, reasons organizations are not using public cloud, the types of cloud programs and goals organizations have, and other topics. Check out the full survey for all of those. And, if you’re into surveys, comparing the results in the O’Reilly one to our State of Kubernetes survey is fun as well.
By MICHAEL COTÉ
Source VMware Tanzu
For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!
Our humans need coffee too! Your support is highly appreciated, thank you!