Quantifying the Velocity of Digital Transformation

Everyone talks about the growth of cloud computing. Typically, revenue growth for cloud vendors has been used to demonstrate the explosion of cloud computing. Gartner has tracked the growth of cloud.  In an October 2020 report, the analyst firm wrote, “Worldwide, public cloud services will see modest growth of 6.1% in 2020, but will rebound with a four-year CAGR of 18.8% in 2021-2024. The proportion of IT spending that is shifting to cloud will accelerate in the aftermath of the COVID-19 crisis as CIOs invest in anticipation of returning growth.” Before COVID, growth in cloud, according to the same report was 24.7%.

However, what about the other side of the coin—customers? While cloud providers represent a fair metric, the true measure of cloud growth—and a better proxy to quantify the velocity of digital transformation—is the growth in cloud services. 

Expanse, which protects around 10% of the overall Internet, asked: How many new cloud services are added per day? Our research resulted in two major findings:

Finding #1: On average, companies add 3.5 new publicly accessible cloud services per day—nearly 1300 per year.  At the high end, one customer added 693 new publicly accessible cloud services in a single day.

To be clear, we only counted net new business services of organizations available in public cloud providers—not updates or redeploys of their existing cloud-based business services—that are externally accessible. Clearly, our findings show that enterprises are moving to the cloud fast.  However, in our customer interactions, tracking true cloud inventory has proven challenging at best. Many think cloud service provision is performed centrally—not correct.  All you need is a credit card and valid corporate email address to start a development, subdivision or other rogue instance. In fact, many new cloud services were provisioned on weekends.

Finding #2: On average, companies use infrastructure from five different cloud providers.

For a long time, IT professionals equated cloud with AWS and Azure with an occasional GCP instance.  Today, the volume of cloud providers in use by most enterprises is five. The ease of getting a cloud service up and running is not only easy, but the breadth of options is extremely wide. A big issue: many security vendors only focus on the big two, AWS and Azure.  For this reason, many IT and security professionals face a tough truth. You probably have at least twice as many cloud providers than you think.

The velocity of digital transformation is indeed rapid. The implication for cybersecurity:

  • Do you know your actual cloud instance inventory?
  • Can you provision new cloud instances with needed security controls?
  • What processes and technology do you use to detect new cloud accounts that are created outside of your approved accounts?

Read more about how to gain clear visibility into Internet communications, identifying enterprise policy violations, real-time remediation, and network device configuration in our white paper.