For businesses seeking to capitalize on the ongoing e-commerce boom, the cloud can offer a ready path to scalability, business agility and cost efficiency — but that’s not the whole story.

In a recent survey by A10 Networks and Gatepoint Research, information technology (IT) executives from firms practicing e-commerce across a wide range of industries reported numerous digital resiliency challenges and growing pains from their multi-cloud strategy. Security figured prominently among these, as the increased threat of hacking, data breaches, defacement and other high-visibility incidents put companies’ reputations at risk. Indeed, some companies have even gone so far as to shift applications from public cloud back to private data centers.

Surging traffic — and new challenges

Even in the early months of the COVID-19 pandemic, a large majority of businesses were already seeing healthy growth in e-commerce traffic, with 39% experiencing more than a 20% rise. While occasional spikes are common in the field, sparked by holidays, promotions and other transient events, more sustained growth has necessitated an evolution in application delivery strategies. Unsurprisingly, 90% of respondents reported using cloud-based provider instances for application delivery.

The growing role of the cloud has undoubtedly helped organizations accommodate rising traffic. Twenty-one percent of respondents reported experiencing service outages.

However, the use of public cloud resources can also bring headaches — especially when multiple cloud platforms are used, which is a popular strategy to achieve greater efficiency and application availability. More than half of the respondents named management complexity and cross-cloud security as key operational challenges in multi-cloud cybersecurity, with compliance, governance and centralized visibility across cloud data centers following close behind. Without a centralized point of security and control, IT teams can struggle to ensure that policies and services are consistent across diverse cloud environments.

More than two-fifths of organizations were finding it difficult to control costs — an ironic twist, given the promised economic benefits of cloud-based application delivery.

Security threats bring reputational concerns

Frequent headlines have shown that the global threat environment has become more dynamic and sophisticated, with attack surfaces more distributed and porous than ever. Correspondingly, organizations are focused on cybersecurity, and digital resiliency has increased. Among surveyed e-commerce companies, more than 25% reported web security issues, malware, ransomware or malicious code. Distributed denial of service (DDoS) attacks continued to be seen as a critical issue as well — even after the substantial increase in DDoS defense investments following the emergence of the Mirai botnet back in 2016.

Most concerning to e-commerce companies were threats that might impact their public image or alienate consumers, with 62% citing hacking or cyber defacement as top worries and 49% naming brand damage or loss of customer confidence. Threats to user data can be especially damaging, drawing the wrong kind of scrutiny from not only users, but regulators and investors as well. More than half of respondents cited phishing, fake sites and user data theft as top concerns.

Adapting for the present and investing in the future

The criteria guiding cybersecurity investments before and during the pandemic show the role of technology in meeting shifting priorities over time. Before the pandemic, the main drivers for new purchases included such growth-oriented considerations as potential business advantage (51%) and faster application development, along with the perennial focus on lower total cost of ownership (48%). With the outbreak of the pandemic, operational and budget concerns quickly rose to be top of mind, with cost savings cited by more than four-fifths of respondents and improving operations by nearly three-fourths. As the pandemic eventually begins to ebb, businesses may well see a turn back to growth-oriented priorities.

At the same time, the distinction between growth and operational optimization isn’t always black and white. Along with multi-cloud infrastructures, trends such as automation, artificial intelligence, machine learning and DevOps are helping e-commerce companies both drive efficiencies and accelerate innovation. In this light, these are likely to be important criteria for many major investments moving forward regardless of the epidemiological and economic outlook.

Investments designed to ease the challenges around multi-cloud environments will be a priority as well, with simpler, more consistent application delivery essential to ensuring high-quality experiences for customers while easing the burden on IT operations. Asked what capabilities they needed in an application delivery controller (ADC) to manage these environments more effectively, 60% of respondents cited centralized management and analytics, followed by consistent application delivery and security (53%) and efficient automation (46%). Disaster recovery, elastic scaling, as well as flexible licensing and pricing received frequent mention as well, showing the need to ensure resiliency and flexibility in the face of unexpected events and shifting business trends.

Holistic approach to support digital resiliency

In summary, the survey results show an evolving environment that needs a holistic approach to today’s technology and security landscape. Driving digital resiliency and overall user experience for e-commerce users is challenging in this expanded multi-cloud world, especially when these diverse cloud systems are being run by the same under-resourced operations teams tasked to do more with less, while facing more complex threats and a larger attack surface.

However, the outlook is not bleak. Respondents show modern cybersecurity operations are adapting to employ newer approaches that drive consistent policy and operational solutions and aim to ensure the required digital resiliency that foregrounds security and user experience.