Migration to the cloud

Around October, I had the privilege of speaking at five conferences/webinars on cloud and infrastructure security as part of cybersecurity awareness month, including one as part of the Financial Times Digital Dialogues Series. These are no doubt a reflection of how far the industry has moved in terms of leveraging the public cloud for enterprise assets and resources. The COVID-19 pandemic removed barriers to cloud adoption and accelerated activities, including for highly regulated industries with large on-prem/private cloud infrastructure. In response to a public health crisis and organizations needed to pivot quickly to keep everyone safe, whilst maintaining corporate operations.

As public cloud vendors are designed to provide resources to multiple organizations, they can implement more extensive infrastructure and resources to support a distributed workforce, as opposed to a hub and spoke model traditionally seen in large enterprises. The business and operational requirements accelerated investment cases and approvals for most organizations to move assets into the public cloud. Due to the speed of the pandemic, careful planning to leverage the power of the cloud and the full suite of tools it offers was not possible for many and a ‘lift and shift’ approach was deployed. This often-resulted in inefficient use of cloud resources and security controls, with some organizations retrospectively trying to refactor and re-engineer their assets and resources to optimize cloud and security controls. It is no coincidence that the market has seen demand for individuals with cloud and cloud security skills skyrocket, which is also reflected in the number of conversations at conferences.

As early adopters, from the likes of retailers and start-ups would tell you, the cloud is incredibly responsive to changes and demand for resources. Whilst early conversations for the cloud centered around cost reductions, the pandemic has highlighted core cloud values, which are flexibility and agility to change, in addition to more granular security controls for distributed workforces. The pandemic focused the Boards’ minds on how quickly things can change and how being able to respond to change able environments will be critical for an organization’s long-term presence in the market.

One of the often-cited concerns around public cloud assets involve cybersecurity and system controls on public clouds which are multi-tenanted in nature. In fact, even for highly classified information from government organizations, the use of multi-tenanted infrastructure and systems has occurred for a decade. In 2012, I was one the network engineers onsite to deploy new infrastructure and platforms for UK Cloud which provide cloud services to the UK Government. Indeed, the UK government has been pushing for a cloud first policy internally and has published guidance online:

https://www.gov.uk/guidance/government-cloud-first-policy

Ultimately, it’s about trust, specifically, whom you trust, based on the assumption of a clear delineation between internal assets and systems. Historically, organizations trust internal assets and systems more. However, even for private clouds, the line between internal and third-party can be blurred. This is especially true for specialists or operational staff, where even the largest enterprises leverage outsourced, or third-party specialists and large in-house operational management teams are becoming the exception rather than the norm.

Regardless of whether you have a physical data center or leveraging public cloud services, technical controls, including centralized access control and network segmentation, should be used in combination with mature governance for people and processes. The public cloud is simply a data center someone else owns, the type of security controls and best practices are the same.

Organizations which experienced the greatest impacts post system breach often involved relatively poor security posture, as opposed to whether assets reside in a private cloud or public cloud. Indeed, as public clouds are multi-tenanted systems, operational controls are granular, which is supported by modern infrastructure. Education helped to allay concerns, including those surrounding security. And business and operational necessity as we seen in the pandemic, accelerated public cloud adoption for many organizations.

Public cloud comes in a variety of ‘flavors’, all of which have the acronym ‘as-a-Service’, with a prefix, ‘infrastructure’, ‘platform’ and ‘software’, that is dependent on system management responsibilities of the assets. For every ‘flavor’, access control is a shared responsibility between the cloud vendor and end-user organization. Just as the public cloud is not inherently insecure, having assets on the public cloud does not absolve an organization from ensuring information and assets are appropriately protected. As a senior security advisor and fellow panelist for a large multi-national stated at the Financial Times webinar, ‘you can’t outsource your reputation!’.

Share

Related

Rolling the Fintech Wheel

To this date, we have seen plenty of discussions...

Bringing the Best of Mobile Technology into a More Gettable Price Point

NUU, a leader in mobile technology, has officially announced...

Stilt Raises $114 Million in Equity & Debt; Plans on Foraying into B2B Segment

One of the greatest strengths in our tank is...

The Feds are Looking: What Compliance Needs to Know About the Justice Department’s Review Business

You’re driving down the road using Waze as your...

Food and Much More

When we made the decision to invest our resources...

Technology Adoption Spurs in insurance industry Amidst Pandemic

During the Covid-19 insurers have dramatically increased their use...

Giving Your Driving Experience a Different Groove

When it comes to valuable traits, human beings have...

Playing the Subscription Game

The trickiest part of a human life really revolves...

Cyber Culture Eats Cyber Strategy for Breakfast

IT professionals around the world have some thorough and...

5 Mandatory Features every Pharmacy Management System should have

Pharmacy management systems happen to be one technology that...

Latest

No posts to display

No posts to display