The last decade has seen cloud shift from a basic storage solution to a sophisticated ecosystem of solutions supporting digital enterprises. Organizations are at different stages on their journeys to the cloud, battling challenges with legacy architecture, data localization requirements, client and regulatory expectations. For many organizations, the end goal of moving to the cloud is to increase digital agility and scalability, ideally at a reduced cost.
The move to the cloud during COVID-19
The COVID-19 pandemic has underlined the need for a clear strategic vision when it comes to cloud transformation. However, it did prove cloud environments’ ability to scale at speed and offer flexibility during uncertain working conditions.
Almost overnight, organizations deployed new remote working models that required major bandwidth and capacity upgrades to cloud infrastructure. Many organizations have rolled out new Software as a Service (SaaS) based collaboration tooling (e.g. Microsoft Teams). At the same time, product teams began fielding new applications to enable both internal and customer service needs.
The pandemic has also underlined other business drivers for migration to cloud solutions and infrastructure, as businesses facing financial squeezes, are increasingly pressured to reduce their digital infrastructure costs.
Product and data security, now part of your brand
Over the last few years, another trend has resolved in the market — in the wake of a surge of cyber-attacks and data breaches, consumers’ trust in organizations is becoming increasingly tied to their digital resilience. Product and data security, like it or not, is now a part of your organization’s brand. Can you safeguard your customers’ data and handle it in line with regulatory requirements? Can you keep them secure when using your products and services? And can you ensure the availability of your critical services, and recover them if they’re brought down?
Answering “yes” to those questions can be harder now than it ever was. It’s true that major cloud service providers offer a formidable array of cyber controls and defenses — but these need to be carefully tailored to an organization’s processes before they can be effective. And in the rush to set up for remote working, many businesses didn’t have time for that, leaving open new attack surfaces which organized crime groups were only too happy to exploit at scale and pace.
The rise of shadow cloud
The pandemic has also caused a rise in the use of shadow cloud applications — cloud applications and services employed by business units sometimes without the security team’s knowledge, raising concerns over misconfiguration, vulnerabilities and lack of enterprise controls.
Security teams are now having to retroactively review the infrastructure set up to cope with the pandemic to address the security deficit.
Five key questions for the security team in the new cloud reality
Security leadership also should think longer term, doing their best to avoid the false sense of security that comes with modern cloud services . In the post-pandemic cloud reality, the security team should answer a few key questions:
- How do we make sure the cloud-based applications we deploy to our customers are secure by design?
- How do we embed security seamlessly in software development operations (“DevOps”), without getting in the way of business deadlines?
- How do we tailor the features of cloud-based enterprise solutions to keep the threat landscape at bay efficiently?
- How do we adapt cyber incident response measures to defend against the new array of high-volume, commoditized cyber-attacks that come with the cloud?
- And how do we do all of that without the cost of security going through the roof?
In our recent Cyber Matters series, we explored the challenges around cloud-based email, shadow cloud and cloud application misconfiguration, as well as the way security in DevOps has to adapt to the cloud environment. For those grappling with the complexities of cloud security governances, these articles can offer clarity and guide your approach with practical recommendations and considerations.