Judging by the number of businesses that have accelerated their migration plans to cope with the pandemic, I think so. Recently, it’s not been unusual to see customers executing cloud migration projects in just three weeks, rather than a more typical 18 months.
I’m talking to lots of customers who’ve had to make rapid shifts to the cloud without the time to fully consider the security implications. When the pandemic hit, the pressure was on to get the job done as quickly as possible, and this involved lots of workarounds and compromises. They didn’t have time to do impact assessments and sometimes even had to relax or even remove security controls to address capacity constraints brought on by the break-neck shift to remote working.
Businesses that would normally only allow access to a cloud service via a company laptop suddenly had to allow access via personal devices, because all the company hardware was stuck in the office. And businesses that only wanted employees to access the corporate network through a VPN had to allow access via the cloud because they just didn’t have enough VPN capacity.
Now though, the initial move is complete. It’s time to take a breath and make sure they’re shaping their security to fit their new IT architecture, plugging any vulnerabilities created accidentally. Do they have the right security controls, policies and cybersecurity architectures that they need?
When talking to customers, I recommend they start by establishing where their physical assets and corporate data are located. Then it’s sensible to review any policy changes made to firewalls before assessing the specific threats their business faces. No one has the budget to invest in security for the sake of it, so it’s important to be able to identify and prioritise the most vulnerable areas. Businesses can do this by using threat intelligence information that looks at what might affect vertical markets and specific geographical regions. By combining this insight with an assessment of their security architecture, organisations can pinpoint where to invest and make a case to the finance team.
A security-led investment strategy
What’s really struck me is how the pandemic has changed the focus of cloud strategies. I’m finding that investment decisions are becoming security-led rather than IT-led. Cost has been less of a factor in the short term, although I suspect, given the current economic climate, that there will be renewed focus to make sure that any long-term investment is as cost efficient as possible. In fact, as companies realise the economic benefits of outsourcing to managed cloud providers, I think they’ll also consider outsourcing more of the day to day management of their wider security solutions to managed security service providers.
If you’d like to find out more about how to shape your cloud strategy, listen to our webinar or get in touch.