With 89 per cent of organisations saying digital transformation is key to delivering their business strategy they see a need to move to the cloud to achieve this.
But I talk to lots of customers who say that security concerns are holding them back from making the move; that cloud adoption introduces new vulnerabilities; that they would be moving large amounts of data to the cloud without truly understanding the security implications. There is worry about the increasing amount of critical corporate assets connected to public internet infrastructure as well as the consideration of whether they have the right mix of security skills across their teams.
This needn’t be the case. By integrating the right security architecture at the centre of your approach, you can protect crucial assets no matter where you have them located.
Security should be seen as an enabler to support your cloud migration, something integral to your cloud plans, not a separate work stream or standalone function. You’ll need to invest in security as part of that cloud planning. If you do, you can lift the barriers and securely deliver your organisation’s agenda.
Here are some security considerations you need to think about as part of your planning:
Moving to the cloud does change your security perimeter. You are no longer just protecting the organisation’s core network. To get the best from the cloud you’ll be using apps and services that sit outside your traditional security boundaries and that have the momentum to grow quickly. You’ll need to adopt a holistic approach to securely connect users wherever they are, protecting the endpoints. This is moving away from the traditional split between network, application and end-user security to a new cloud view.
On the one hand the cloud gives you scale, speed and flexibility like never before and the opportunity to truly deliver the benefits of digital transformation. On the other, it can also amplify mistakes and expose your business to cyber-attacks, compliance issues and shadow IT, if not approached in an integrated way. So you need to protect the entire estate, on premise or in the cloud, to ensure that all your cloud services are covered. This will help avoid the fines and bad PR that have recently impacted organisations whether small domestic or global, around GDPR and other data regulations.
You still need to get the basics right. In the new world of cloud you’ll continue with your traditional security practices. These include quantifying and addressing digital risk to protect data, applications, and connections against new threats while remaining compliant.
This changing environment means you need your IT staff to have the right skills that can stretch across security, as well as networks and data centres. These skills are hard to find and even harder to retain, which leads to a consideration of a hybrid approach to outsourcing appropriate managed services for security, freeing up your internal skillset to focus on core business areas.
And for me, security needs to be a concern across the whole organisation, not just the remit of the IT department. Everyone needs to play their part, to stop shadow IT and ensure data breaches don’t happen.
Working with the right security partner can help organisations like yours make the most of moving to the cloud in a secure way. At BT, we have the experience of protecting our own network, that of nation states and key national infrastructure in the UK. So we are uniquely positioned to understand the risks and benefits moving to the cloud can bring.
Find out more about how you can gain the right skills and tools to secure the cloud.