The widespread adoption of cloud capabilities is now well into its second decade. In that time, both the drivers and the practicality of transformation to the cloud has been described, proven, and accepted, with 69% of organizations investing to move the majority of their IT portfolio to the cloud. These moves include re-platforming existing apps to the cloud, rearchitecting legacy applications to capitalize on cloud capabilities, and a strategic shift to delivering new services exclusively through the cloud.
These migrations are driven by three common business goals:
- Improved/Unified security and data protection
- Data modernization
- IT cost and performance improvements
While security may top the list of expected benefits of cloud transformation, it remains an area of substantial concern. In a recent survey, 93% of organizations were “moderately to extremely concerned” about the security of the public cloud. Compounding the importance of security considerations in cloud transformation is the evolution and widespread adoption of cloud-based security services. The cloud is well-suited to the high-volume, multi-source, characteristics of security data and leading MSSP and MDR providers (Alert Logic, among others) have leveraged the scalability and flexibility of the cloud to deliver protection for both cloud-based and on-premises services.
Security Considerations are Key
As a result, it’s clear that the success of any material cloud transformation will be significantly impacted by security considerations. As organizations plan for these moves, it’s critical to set expectations and measures for security and to consider the optimal means of satisfying these needs.
Top 3 Common Challenges
These are the most common challenges to consider, along with their impacts:
Misconfiguration of Cloud Assets
Whether talking about overly permissioned roles or under-protected data, the new granularity of cloud-based authorization and access control has created potential exposure for cloud adopters. According to available data, a majority of organizations experience multiple misconfiguration exposures, and a significant majority of those exposures are never internally discovered by the organization.
Cloud Security Knowledge Gap
The adoption of cloud technologies has rapidly outpaced the ability for security teams to integrate cloud security into their skillset. Security within the cloud is not a native strength in internal application development teams. As a result, the services themselves risk architectural and operational exposures.
Cloud Event and Asset Visibility
Security management and reporting relies on access to service, system, and authentication information. The complexity, variety of information providers and tools within the cloud ecosystem creates a compelling problem when combined with the scale of cloud data creation and its heterogeneity. Without this information, security management, incident response, reporting, and compliance are all meaningfully impaired.
Overcoming Common Challenges
Addressing these challenges requires prioritization of security concerns both during transformation planning and in the execution and operation of that transformation. Given the technical breadth of these issues and their relative newness, organizations should be looking to augment their internal resources with more experienced and informed partners who can apply lessons learned to simplify and optimize security during and after a smooth migration.
Watch the on-demand webinar, Securing the Success of Your Cloud Transformation, where I talk with Jonathan LaCour, CTO at Mission Cloud, and AWS premier consulting partner, about the lessons his firm has learned in hundreds of these transformations, and his recommendations for capitalizing on that experience.
The cloud is here and more and more of our critical services are finding deployment there. Securing that transformation and continuing to deliver on that promise will require thoughtful effort, but will ensure continued value, accessibility, and savings from those investments.