Select Page

The widespread adoption of cloud capabilities is now well into its second decade. In that time, both the drivers and the practicality of transformation to the cloud has been described, proven, and accepted, with 69% of organizations investing to move the majority of their IT portfolio to the cloud[1]. These moves include re-platforming existing apps to the cloud, rearchitecting legacy applications to capitalize on cloud capabilities, and a strategic shift to delivering new services exclusively through the cloud.

These migrations are driven by three common business goals[2]:

  • Improved/Unified security and data protection
  • Data modernization
  • IT cost and performance improvements

While security may top the list of expected benefits of cloud transformation, it remains an area of substantial concern. In a recent survey, 93% of organizations were “moderately to extremely concerned” about the security of the public cloud.[3] Compounding the importance of security considerations in cloud transformation is the evolution and widespread adoption of cloud-based security services. The cloud is well-suited to the high-volume, multi-source, characteristics of security data and leading MSSP and MDR providers (Alert Logic, among others) have leveraged the scalability and flexibility of the cloud to deliver protection for both cloud-based and on-premises services.

Security Considerations are Key

As a result, it’s clear that the success of any material cloud transformation will be significantly impacted by security considerations. As organizations plan for these moves, it’s critical to set expectations and measures for security and to consider the optimal means of satisfying these needs.

Top 3 Common Challenges

These are the most common challenges to consider, along with their impacts:

1. Misconfiguration of Cloud Assets

Whether talking about overly permissioned roles or under-protected data, the new granularity of cloud-based authorization and access control has created potential exposure for cloud adopters. According to available data[4], a majority of organizations experience multiple misconfiguration exposures, and a significant majority of those exposures are never internally discovered by the organization.

2. Cloud Security Knowledge Gap

The adoption of cloud technologies has rapidly outpaced the ability for security teams to integrate cloud security into their skillset. Security within the cloud is not a native strength in internal application development teams. As a result, the services themselves risk architectural and operational exposures.

3. Cloud Event and Asset Visibility

Security management and reporting relies on access to service, system, and authentication information. The complexity, variety of information providers and tools within the cloud ecosystem creates a compelling problem when combined with the scale of cloud data creation and its heterogeneity. Without this information, security management, incident response, reporting, and compliance are all meaningfully impaired.

Overcoming Common Challenges

Addressing these challenges requires prioritization of security concerns both during transformation planning and in the execution and operation of that transformation. Given the technical breadth of these issues and their relative newness, organizations should be looking to augment their internal resources with more experienced and informed partners who can apply lessons learned to simplify and optimize security during and after a smooth migration.

Learn More

Watch the on-demand webinar, Securing the Success of Your Cloud Transformation, where I talk with Jonathan LaCour, CTO at Mission Cloud, and AWS premier consulting partner, about the lessons his firm has learned in hundreds of these transformations, and his recommendations for capitalizing on that experience.

The cloud is here and more and more of our critical services are finding deployment there. Securing that transformation and continuing to deliver on that promise will require thoughtful effort, but will ensure continued value, accessibility, and savings from those investments.

 

[1] Harvard Business Review Analytic Services | The State of Cloud-Driven Transformation

[2] Deloitte Insights

[3] Bitglass 2020 Cloud Security Report

[4] IBM securityintelligence.com

Jack Danahy
About the Author
Jack Danahy

Jack Danahy is an innovative security technology leader with proven success creating, delivering, and promoting new security technologies and practices to address critical needs. He has founded and co-founded three successful security companies, holding CEO and CTO roles. Most recently, he was CTO at Barkly and previously at Qiave Technologies (acquired by WatchGuard Technologies in 2000) and Ounce Labs (acquired by IBM in 2009). He is a frequent writer and speaker on security and security issues and has received multiple patents in a variety of security technologies. Prior to founding Barkly, Danahy was the Director of Advanced Security for IBM, and led the delivery of security services for IBM in North America.

Related Post

Ready to protect your company with Alert Logic MDR?