There is a saying that people are revered when they’re horizontal, not when they’re vertical. As morbid as this sounds, it is an interesting reflection on human nature that people wait until “after the fact” to show their respect for others. Eulogies might be nice and poetic, but they don’t compare to attending to the needs of person when they are still alive.
A similar thought is resonant in the world of technology, especially with regards to security. The news abounds with companies that declare their attention to security after a breach has happened. In continuous cases of corporate mismanagement, great damage has to be done before the Board Room wakes up and realizes that in a digitized world, security is an inherent part of the company’s infrastructure. Put another way, security issues and even attacks are an inevitable part of doing business and as such, cannot be left to the forces of luck to deal with.
This is especially true in the world of the Cloud. While the Cloud offers a variety of positive elements including cost-savings, agility, flexibility, and a variety of business-friendly features, Cloud-driven IT still must pay heed to the three horsemen of IT: Security, Governance, and Compliance. Though the Cloud is powerful, it is not a silver bullet.
As organizations decide to move to the Cloud, it is necessary that they work to transform the Cloud to fit their needs. While there are common elements in all journeys to the Cloud, there are also nuances that accord to the particular business profile of each organization. This is true, too, of Security as each organization has a different set of prioritities, determining what to protect and how much to invest to ensure that the security positioning is solid.
One can imagine that Amazon.com spends a great deal to ensure its website is not hacked while a typical manufacturing company might invest more in ensuring that it’s robots and machines are protected. Just as each company’s business risk profile is different, so too should its security investment profile. But, there is one caveat: there is no such thing as a zero-investment scenario in a digital world.
Herein lies both the strength and the beauty of the cloud. Its flexibility allows each organization to manage its own journey and profile in a unique way, as long as the “constants” (the three horsemen of IT) are attended to. Planning for security is thus an integral part of Cloud transformation and, as the phrase implies, security must be dealt with in the planning phases, not as an afterthought. We want glowing praise in our lifetime, not defensive eulogies.
Planning for Security
As companies plan to move to the Cloud, they must create a nuanced plan. Which workloads should be moved first? When, if at all, do the “crown jewels” get moved to the Cloud? How should customer data and other privacy-related assets be treated versus other sorts of data and assets? What are the compliance and legal regimes in a company’s industry or geography? With each of these questions comes the security-rider. With proper execution of this plan, the journey to the Cloud can be rewarding and seamless.
Interestingly, many executives still see Cloud transformation as a monolithic and linear process. They also assume that the Cloud-vendors will “take care of security.” While these notions are understandable given much of the marketing literature put out by Cloud-companies, they are incomplete and can lead to disastrous consequences.
Each company has different hierarchies for the level of importance it places on its differing assets. If data is a source of great value, what should be done to secure it? Perhaps, the organization doesn’t collect a great deal of consumer data, or perhaps it does. Perhaps, there is an IP resident in certain systems that needs to be only judiciously moved to the Cloud. Security and value are interconnected twins; we must invest to protect those assets which are most valuable. No company wants to be “Equifaxed” (a large security breach that affected hundreds of millions of consumers and billions of dollars, the fallout of which is ongoing). Equifax jumped into action after the damage had been done. With security, timing is everything. To predict is to prevent.
The Cloud offers incredible possibilities for organizations of all sizes. It also presupposes a set of risks and questions for all organizations to ask. Foremost among them is how a company can best secure its vital assets and customer information as it seeks to digitally transform, grow, and prosper.
At Akvelon, we understand the complexities- on both sides of the coin. From Cloud business value to Cloud security, let us help you make the Cloud your home.