By Francis Wainaina
2020 has been a year that will forever mark a dramatic spike in global corporate cloud adoption. Connecting employees to the cloud has been necessary to support and enable a remote working environment. According to a survey by Snow Software, 82% of information technology (IT) leaders have increased their cloud usage this year, with 60% stating that they would continue to increase their overall cloud usage in the future.
As more companies are being forced to re-evaluate their cloud strategy and investment, Gartner reports that spending on security and risk management technology is not growing as quickly as expected. This is largely due to cloud adoption, remote worker technologies and cost-saving measures.
The need for security technology
But is this really an either-or situation for the frugal chief finance officer (CFO) and if so, is it better to risk innovation or security? Forgoing one for the other can be a slippery slope for the IT security of any business that is planning for long-term growth and sustainability. Security technology is a critical part of IT infrastructure to defend against a rapidly evolving threat landscape. Gone are the days of simple firewalls and antivirus software being the length and breadth of a company’s security measures. Business leaders can no longer leave their information security to cyber security professionals alone. The protection of information is everyone’s responsibility.
The astute chief information officer (CIO) knows that cloud migration does not automatically make information more secure. It just changes the nature of those risks. Instead of worrying about the server room overheating, concerns shift to password management and data breaches.
A cloud environment is dynamic and automated. Data centres comprise computing resources that are available to support application workloads that can be accessed anywhere, anytime and from any device. But some of the principles that make cloud computing attractive (like access to data from anywhere and shared risk) run counter to traditional network security practices. The antiquated alternative to cloud computing relies on on-premise data centres that are expensive and cumbersome to maintain. It’s no wonder that businesses feel paralysed when weighing up the benefits of migrating the organisation to the cloud versus securing their information, both now and in the future.
Making informed decisions
All reputable cloud providers agree that there are at least three key requirements for securing the cloud: consistent security in physical and virtualised factors, segmented business applications using zero trust principles and centrally managed security deployments with streamlined policy updates. What this means is that the same levels of application control, misconfigured application handling and threat prevention are needed to protect both the cloud computing environment and the physical network.
The goal is to control traffic between workloads while preventing the lateral movement of threats. The selected solution must be capable of spanning physical and virtual environments through a consistent policy management and enforcement framework and should include features that automate security policy updates.
Finding the middle ground
So how do CIOs minimise costs and maximise security, all while supporting their employees with innovative and responsive infrastructure? The answer lies in hybrid digital infrastructure. This is essentially a mix of public and private cloud services that enable companies to take advantage of the infrastructure, platform and software as a service (SaaS) applications on the cloud, while keeping sensitive data within private domains. A hybrid solution allows companies to reap the benefits of being on the cloud and mitigate security risk.
When considering a potential new cloud provider and security partner, CIOs should start the filtration process by assessing who offers a comprehensive built-in cloud-based security service for remote locations and mobile users, with a host of proven cloud solutions catering for the needs of small businesses and large corporates alike.
The writer is the senior product manager at Seacom East Africa