By Stephen Horvath, President, Technical Solutions; Hugh Barrett, Vice-President, Technical Solutions, Telos; John Nicely, Principal Program Manager, Microsoft, Stephanie Hung, Senior Vice President / Head, Cloud Business, ST Engineering
It is clear by now that cloud technology has upended the tech sector. This has been highlighted by COVID-19, which has seen the cloud play a vital role in ensuring workplaces continue to run smoothly.
Cloud computing has taken centre stage in the midst of the global pandemic as it helps companies go online and expand, as well as improve live cooperation and communication.
But before rushing to ride the cloud, companies should take heed of two considerations: How to choose a cloud provider and how to maintain good security to protect your precious data.
Cut through the fog
You can never spend enough time choosing the right service provider. Learn as much as you can – both technically and strategically – about what you are trying to accomplish with the cloud.
A common misperception is that it is simply about dragging and dropping files onto the cloud. Instead, it is a complex migration process that requires one to look under the hood.
Re-engineer the cloud service to maximise its advantages and unlock availability and scalability. For instance, you could tweak the number of users, scale up or down, pay less for reduced usage and so on.
Moving to the cloud is also about reducing the pain in transitioning. Ensure the provider’s compliance with your corporate policies right from the start to prevent bumps along the way, while also checking that it has adequate support and staff to help you on the journey.
Instead of moving things across lock, stock and barrel, it is also critical to consider that it is a different nomenclature altogether and your configurations make all the difference between success and failure.
Simply put, compliance is ensuring that certain configurations stay the way they are supposed to and, at the end of the day, people can access only what they are allowed to. Whichever cloud provider you use, make sure it meets the security standards of your corporate policies.
For example, Microsoft’s Azure Policy helps enforce organisational standards and assess compliance at scale. The Azure Security Centre, a single security management system, manages and enforces security policies from just one User Interface (UI).
Danger can strike anytime, anywhere
Data stored on premise is easily safeguarded. It can be fenced up through firewalls or other access controls, and there is absolute control over what comes in and goes out. However, with the cloud’s ubiquity, convenience and access come less defined boundaries.
The days of worrying about security based on a static checklist are gone. Now, you need to look and relook live data, to receive real-time risk insights and ensure compliance on an ongoing basis.
The defender has to protect the information in a thousand different ways, making sure the system is as foolproof as can be, while the hacker just has to find that one single vulnerability.
This is why harnessing all the information available will put you in good stead when guarding against attacks. This can be done through the Application Programming Interface (APIs), which helps you take a good data analytic approach and leverage data analytic capabilities to manage vulnerabilities.
Of course, many companies now have a hybrid multi-cloud strategy – picking the best suite of features from an array of cloud services. One example is computing in one cloud while storing in another, which plenty of Silicon Valley companies do. But with this comes the complication of securing data in a multi-cloud storage.
You also have to understand the capabilities and offerings under each cloud, and know the shared responsibility model for them all. You need to identify the different standards when creating your risk posture.
Some questions to consider: Is it a particular service where you can encrypt the data with your own keys, or a multi-tenant approach where data is collated?
As you mull over these questions and consider your organisation’s cloud requirements, it is also vital to make sure that the cloud provider you choose matches your corporate risk tolerance.
It is also not necessary to upload everything on the cloud, as some information and processes can remain on prem (on-premises software is installed locally on a company’s own computers and servers).
There are plenty of horror stories about lost private data, as using a cloud system comes with its share of risks. But in a world that is inevitably going digital, you and your company have to figure out how to mitigate the dangers or risk being left behind.
It is good to protect yourself against lightning strikes, even as you ascend to the cloud.