The enterprise cloud is hailed as the engine of the new digital economy, an innovation accelerator and the driving enabler of digital transformation in every industry and every region of the world. And rightly so.
But there’s a troublesome little secret inextricably tied to all that growth and dynamism: as the cloud proliferates rapidly into every corner of business operations, it also forces organizations to completely reimagine their approach to cybersecurity.
If a global retailer adopts three different SaaS providers for HR, ERP, and CRM, that retailer then also takes on full responsibility for understanding and assimilating three different sets of security policies, technologies, protocols and processes.
In fact, a recent study commissioned by RSA® revealed that 54% of respondents said their top cybersecurity concern is their increased reliance on cloud-based applications and data.
That challenge becomes even more pronounced with the widespread trend toward transformation: the same study showed that 51% of respondents said their top transformation priority is to migrate to cloud-hosted infrastructure.
And then there’s the runaway momentum toward hybrid cloud, which is a blend of public cloud and private cloud in all their various permutations, with every version having its own cybersecurity requirements.
To make things still more challenging, some businesses have the mistaken belief that when they move some of their workloads or their data into the cloud, they’re also offloading all the related security and risk-management responsibilities as well—but that’s not the case.
There’s also a large range of data types, data locations, data policies, workflows, user-access policies, user ID, and corresponding devices to be factored in, all of which are being disrupted and revised as the cloud moves in.
While this IT transformation is ongoing, cybercriminals get smarter and more aggressive deploying increasingly sophisticated technologies, approaches and schemes for accessing cloud environments.
Clearly, the traditional cybersecurity approach from the world of on-premises computing, meant to lock down their very tangible data centers, won’t work in the cloud. Instead of physical boxes and wires that can be isolated, everything in the cloud is abstracted: command-line instructions, API calls, scripts and more.
So, amid this highly disruptive enterprise-cloud phenomenon, what’s the right approach for establishing and maintaining world-class cybersecurity?
In today’s data-intensive and increasingly cloud-based world of digital business, it’s important to have an approach centered not so much on rapidly evolving and shifting technology, but rather on the business itself. In doing so, an organization will have the ability to step back and take a high-level view of their entire business and technology landscape so they can identify, understand, prioritize and effectively deal with risks.
To break this approach down further, organizations need to start with visibility and monitoring capabilities across Endpoint, Network, Cloud and individual, which allows you to identify risks, the criticality of the risks and ultimately the context needed for how to best eradicate the risks.
Once visibility is established, it is time to analyze next steps. Whether the vulnerabilities come from threats, malware or the rapid spread of new cloud technologies, businesses need to be able to pull all the related data into a central repository. And that collection must include everything from across the business and IT landscape: Azure, AWS, Salesforce apps, Oracle databases, on-premises SAP workloads, Workday apps, and so on. At this point, AI-powered analytics engines can churn through all the data and prioritize which risks to eliminate first and recommend the most-effective ways to do that.
By following this approach, security and risk teams have the tools needed to give executives a better understanding of what’s going on across the company, to evaluate and rank which risks are greatest, and begin to deploy resources instantly to address the greatest dangers to the business. Without such an approach, the business lurches from one cybersecurity fire-drill to the next, never quite sure how serious it is or could be, and unable to view that risk in the context of their end-to-end business.
With cloud IT adoption rapidly expanding, it’s not reasonable to suggest that business leaders try to solve the cloud-related cybersecurity problem by simply decreeing, “no more cloud for this company.”
Cloud is a means to an end, and not the end itself. It can help drive business innovation, growth, and success. So, the security challenges relating to cloud must be balanced with the company’s overall security strategy so that business leaders can understand the risks, and then deal with each actively and effectively.
And here in the era of cloud-powered digital transformation, it’s why more companies should be turning to a business-driven approach for security.
This post was sponsored by RSA, but the opinions do not necessarily represent RSA's positions or strategies.
Bob Evans writes about digital business, innovation and strategy as the founder and editor of Cloud Wars. Follow him on Twitter at @bobevansIT.