Security is an issue
Addressing evolving cybersecurity threats through a strategic approach to cloud
Organizations continue to worry about the security of their data in the cloud and potential cyberattacks that could compromise sensitive customer information. In one study by AMS, 95% of organizations admitted to being concerned about cloud security.5 Data leakage, data privacy and accidental credential disclosures were all concerns.
Case in point: a large public company was looking to drive a major cloud transformation to Azure. They were keen to ensure that data, compute, network and storage services had the same underlying architecture and multi-layer protection with native and third-party tools. Using those tools to classify, label and protect data wherever it was located was also a priority. To make that happen, we used the Collibra data governance platform to profile, classify and decide which data elements needed to be protected. We also implemented a data protection capability that enabled the company to mask and/or redact sensitive personally identifiable information data in DataBricks and in the data visualization layer (PowerBI).
This strategy helped gate the graduate data migration through the same mechanism. It also allowed us to vet security and privacy protection before data was loaded, analyzed and ultimately consumed. We were then able to implement an Azure security baseline and DataBricks security recommendation to safeguard data secrecy and privacy.
All of this matters to end users, who need to trust an institution’s platforms. Now, they can work with and operate within the institution’s environment securely. Putting humans at the centre of the cloud approach means always thinking about security through the end users’ lens.
Cost considerations are ever present
Doing more with less to continue building cloud momentum
Moving to the cloud requires upfront investments in hardware and software licences, as well as ongoing costs for maintenance, support and staff training. That can add up quickly for large organizations.
To that end, clearly articulating cloud benefits can help generate the kind of enterprise-wide buy-in that drives broad adoption and outcomes. Thorough strategy conversations that dig into the business case for cloud can spark progress. Different business users will have varying degrees of understanding where cloud is concerned. Close those gaps now to build application owners’ trust in what the program — and its intended benefits — could ultimately look like.
Developing a cloud migration plan with user-specific benefits in mind is part and parcel of this process. A well-defined cloud migration plan both draws a clear roadmap for migration and identifies upfront costs associated with moving to the cloud. That allows organizations to plan for the necessary investments, prioritize migration activities based on business needs and manage costs by regularly monitoring cloud usage, cost optimization and cost allocation to specific departments or projects.
Last but not least, make use of cloud provider support to manage cloud infrastructure and optimize costs. This reduces the burden on internal IT staff every step of the way.
Regulations are in flux
Understanding the regulatory landscape, and adapting cloud effectively
Heavily regulated industries must comply with strict regulations that may not be compatible with cloud computing systems. Evolving regulations are complex, causing questions and uncertainty about how to comply and govern effectively.
Case in point: a major bank wanted to automate cloud security posturing using cloud-native capabilities in Azure and AWS, while ensuring that the policies would be reliable and produce the required outcomes by dual-stage testing. The bank had supporting structure in in Azure and AWS and wanted to make sure cloud control objectives were met regardless of the technology or cloud environment used, all while remaining compliant with industry leading practices.
To get there, we analyzed more than 200 cloud security control requirements and developed policy logic to evaluate whether the control for a given resource was met — or not. We created more than 150 additional policies over two phases using HashiCorp Sentinel, Azure Policy and AWS Config with lambda functions to enforce the controls. Additional phases followed.
These measures established practices for continuous integration/continuous deployment (CI/CD) and Git-controlled development while exploring flexible coding mechanisms like parameter injection.
Each of these steps forward helped the bank bake in flexible coding mechanisms that made it easier to navigate the shifting regulatory environment. This human-centred approach to maximizing the cloud can be helpful for any business, operating in any regulated environment.
Data sovereignty must be addressed
Keeping data within Canadian borders, and safeguarding it well
Companies want to ensure customer data remains stored within Canada’s borders, rather than being hosted by third parties overseas. This kind of data sovereignty is particularly relevant for organizations operating in the government and public sector.
Meeting these requirements means choosing a cloud provider with local data centres, located in the country where the data is being collected and processed. This makes sure the data remains within the country’s jurisdiction and is subject to local data protection laws. From there, organizations can implement data encryption to protect sensitive data while it’s being transmitted and stored.
Organizations should consider implementing encryption at rest and in transit to protect data from unauthorized access. It’s important to develop a data governance strategy to manage data in ways that comply with local regulations, and to make sure data is used ethically and responsibly.
Loss of control is worrisome
Managing data, and mitigating privacy and compliance risk
Outsourcing aspects of IT operations to a cloud provider can leave many organizations fearing a loss of control over how the data is managed and maintained. This can create risks to customer privacy and compliance requirements.
Overcoming that hurdle requires organizations to take a holistic approach. It’s important to embrace a big-picture view that connects risk, workforce, governance, technology and operations. This helps ensure you’re modernizing in ways that make a positive impact across functional areas, and not in siloed buckets. Building a holistic approach itself covers all the dimensions, including specific challenges mentioned above, while creating a cloud strategy.
Choose a cloud service provider with a strong reputation for security and data privacy, one that’s also transparent about security and regulatory compliance practices. It’s also important to establish clear data access controls for data in the cloud. This can span everything from who can access data and when, to how they use it. What’s more, build regular security audits right into the process. This helps organizations identify and address vulnerabilities to keep data in the cloud safe.
Summary
Reevaluating current cloud models with a human-centred approach helps users who ultimately work, innovate, collaborate and connect in your cloud make the very most of its capabilities. Although CIOs and other leaders may be struggling under a wave of cloud deployment fatigue, now’s not the time to abandon course. Instead, help stakeholders learn about cloud to demonstrate value. Move away from “one and done” strategies to embrace a truly continuous and evolving cloud approach. Pursue a continuous model for implementing the cloud, evaluating its effectiveness and tweaking at regular intervals. And unlock greater cloud ROI from here on out.
Our experienced partners are here to assist you in achieving maximum returns from your cloud investments. Propel your organization into the future with the power of the cloud today.
EY and Microsoft
Together, we empower organizations to create exceptional experiences that help the world work better and achieve more.
Contact us
Like what you’ve seen? Get in touch to learn more.
