By Jack Sepple, Senior Managing Director, GTO Operations, Cloud & Security, Accenture with contribution from Accenture Senior Manager, Security, Daniel Mellen
Hybrid cloud is changing the entire IT marketplace, not least how we approach securing public and private cloud environments.
Across public and private cloud, the goal of security is to provide more visibility and resilience at every layer of operations, but companies are learning quickly that there is no silver bullet. Keeping pace with hackers is akin to a hamster running around a wheel.
When transitioning from on premise or private cloud to public, organizations are focused on achieving unified visibility into their security operations. Whether through a managed security partner or on their own, organizations depend on a level of trust and confidence in native cloud provider security controls to maintain confidentiality and integrity of their data. To meet their needs, enterprises are introducing security into the fabric of effective hybrid cloud implementations – specifically automation, orchestration, workflow and accessibility across environments with security as an integral design element.
Companies that are doing this well are expanding their security measures beyond the traditional, internal perimeter — downgrading the intranet to an equal trust level as the public Internet. This disruptive perspective allows for streamlined, consistent security processes to be created, operated and maintained across any environment, public or private.
Cloud technology is dramatically changing security in sometimes surprising ways. In fact, most public clouds are infinitely more secure than most companies’ current internal data centers and security functions. The major breaches that have occurred over the past few years did not involve public cloud providers rather, human failures or the organization’s internal or partner systems were hacked through a phishing expedition or other sophisticated attacks.
The costs of these breaches are not only financial. It’s a complex process to accurately estimate the long-term impact that data disclosures can have on the brand and reputation of a business when customers, partners and employees lose confidence and loyalty – ultimately impacting the top and bottom lines.
That’s one reason why more and more companies are moving to public and hybrid cloud models. Done right, public cloud offers a higher degree of security around identity and access management, security information and event management, security analytics, visualization and proactive security. While it’s not a shortcut, a mature cloud operation can provide businesses with enterprise-grade security functionality that has native roots and integration options, making the cloud more flexible and secure. Additionally, there’s been an avalanche of cloud security vendors entering the market with solid public cloud integrated offerings. Another CFO-endearing characteristic is economics. Many cloud service security pricing models are pay-for-what-you-use, so it has become a low-cost alternative to traditional security product licensing.
For a mature security model—whether it’s through a hybrid or public cloud—governance is key. There must be a clear roadmap to understand what the end state for the enterprise is expected to be. And enterprises must define their strategies accordingly, determining whether they need a solution for the long-term or a short-term fix to make the transition, what regulations are required, and what the predominant threat vectors are for their particular industry.
There are a lot of security solutions out there, so understanding the cloud landscape has become critical. Start by looking for partners that have mastered logging, monitoring, identity and threat intelligence—correlating data and gleaning security information. Then look at your business objectives and work back through the capabilities, interoperability and cross-environment visibility from there.
For further information visit accenture.com.
