Recently, I’ve had several conversations with organizations and fellow colleagues, hearing anecdotal stories which are all based on a similar theme - cloud transformation.
More specifically, that organizations are moving to the cloud, often at pace, without formulating in advance a cloud strategy to help support them on this transformational journey. Perhaps a business function within an organization has started to build a cloud environment but then realized there are insufficient operational and strategic guidelines in place to support this new world. Or perhaps disparate business functions have made varying choices regarding which Cloud Service Provider (CSP) to use, or the cloud deployment model to commit too, such as IaaS, PaaS or SaaS.
And what about a cloud security specific strategy? Is that even on the radar of organizations?
The Cloud Security Alliance (CSA) recently released its third version of Top Cloud Computing Threats and coming in third place was the threat of a “Lack of Cloud Security Architecture and Strategy”. The CSA outlines how “large organizations migrating their information technology stack to the cloud without considering the nuances of IT operations in the cloud environment are creating a significant amount of business risk for themselves”.
As I’ve stated in a previous blog post, digital transformation is at the heart of any modern organization and technologies such as the cloud have offered customers fantastic opportunities. The cloud is a terrific enabler of this journey as it offers speed, agility, scalability and flexibility. This means organizations can be more reactive to changing customer needs, ensuring they don’t fall behind their competitors by ensuring go-to-market timelines are as efficient as possible.
However, the cloud is not the end goal and shouldn't be the 'why' in itself. Instead, achieving specific business goals in a changing world should be the reason, in which the cloud may be one of the crucial enablers.
By developing a cloud strategy, an organization can benefit from some of the following and more:
- A well-defined framework on how to consume the cloud to best enable your business functions
- A clear understanding of how moving to the cloud can enable business goals
- A roadmap to migrating workloads to the cloud efficiently
- Ensures an organization can leverage the full benefits of the cloud, such as scalability, flexibility and availability.
- A clear idea on what existing security controls can, or even should, be replicated in the cloud or how to take advantage of cloud native controls
Building a cloud strategy early, which includes security, and focusing on the 'why', is vital to the wider success of digital transformation. By focusing on what an organization is trying to achieve as a business outcome, and identifying how cloud technology can facilitate this journey, is the best way of ensuring long term success.
..we need to be careful not to conflate the vehicle used to power the journey with the destination