Digital transformation is supposed to make business faster and more efficient. But if those changes come at the expense of security, any gains made could quickly be reversed.
According to research by HPE, those businesses that achieve a successful operating model have security built into the very foundation of their transformation model. Their security efforts are focused on three key areas:
1. Risk and compliance
Infrastructure as Code methodologies has evolved with the specific goal of accelerating development. The software development pipeline can be automated, allowing new applications and code to be delivered quickly.
For digital leaders, the pipeline is accompanied by a robust logging and monitoring solution that automatically scales alongside their environment. This allows them to embed security into their processes and to assess compliance with necessary protocols – without decreasing development velocity.
Leaders’ systems continuously monitor the production environment, conducting compliance and pipeline checks and automatically notifying stakeholders of issues that require remediation.
2. Security controls
Traditional security controls do still work in the cloud – but the way they are implemented must change. On-premise tools, however, do not work because they are not designed for use in a hybrid or cloud-native estate.
HPE cites the example of endpoint security, where locally installed anti-malware periodically updates itself from a central repository. In the cloud, where machine images spin up and down as required (sometimes for just a matter of minutes), this model does not work because the updates do not complete in that narrow timeframe. This leaves elements of the environment unprotected because they do not keep pace with changes in the threat landscape.
Leaders apply their proven security controls using hybrid tools that can cope with the realities of the cloud model. They will also integrate these tools across their entire ecosystem, such as scanning container images at the end of the development pipeline to improve security compliance standards across the organisation.
The spin-up spin-down approach to resource usage may be completely different to the traditional three-tier data centre architecture, but the compliance requirements of your business do not change. Approaching governance using the same techniques as on-premise applications will create risk for your cloud environment.
Cloud transformation leaders understand the fundamental differences in approach and retrain their security teams accordingly. Rather than attempting to create a hardened perimeter that protects corporate resources, these organisations ensure their staff can think in terms of zero-trust operations that creates a network of secure devices.
How can you catch the leaders?
It is clear from the example of cloud transformation leaders that successful change is a combination of technology and culture. These organisations balance business objectives with risk objectives, ensuring that rapid development and deployment do come at the cost of data security.
At the most basic level, leaders can put in place the people, processes and tool changes necessary to deliver compliant, consistent security across their hybrid estate. And it is precisely this balance that your business will need to achieve to contain risk in the cloud.
To learn more about building security into your cloud digital transformation strategy, please give the WTL team a call today.