5 key ways to support your digital transformation to the cloud

by: Mike Contasti-Issac

As we continue the discussion around cyber security awareness, we shift our focus to a popular topic, cloud security, digital transformation, and the challenges organizations may face while transitioning to cloud-based applications. Today, we’re identifying 5 points for organizations to focus on to successfully, and securely, migrate to the cloud.

The only constant in the world of technology is change, and perhaps the biggest technological change that has occurred over the last decade has been the increased adoption of cloud technologies by enterprises both large and small.  While the term ‘digital transformation’ may feel like an almost meaningless cliché to many by this time, the transition to cloud-based applications and infrastructure is still a real and ongoing project for many if not most organizations, regardless of industry or size.  And while in the past it may have been the case that the Canadian enterprise landscape generally lagged behind the United States and parts of Europe in their digital transformation maturity, that gap has quickly shrunk.  The COVID-19 pandemic has greatly accelerated cloud technology adoption as workforces go remote and access-from-anywhere has become a must-have instead of a nice-to-have for key business resources, regardless of geographic location.

Despite all this, several industry reports point out that security teams are struggling to keep up with digital transformation, and many infrastructure and operations leaders report that their biggest roadblock to cloud migration is gaining security team approval and support.  There are numerous challenges that face security teams as their organizations push towards cloud adoption, and while high-profile breaches keep the focus on security high, security leaders also know that their primary objective must be to enable business development and drive growth.

This cyber security awareness month, we are helping security teams embrace the digital transformations in their organizations and the industry-at-large. The following are 5 non-exhaustive focus points for both security leaders and on-the-ground practitioners as they navigate the challenges of securing the cloud.

1. Build Cloud Competencies Organically

One of the most common challenges cited by security leaders as it relates to cloud security is finding people with the skills and know-how to grapple with the complexity of simply understanding, let alone securing their organization’s cloud presence.  Furthermore, as digital transformations are only accelerating, demand for cloud experts will continue to outstrip supply.  Given this situation, it only makes sense to develop and grow that expertise inside the organization when possible.  If you are in a leadership role, ensure your security teams have access to the cloud platforms that your organization is using – the best way to learn the ins and outs of new technologies is to have hands on experience.  Set up labs, embed security staff into other teams working in the cloud, and provide ample training opportunities.  If you are an on-the-keyboard practitioner, embrace the challenge of cloud-based technologies, get your hands dirty and don’t be afraid to break things (in a test environment of course).  The skills you start developing today will only become more and more valuable to both your organization and yourself.

2. Cloud Security Begins and Ends with Identity

You’ve already heard it a thousand times, so it must be at least partly true: identity is the new perimeter.  In a cloud-first world, users need secure access from anywhere to anywhere, and securing that access starts with ensuring trusted identities are adequately verified.  However, in a zero-trust architecture (see more on that below), this means more than just multi-factor authentication (which you’ve already implemented across the organization, right?)  Users need the convenience and security of using a single, frictionless sign-on across multiple cloud resources, technologies and vendors, and the security team needs the confidence that those users are who they say they are on a continuous basis.  Cloud access security brokers (CASBs) are evolving to provide continuous validation of a users identity and authorization beyond the initial sign-in through every stage of interaction with your cloud environment.  Without the foundation of trusted identities, your entire cloud security posture is only as good as your weakest password.

3. Automate Configuration Management

If just reading the phrase “exposed S3 bucket” causes you to lose sleep at night, you’re not alone – and for good reason.  Gartner estimates that over 99% of cloud breaches are caused by misconfigurations, many of those involving unintended exposure of cloud resources.  While cloud service providers have gotten better at defaulting to more secure configurations for storage and compute objects, there are still a bewildering number of permissions, parameters and options that can impact the security of your cloud infrastructure.  This explosion of complexity has meant that it’s almost impossible for any individual or even a full security team to get a proper handle on how their organization’s cloud presence is configured with manual analysis alone.  This makes utilizing a cloud security posture management (CSPM) solution a near-necessity for most organizations who utilize IaaS for anything remotely business-critical.

4. Embrace and Secure Multi-Cloud

While many organizations explicitly pursue a multi-cloud strategy for reliability, performance, resiliency, and compliance, many more organizations have been thrust into multi-cloud in a less intentional way, as different internal teams utilize the vendors and technologies that best suit their needs and their budget. Ensuring adequate security for numerous and disparate cloud deployments can be incredibly challenging, but simply forbidding your business’s teams from taking advantage of the flexibility and value of cloud services is no longer an option.  Security leadership must develop and effectively communicate simple but robust policies and guidelines to help ensure that all cloud initiatives that your organization’s various branches undertake have adequate controls in place to ensure visibility, auditing and proper access controls.  What these policies look like will vary from business to business, and it is a fine line that must be walked to ensure security without impairing value drivers and innovation.

5. Continue the Zero-Trust Journey

Whether you think it’s a puffy buzzword or the greatest security paradigm shift since Diffie-Hellman, the core pillars of Zero-Trust Architecture (which depending on who you ask might include trusted identity management, data classification, continuous verification, left-shift of access controls, secure access service edge, etc. etc.) will only become increasingly important as cloud adoption inverts access patterns from resource-centric to user-centric.  But even if ‘Zero-Trust Architecture’ sounds like a pie-in-the-sky utopia that only the most cutting-edge, agile and well-resourced organizations can hope to achieve, chances are that your organization has already adopted and implemented some pieces of the zero-trust puzzle, whether that’s a single sign-on provider for your SaaS applications, mobile device management for your BYOD users, or SD-WAN between your remote sites.  As critical business resources (the data and the infrastructure it lives on) continue to disperse and move away from centralized data centers, adopting the tenants of Zero-Trust will be critical in ensuring the security of a digitally transformed, cloud-based enterprise.  Build on the successes that you’ve already had and continue to pursue zero-trust principles in all your business information technologies.

Your key word is “Zero-Trust”

Don’t forget to comment the key word on the LinkedIn post here for a chance to win one of many prizes!

Interested in Chatting with a Secure Sense Security Professional?

There’s no better time than the present to enlist help for your security needs. Available across Canada, our team of specialists are eager and ready to learn how to become that trusted extension of your security team. Don’t hesitate to reach out to us at 866-999-7506 or shoot us an email at contactus@securesense.ca.

Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, and our services or just want to chat about security please give us a shout. Follow along throughout the month of October as we discuss all things cybersecurity for Cyber Security Awareness Month.

You can also find us on Twitter, Facebook,  LinkedIn.