Secure Cloud Migration Starts With Trust

Pritesh Parekh
Author: Pritesh Parekh, CISA, CRISC, CISM, CISSP
Date Published: 28 September 2020

Several years ago, discussions with IT organizations tended to revolve around convincing skeptics to move to the cloud. This is no longer the case. Over time, those discussions evolved because IT leaders grew to understand the clear value of adopting cloud. Not only can it be a more secure, elastic and scalable approach to managing workloads, but it is also integral to IT modernization goals.

The cloud provides the flexibility organizations need to manage workloads and adopt the latest innovative technologies while controlling costs. The challenge is to avoid taking a lift-and-shift approach to cloud adoption, which can lead to higher costs, increased cybersecurity risk and the inability to fully realize the benefits of cloud. Existing business systems and applications were historically built to run in on-premises data centers. As a result, simply moving them to the cloud does not translate into full realization of cloud benefits. Likewise, the tools and techniques used to manage these on-premises workloads cannot simply extend into the cloud, either.

The challenge is to avoid taking a lift-and-shift approach to cloud adoption, which can lead to higher costs, increased cybersecurity risk and the inability to fully realize the benefits of cloud.

Taking an on-premises approach and repurposing it for cloud deployment creates unnecessary complexity and expense, ultimately undermining the benefits of running workloads in the cloud. To realize true cloud success, you must couple cloud migration with IT modernization, thus taking advantage of all that cloud technology has to offer, in particular, transforming your approach to cybersecurity.

Unifying Security Across Hybrid Environments

Understandably, IT organizations want to ensure that they can offer users the same services and performance in the cloud that they currently have on premises. However, by implementing cloud-native replacements for systems and applications, agencies can exceed these expectations rather than merely meet them.

The goal is to give users secure, seamless access to all the tools and data they need via the cloud. In the interim, enterprises and government agencies will have to operate in a hybrid environment with some workloads still running in on-premises data centers until they can be transitioned more completely to the cloud. Having different programs for managing and securing workloads in a data center vs. the cloud can be challenging. Therefore, IT organizations should look for opportunities to unify their approach to security processes and controls across all environments.

This can be a hurdle for some, in part because their IT teams may lack the necessary cloud skill sets. Migrating, managing and securing workloads in the cloud require specific expertise that differs significantly from the skills needed to operate a data center. If this skill gap impacts your cloud strategy, you should consider the advantages of cloud-based managed services offerings, which can significantly accelerate the benefits of cloud computing and help unify your security programs.

Cloud Partnerships Should be Built on the Tenets of Trust

Cloud technology is essential to IT modernization because it enables agencies to rapidly adapt to fluctuating environments. User expectations, compliance requirements and workloads can change very quickly these days. By utilizing expert cloud-managed services and cloud-native applications, agencies can accelerate their pace to stay 1 step ahead. In fact, a recent study from Forrester, How Expert Managed Services Accelerate Benefits of Multicloud, shows that the top benefits for using managed services for multicloud strategies include more time for IT staff to work on high-priority initiatives and overall faster time-to-value.1

IT organizations need their applications and data to be secure as they strive to enhance the performance, scalability and reliability of their mission-critical applications. Successfully moving mission-critical workloads to the cloud involves thinking strategically about your outcomes. Positive results hinge on creating partnerships with cloud providers that are based on the tenets of trust: security, compliance, privacy and transparency. Many security professionals have heard the maxim, “Security is everyone’s job.” This only works if the entire team internalizes this mantra, takes personal ownership of it and understands how it helps the organization—and its customers—succeed. To that end, forming a trusted relationship with a mission-critical cloud partner may be the single most important step an enterprise can take on its journey to the cloud.

Pritesh Parekh, CISA, CRISC, CISM, CISSP

Is Virtustream’s chief trust and security officer, responsible for security, compliance, privacy and product development of trust services. With 18 years of enterprise-level security expertise, Parekh has spent the past 12 years immersed in building and leading security for cloud IT platforms. Prior to joining Virtustream, he led worldwide security and compliance initiatives for Zuora and ServiceNow. He has extensive experience in cloud security, Internet of Things (IoT) security, application security, compliance, data protection, fraud protection, security architecture and risk management broadly across all industries, and specifically for critical areas such as software as a service (SaaS) platforms, the financial sector and cloud providers. He is an active speaker within the security industry and a contributor to authoritative outlets such as Dark Reading, Security Current and CSO Online.

Endnotes

1 Forrester Consulting, How Expert Managed Services Accelerate Benefits of Multicloud, Virtustream, August 2020