In 2020, most organizations have accelerated their use of cloud transformation capabilities to solve bottlenecks at the enterprise gateway and increase collaboration as they move to work from home or anywhere. As businesses increasingly rely on secure cloud services, it is essential that they understand and make business decisions about how to manage risk.
Some risks are obvious (43% of cloud databases are not encrypted), while others are more hidden (76% to open key points of access such as encrypted communication and worse, 60% don’t have cloud logging enabled to track who’s accessing it). These are simple errors that security professionals are used to fixing, so why shouldn’t this happen? The cost of cloud risk, if not managed effectively, can have serious impacts on the profitability of digital transformation.
As a business leader, how do you identify both these organizational and cultural issues and drive change within your organization to ensure you spot potential risks and maximize the opportunities posed by digital transformation enabled by cloud capabilities.
Here are 4 key questions you should ask your business:
How does moving specific business processes to the cloud change our risk profile?
80% of those surveyed think their cloud transformation infrastructure is constantly evolving. The question is WHEN should the risk analysis be performed and how often should the reassessment be performed. The cloud is really a new and often complex supply chain, which means new dependencies. Understanding the risks means your security teams can see your digital processes and have mapped out all the potential end-to-end impacts. Challenge them in their blind spots and what they are doing to address those risks. With the ever-changing use of the cloud and your business processes, it is important to ask security teams if they are correcting blind spots as they are found (often the hard way) or if they are not. they proactively invest in processes and capabilities to find and mitigate risks before they happen. too late?
Do you have clear definitions of responsibilities inside and outside your own business?
Ninety-four percent of organizations use multiple cloud platforms, such as Google (GCP), Amazon (AWS), and Microsoft (Azure). And of those, 60% use two to five virtualization operating platforms (usually cloud services like Kubernetes on docker). Beyond the technical jargon, it’s important to realize that any digital process will have many services provided by third-party companies. As you digitize more and more processes, it gets more and more complex. The endpoints where responsibility changes are often complex and not well defined at the granular level. It is necessary to define a number and experiment to see if well-defined limits are understood. 73% of organizations struggle to clearly delineate the security responsibilities of their cloud security provider (CSP) and their own, and that’s only a small part of the digital process.
Do you understand the regulatory impacts? Do you have clear governance?
Aside from industry-specific regulations, most are regional or country-specific. The strength and challenge of cloud governance are knowing exactly where the data is actually stored and processed in the world. For example, if you are dealing with personal data, this adds to the complexity of complying with data protection laws such as GDPR (European Union General Data Protection Regulation). The advantage of the cloud is its agility, its dynamism. You should have a clear vision of who is responsible for collecting all regulatory and administrative information of the different cloud services used and the different tools used to collect this information. . You need to challenge the impact that changing data storage and handling can have on your regulatory requirements and the compliance status of your various parties. It can become a full-time role for someone in the company. Be clear about how often updates are sent to business leaders to ensure your information is accurate.
Do you have the skills and knowledge to manage your cloud transformation?
If you don’t have an integrated e-strategy that can keep up the pace, visibility and governance will struggle. Technical complexity is considered the biggest challenge in starting to migrate through the cloud, and having the right skills is closely assessed. 75% of organizations say their cloud security tools and solutions are overwhelmed by threats to their cloud systems. As a result, more than 60% use at least six different security tools from different cloud providers. The concept of agility in digital processes is like a generation change that requires upskilling or hiring new employees. This is why simple mistakes should never happen. Asking someone to cook in the kitchen is a lot different than doing it in the lab, and being agile means things happen faster. It requires organizational change. Who is driving the development of skills and processes? How do you assess the capacity of teams, what is their adaptability, resilience around this transition, and how do you ensure coherence across operational processes? your new and that of the related service partners. If you cannot answer these questions, you are not ready to act.