Ambitious plans for innovation interrupted by concerns for cloud security (Guest blog from HCLTech)
When it comes to utilizing cloud to achieve business goals, security is one factor that causes concern for senior executives. According to new HCLTech research, over a third (41 percent) of executives say that security and privacy risks are one of their top three concerns for expanding their use of cloud. Other hurdles are a lack of skills (70 percent) and a disjointed cloud culture (32 percent).
Security is always a priority for IT. Unfortunately, some IT organizations lack skills and experience in dealing with modern cybersecurity threats. With cyberattacks and threats increasing in frequency and impact, it has become much more important to be aware of security practices and policies for the network, applications and data.
Experts say that cloud security is a team effort. HCLTech has advised many organizations on implementing security policies and practices as part of their digital transformation projects. HCLTech’s security experts work with clients to identify and remediate security issues.
Does cloud security have to be an obstacle?
According to Amit Jain, EVP for HCLTech Cybersecurity and GRC Services, there are three areas that must be considered when businesses are planning to optimize cloud for business advantages. First is defining the business strategy and then identifying the applications and data that will be required to achieve the desired business outcomes.
Second, while hyperscale clouds are building security into their platforms, organizations are still responsible for defining and implementing their policies and governance. Organizations must understand how they will protect this new multi-cloud reality.
Finally, cloud provides an agile response to business strategies that are dynamic in nature. Cloud security aligns to how cloud will be used to enable the business strategy. Security policies and processes will need to evolve along with the cloud strategy.
“For organizations increasing their position in cloud, security is a sizable concern. Their security teams will need to apply continuous modernization to their security policies and processes to keep pace with the role of cloud in the business. Governance, controls and talent are the three priorities for IT leaders who are enabling cloud as a business platform. This will remove the concerns expressed by the business,” says Jain.
Siki Giunta, Executive Vice President, CloudSMART, Offerings Strategy Industry Cloud Consulting at HCLTech, expands on Jain’s advice:
“I don’t think there is an industry where there aren’t vulnerabilities at the cloud level, and I think everybody is very aware of it. However, there are best practices and competencies provided by the hyperscalers and new processes like air gaps, policies for data residency, securing edge devices and sovereign cloud that are changing the way organizations are securing people and transactions in the cloud. HCLTech is at the forefront of enabling this type of architecture.”
Industries with the biggest struggles
Not all industries are treated equally when it comes to the number of cyberattacks leveraged against them. Regulated industries—from financial services to public services and healthcare—have legitimate concerns about data security and privacy when utilizing cloud. There are regulatory requirements for how the data is secured at rest and protected as it moves between the business and its customers, the hospitals and their patients and the banks and their depositors.
“I think the regulatory requirements and penalties for failing to comply with the policy is the predominant reason these segments may be falling behind other industries in leveraging cloud,” says Jain.
Giunta adds: “We are learning every day about cloud adoption and every day we have a new profile, a new use case or we identify a vulnerability that could lead to a security breach. These experiences help to uplevel skills for our cloud security teams and our clients.”
Jain continues: “In cloud, we’re talking about full stack engineers and full stack administrators. Today we rely on the availability of multi-skilled talent to design the cloud security architecture, as well as operate and govern that architecture.”
Multi-cloud adoption and pervasive cloud implementations will add the opportunity for more sophisticated security architectures. To operate these cloud platforms will require more skilled and experienced practitioners.
“I don’t think that we could ever have enough cyber skill in the world,” says Giunta. “If I had to pick between adding more cyber accessories or hiring more cyber ninjas, I can tell you I will always go to a ninja or a subject matter expert.”
Giunta adds that strengthening cloud security starts with strengthening the skills of the employees that are working in that environment. To help alleviate the skills challenge and improve the security culture, HCLTech has established a specialized Center of Excellence (CoE) around cloud native security.
“The COE is focused on cloud competencies and enables us to keep pace with the latest and greatest developments in the cloud and the cloud native ecosystem of security controls and features,” says Jain.
He adds: “We can deliver efficient and secure operations from visibility to threat monitoring and threat response with attention to compliance and regulatory requirements for security. Our CoE enables our customers to overcome concerns they may have around having adequate talent with required skill sets.”
Overcoming hurdles to optimize cloud as a business platform
HCLTech has invested energy and time to improve the security knowledge and skills of employees and create a security aware cloud culture. HCLTech has successfully changed how employees and customers think about security. Security is a team sport and requires everyone to participate. When clients are considering extending their utilization of cloud, security is always a part of that conversation.
“We realize that not every organization is equipped to deal with the complexity of defining security policies and developing their security framework to support new workloads in the cloud,” says Jain. “To help these customers we developed a cloud security as a service (CSaaS) framework.”
By applying CSaaS, HCLTech can assist customers with migrating existing applications to the cloud and adopting new SaaS applications without sacrificing security and adhering to compliance requirements.
“Offering this ‘security in a box’ we can transfer our knowledge to our clients, level up their skills and at the same time backup their security team. We can identify vulnerabilities that they may have missed, vulnerabilities outside their network,” Giunta explains.
While there are some late adopters who will evolve slowly to the cloud, HCLTech recognizes that the proverbial train has left the station when it comes to cloud adoption. Most IT and business leaders have realized that cloud is not just about saving cost, but instead enables agility, speed, resilience and above all, innovation.
To discover more insights from HCLTech’s cloud research, Cloud Evolution: Make innovation a habit, click here.
Cloud Week 2023
News, views and insights on how cloud computing continues to reshape how we live and work. techUK's annual Cloud Week is an opportunity for the tech community to explore key issues in cloud and highlight new ideas and thought leadership from our members.