After dipping their proverbial toes in the water and experimenting on a selective basis, leading enterprises around the world are now migrating to the public cloud at scale. As IT strategies shift to facilitate the movement of increasing amounts of applications and data into the cloud, business leaders are making it a priority to identify the keys to a smooth transition.
In a recent report, McKinsey outlines some factors related to the increase in public cloud adoption. They identify four practices that CISOs should implement in order to ensure a smooth transition to the public cloud and maintain a consistent, effective approach to cybersecurity. We’ll briefly outline them below.
Develop a cloud-centric cybersecurity model. It's important that enterprises don't maintain their on-premise security approach when they move away from on-premise storage solutions. This is because an enterprise won’t be able to maintain the requisite visibility and protection across all of its clouds and workloads. McKinsey recommends looking primarily at two areas when redeveloping cybersecurity processes from a cloud-centric perspective: how the network perimeter is defined and whether application architectures need to be altered for the public cloud.
Redesign the full set of cybersecurity controls for the public cloud. Once CISOs have developed a sound cloud-centric cybersecurity model, they need to redesign their cybersecurity controls. Controls can be categorized into eight areas, which should be thought of in relation to one another. In order to determine how to holistically approach each individual control, organisations can consider their most likely threat scenarios and the levels of security their workloads require. They can also work with CSPs to determine which controls to deploy internally and which to procure from third party providers.
Clarify internal responsibilities for cybersecurity, compared to what providers will do. Enterprises inevitably rely on cloud and other third party providers when moving to the public cloud, but that doesn't necessarily make it an entirely hands-off approach. Collaboration between enterprises and CSPs is the best recipe for success to implement consistent, effective cybersecurity. Some of the areas identified by McKinsey that are ripe for collaboration are transparency on controls and procedures, regulation and compliance, and integrated operations monitoring and response.
Apply DevOps to cybersecurity. One of the industry's favorite buzzwords of the past couple years, DevOps is an approach to integrating development and IT operations that supports continuous delivery of new software features. Applying DevOps to cybersecurity can help enterprises be more agile but leaders should be aware that it requires companies to foster a culture in which security is a way of life. In order to make secure DevOps a success, companies need to adapt their IT operating model so that security implementation becomes a part of the cloud development and deployment process.
These four recommendations only scratch the surface of the information found in McKinsey’s report. If you would like to learn more about their recommendations for making a secure transition to the public cloud, click here to read the report in its entirety. If you would like to learn about Digital Realty’s approach to security and compliance, click here.