While no business could have fully prepared for the COVID-19 pandemic’s impact, those with strong cloud-based strategies have been able to adapt to the remote work reality. But even for companies that have migrated to the cloud or are in the process, a dispersed workforce presents challenges when you consider the trade-off between a streamlined, cohesive work process and network security. Despite this, the move from on-premise to cloud-based solutions isn’t slowing, making cloud migration still desirable.
In fact, recent research points to increasing public cloud adoption over the next year, even amid, or perhaps a result of, the pandemic and an overall downturn in IT spending. According to Instinet, 68% of CIOs indicated cloud services would become more of a priority for their businesses and reported a reduction in on-premise workloads, from 59% relying on on-prem assets in 2019 to an estimated 35% by 2021.
For businesses, cloud and SaaS services offer an easy way for employees to collaborate and access the information they need outside the confines of a physical office space. For employees, these solutions are desirable in part because they’re so easy to use. When not sanctioned through an employer, all it takes is an email or credit card to sign up, and an employee can start a CRM package, open a Dropbox, or create an iCloud account, and a range of other activities. While it sounds benign, any of these services could be a place for sharing company information, from trade secrets, to intellectual property, and personally identifiable information.
In order to enable employees to get work done and safeguard sensitive information, organizations must find a way to both connect and manage systems and access. Cloud migration is a big undertaking, and far too often organizations overlook what a crucial part identity governance plays in implementing successful and sustainable cloud migration initiatives. By baking identity governance into your plan from the get-go you can avoid some of the main security pitfalls of transitioning to the cloud.
One major challenge is employee buy-in. It may sound counterintuitive, as the cloud is meant to streamline work processes, but learning new systems and working out permissions can be a learning curve company’s need to account for. People want to get work done as quickly and efficiently as possible, and adding another roadblock for them to access what they need can result in bypassing security protocols. Organizations who have not already should implement safeguards like multi-factor authentication (MFA), but also consider making the second form of identity something easy to access, like a code sent to a mobile device or something the person has at all times versus a security question or a physical token they need to remember.
A good cloud migration strategy is not just about wrangling your employees, though—it’s about choosing your cloud partner wisely. When you rely on cloud solutions, you’re entrusting another party with your valuable customer and company data. Even if the information is compromised under their care, it’s your business that will pay the price at both a financial and reputational cost. Before embarking on a cloud journey be clear about your prospective cloud provider’s security practices, and don’t just make them tell you—have them show you. Ask where your data will be stored, what measures they take to protect it, and what practices they use to keep it secure.
Another challenge beyond vendor selection and employee onboarding is simply keeping up with the pace of technology. The last few years have looked like an arms race to the cloud, and as a result, a lot of projects fail. Migrating all your data with different levels of sensitivity and access privilege should be done intentionally, and many bite off more than they can chew. This causes mistakes and headaches in the long run, and the worst part is, it’s easily avoidable. Leverage third-party resources that have identity expertise, such as an outside consultant or an analyst firm to help you define your cloud requirements. Make sure stakeholders—leadership, investors, department heads, etc.—are involved in executing cloud projects, as they span the business.
The work doesn’t stop there, though. Once you do have a solid strategy, select a vendor to partner with, and start onboarding and training employees, think ahead about how you’ll maintain a healthy security posture. Consider using a cloud access security broker, an independent software that sits between cloud service users and cloud applications, and monitors all activity, or an ethical hacker to help identify weak areas and enforce security policies. For highly-regulated industries, such as healthcare and life sciences or finance, managing evolving threats becomes especially important. By not complying with strict laws and requirements to protect sensitive information, you could be setting yourself up for a world of hurt.
Security is a top reason that organizations stall their cloud endeavors—and for good reason. However, with the promise of better IT processes, increased productivity and collaboration, and a host of other benefits, the challenges of cloud migration far outweigh the risks. Success takes due diligence and a digestible strategy to prevail, so be sure to do the homework, tweak as you go, and remember, it’s a marathon, not a sprint.
By Jackson Shaw, Chief Strategy Officer, Clear Skye