Cloud Transformation: Expectations vs. Reality

Digital technology continues to be the driving force behind how businesses all over the world continue to react and transform because of the pandemic.

As organizations accelerate their operations and expectations around agility, speed and data access continue to rise. Consequently, cloud transformation platforms today appear on nearly every enterprise technology roadmap as strategic, innovative and essential investments.

Ash Hunt, group CISO of the Sanne Group, an FTSE 250 business, is responsible for security operations, technology risk management, control architecture, and technology governance.

“There is disparity between what people think they should be concerned about versus the realistic challenges of migrating to the cloud,” Hunt said about planning for cloud transformation.

He emphasized that security is paramount, whether on-premises, public, private or hybrid environments. The nature of each one poses many other unique challenges that organizations must be prepared to tackle, including:

• A firm understanding of critical assets. Things become more fluid, especially in environments that rely heavily on dev-ops functions. Without visibility into key assets and a robust culture that maintains a record of truth, things can quickly spin out of control.
• Perimeter security must remain strong. It’s crucial to consider how data is shared internally, with clients and with other external parties. Knowledge of data ingress and egress channels is essential to identifying where to deploy data loss prevention controls.

Hunt added that these requirements need to be communicated “across information security as well as the entirety of the technology” because the multiple disciplines that are involved require collaboration among different teams. For organizations that are already in the cloud, swift progress can be made in several areas and benefits can be seen across the wider technology environment.

A granular understanding of infrastructure – especially if you’re at a public company that relies on infrastructure-as-a-service – is also key to successful cloud transformation. Hunt recognizes this as a necessity due to the content sitting on that infrastructure, as opposed to just the provisioning of the infrastructure itself.

“Transforming from operating in the cloud to effectively and securely operating within the cloud requires a very clear understanding of where a provider’s responsibility stops and your organization’s responsibility starts,” Hunt pointed out.

He continues to stress that capabilities leveraged today from AWS and other providers are far superior to what they used to be. They can help organizations, particularly those who might be struggling with resources, make a big leap forward in security, operational efficiency and other areas.

When considering resources, Hunt said that having the right skill set for cloud transformation deployment can mean “different things to different organizations, and there is no one perfect target operating model for an information security function.”

He acknowledged that this depends on many factors, such as company size, whether you have an outsourced model, and if you might just need a few highly skilled individuals inside your organization to support that operating model.

The other end of the spectrum involves larger organizations, which might have a well-resourced in-house model, but faces challenges in determining the type of talent that can support existing environments while continuing to thrive and grow in the future.

With all these considerations, Hunt finished his thoughts on skillset and talent by stating that at the end of the day, attitude and aptitude are very important and offering a path to learning is critical to getting the job done in ever-changing cloud environments.