As organizations undergo digital transformation at an accelerating pace, teams should use this checklist to ensure the enterprise fully leverages a cloud modernization to gain scale, velocity, and agility without sacrificing security.

Bharath Vasudevan, Vice President, Product Marketing, at Alert Logic

August 18, 2021

4 Min Read

The pandemic dramatically accelerated digital transformation for the majority of organizations. With the recent uncertainty around returning to their offices, this commitment has only strengthened: Four of five executives are pushing hard on transformation plans to differentiate their company's market value. What started out as a necessity is becoming the new standard.

These modernization efforts involve the constant acquisition and refinement of applications to address rapidly changing technology complexities, with most companies indicating that their employees are expected to master at least three new digital touchpoints every year. The cloud remains a critical factor, as 63% of companies expect to eventually migrate all of their workloads/applications. In organizations undergoing a digital transformation, 79% of executives say the cloud plays an important role in this initiative.

With the pace of tech expansion, security teams must adapt to defend it all. Given this, there are best practices teams can adopt to increase the likelihood of success. Teams should collaborate on the following six-step checklist to ensure the organization fully leverages a cloud modernization to gain scale, velocity, and agility without sacrificing security.

  1. Define success. First and foremost, determine what a successful transformation looks like and communicate this to your teams. In many cases, team members will go forward in supporting the transformation without understanding why they're doing it — they do it simply because "my boss is telling me to."

    To avoid this, develop long- and short-term objectives to illustrate your organization's desired end state to team members. Key performance indicators (KPIs) enable you to measure the positive impact of your security, cost-reduction, scaling, and innovation efforts. Timelines set realistic deadlines to achieve goals while accounting for budget as well as comprehending people, process, and technology.

  2. Increase visibility. Security cannot exist without visibility — you can't protect what you can't see. By staying on top of change, and monitoring and analyzing migrated workloads and applications, you acquire insights about vulnerabilities and whether any visibility gaps exist with respect to security, compliance, and audit requirements.

  3. Champion security as an enabler. You have to promote and embed security into each stage of the cloud transformation. Embrace a “shift left” model. Security must affect every decision moving forward. Bolting it on at the end of the IT process effectively treats it as an afterthought. This will cause schedule delays and headaches which can damage your operations, customer base, and organization's reputation.

  4. Adapt risk tolerance. Any transformation effort will bring risks. For example, deploying containers will save on costs while boosting agility, but it will also introduce a new computing model, thereby elevating risks. You can still manage this risk, but you will need to maintain visibility and security controls over these new operating environments. That's the kind of tradeoff and understanding required to move your organization forward.

  5. Pursue a shared security responsibility model (SSRM). As your cloud footprint grows, you need to understand what you are responsible for and what the cloud provider covers. Understand that even if you are not able to bear all the responsibility, you are able to shift more of the burden of protection to the service provider, which can offer significant advantages. They can do everything from managing prevention tools to patching your operating systems, applications, and virtualized components.

  6. Think beyond just moving workloads to the cloud. This is a good first step, but there is more to extracting efficiencies by leveraging the cloud than just "lifting and shifting." Every business has its own needs, and refactoring applications can allow you to take advantage of more options across applications, storage, network, and computing. Beyond right-sizing your compute profile, you can explore different models that may lead to additional savings:

  •  Containers: These work for companies seeking a lightweight, portable way to distribute applications, quickly build them to scale, and manage them more effectively.

  • Serverless environments: Designed to automatically scale to meet demand, the serverless environment allows you to deploy applications within seconds on a pay-for-what-you-use basis.

  • Microservices: This is for the "always-on" business (such as e-commerce sites). You acquire a platform with multiple microservices applications which operate independently of each other. If one microservice application is compromised, the others are not. Microservices minimize the risk of one component emerging as a single point of failure that triggers broader damage.

Many organizations turn to solving for vulnerabilities and patching as a quick route to security success. But patching can be more difficult than it appears, requiring coordination across multiple workgroups. Many organizations don't even have emergency patching programs (a process that gets initiated when major application vulnerabilities get discovered) or have adopted a cumbersome process that takes weeks to roll out.

Digital transformation empowers organizations to invest in approaches that go beyond merely hygiene, just as a cloud migration or modernization itself is about more than a routine lift and shift of workloads and applications.

Both implementing and securing your cloud modernization represents a more profoundly successful mission. It introduces an opportunity to closely examine what your business can do now (including its limitations), and then identify how the cloud can swiftly expand the possibilities of virtually everything, giving IT more agility than any on-premises environment ever could.

About the Author(s)

Bharath Vasudevan

Bharath Vasudevan

Vice President, Product Marketing, at Alert Logic

Bharath Vasudevan is Vice President, Product Marketing, at Alert Logic. His organization is responsible for the go-to-market strategy of Alert Logic’s offerings and technical marketing efforts. In addition to this, his team leads Alert Logic’s customer advocacy programs. Prior to Alert Logic, Bharath held leadership roles at Forcepoint (a subsidiary of Raytheon), Hewlett Packard Enterprise, and Dell Technologies across engineering, product marketing, product management, business development, and technology partnerships. In his 20 years in the IT industry, Bharath has been very active in intellectual property programs and has received 13 patents from the USPTO covering both hardware and software designs. He holds a bachelor’s degree and a master of science in electrical and computer engineering from Carnegie Mellon University.

See more from Bharath Vasudevan
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

The letters EDR/XDR amid binary code
Application Security
Evil XDR: Researcher Turns Palo Alto Software Into Perfect MalwareEvil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
byNate Nelson, Contributing Writer
Apr 19, 2024
4 Min Read
A computer screen showing GPT-4
Threat Intelligence
GPT-4 Can Exploit Most Vulns Just by Reading Threat AdvisoriesGPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories
byNate Nelson, Contributing Writer
Apr 18, 2024
4 Min Read
An ICS control panel
ICS/OT Security
ICS Network Controllers Open to Remote Exploit, No Patches AvailableICS Network Controllers Open to Remote Exploit, No Patches Available
byDark Reading Staff
Apr 18, 2024
2 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events