Enterprises nowadays are wellversed in the core benefits of operating within a cloud environment, ranging from flexible computing capacity to increased collaboration.
This is reflected in the clear trend among global enterprises migrating their operations into the cloud. According to Gartner, global cloud service revenues are expected to grow 17.5% in 2019 to a total of $214.3bn. More specifically, revenues for cloud management and security services are expected to almost double from 2019 to 2022.
Companies increasingly view moving business operations to the public cloud as both a cost-saving and efficiency-increasing solution. In reality, the process of cloud migration is often more complex than expected. The cloud does not always provide the simplifying effect it promises, and a poorly configured infrastructure migration can introduce additional risks and costs to a business’ operations.
Migration requires a clear strategy focused on long-term prosperity by directly aligning itself to company goals and culture and ensuring the best possible return on investment.
The need for cost management
Businesses often see migration to the cloud as a simple solution to common infrastructure issues that will simultaneously help to reduce costs. While a traditional on-premise IT infrastructure is managed at a flat operating cost regardless of how effectively it is utilised, an auto-scaling cloud deployment only requires enterprises to pay for what they consume. Generally, data usage in the public cloud is metered by the volume of storage used by a business.
Enterprises may therefore regard the public cloud as a cheaper alternative to maintaining their own onpremise infrastructure. But in reality, if a cloud deployment is not underpinned by a robust plan for transformation, they may encounter unexpected and hidden costs.
Cloud usage charges can be compounded through poor configuration, maintenance and security practices. A lack of a clear plan can easily result in greater expenditures, including IT management costs attributed to employing more staff to manage a new cloud environment. The misconfiguration of a cloud setup can also result in the accumulation of significant costs from additional storage charges, not to mention the possibility of financial repercussions from a potential data breach. According to Flexera’s 2019 State of the Cloud Survey, enterprises waste 35% of their cloud spend by not optimising their costs.
A key step towards avoiding unforeseen costs is undertaking a thorough audit of how the cloud will be used, giving consideration to how vital business tools and services will operate in the chosen cloud platform. Working with a trusted partner can add much-needed expertise to the process, and help to test and iterate on implementation plans. The IT department must be selective throughout the process, assessing all existing applications and services, and making a clear plan on which should be migrated over to the cloud and what the benefits of doing so will be.
Establishing risk management
As more businesses opt to make the transition to cloud infrastructure, their cyber security must also transform. According to the 2019 Thales Global Cloud Security Study, only 49% of organisations encrypt sensitive data stored within the cloud. Poor cyber hygiene practices like this introduce unnecessary risk.
To compound the issue, data must be managed effectively in the cloud or it risks exposing the business to further cyber vulnerabilities. Failure to keep close track of its data can render an enterprise unaware of who can access it, as well as where they are able to access it from. The IT function may similarly find it difficult to implement critical security updates across its entire network if they don’t know how far the network extends. These problems are compounded when dealing with more than one cloud architecture. With no two cloud providers operating in the same way, it can become overwhelming for an enterprise to align multiple clouds under a single strategy.
In order to be able to adopt a clear strategy to secure what data it contains within the cloud, an enterprise must of course be conscious of what it is storing. Although cloud providers may provide some tools to assist enterprises in establishing visibility across the network, businesses must install a rigorous process for tracking their data.
Establishing visibility early on in the migration process will ease the transition by allowing IT specialists to pinpoint precisely which of its assets carry a higher risk profile than others. Attention should be paid to which users, devices, IP addresses, and geographic locations are able to access particular data sets, and particular high-value assets should have policies assigned to them.
Public cloud, or on-prem?
Since a significant number of recent large-scale data breaches were carried out by hackers through third-party services, businesses must be wary of who has access to sensitive data and what areas of the network appear to be most vulnerable. A meticulously planned transition can also negate the risk of breach by assessing whether certain sensitive assets are best stored on-premise.
There have to be justifiable benefits that outweigh the potential risks of transferring data to the cloud when it likely could have been more securely contained on an enterprise’s private IT network. This is especially applicable to companies that would encounter significant complications if data were to be compromised.
Finally, it is crucial to understand that cloud security demands cultural change across the business. With the ‘shared responsibility’ model, it is the company’s burden – not the cloud provider’s – to protect stored data from incoming hackers. Despite the existence of various vendor-supplied security tools, organisations have to take full responsibility for their own security practices. The most common risks within a cloud environment arise from the organisation’s own employees, usually through the misuse or misconfiguration of cloud services. This risk can be minimised by promoting security awareness and accountability among employees. Encouraging employees to follow strict security protocols can go a long way in helping a business protect its assets in the cloud.
Conclusion
Enterprises should understand that, although there are numerous benefits to transferring certain business operations to a cloud environment, they should not opt to make the transition without a robust strategy. As more business operations are shifted to the cloud, enterprises must establish a clear plan that takes into consideration all costs involved, keeps track of the risks associated with storing sensitive data externally and establishes a way for the IT function to maintain clear visibility throughout the cloud deployment.
Finally, the strategy must also be malleable enough to incorporate the future use of multiple cloud providers without losing visibility or creating unnecessary security risks.