Security Experts:

Looking for the Silver Lining: Making the Move from Hybrid to Public Clouds

They say you need to look for that silver lining in the cloud. You may have thought you found it when you adopted a hybrid approach to cloud computing. And for a time you probably did.

A hybrid approach, having some applications in the public cloud and others in data centers and private clouds, is the most common. But now much of the innovation and change is happening in the public cloud and the silver lining is shifting. According to Gartner, by 2019 more than 30% of the 100 largest vendors’ new software investments will have moved to cloud-only. With more leading-edge IT capabilities available only in the cloud, companies that can migrate more of their applications accordingly stand to gain even greater agility, scalability, and efficiencies required for business success.

So what’s keeping organizations from transitioning more of their hybrid computing environments to public clouds? There are three main reasons:

1. Locked in tradition. It’s human nature to resist change and IT teams are no different. Making the migratory leap can be overwhelming and scary. In addition, some IT capabilities are only available in traditional formats, reinforcing the need for many IT teams to protect their internal clouds.

Making the Move from Hybrid to Public Clouds2. Security concerns. Some security professionals and regulators feel that moving to the cloud compromises security posture. Some of this mistrust is based on geography – where the company is located vs where the cloud is hosted. A lack of clarity from cloud service providers on security practices also contributes to security concerns.

3. Transition ease. Some applications are easy to move to the cloud and some are more difficult. For example, apps that rely heavily on mainframes for core backend processing and up to hundreds of servers require a multi-step approach.

Many companies want to take advantage of all the benefits of moving to cloud, and industry pundits point to a shift to greater public cloud usage. Research from Gartner finds that overall demand for cloud computing in all its forms will grow 18% in 2017 to $246.8 billion in total worldwide revenue from $209.2 billion. Of that total, demand for the subset of public cloud infrastructure is expected to grow 36.8% this year to $34.6 billion.

Forrester concurs; public cloud services are a force to be reckoned with. They project that revenue from public cloud platforms, business services, and SaaS applications will grow at an overall CAGR of 22% between 2015 and 2020, reaching $236 billion (up from $146 billion in 2017), which is 23% higher than their previous forecast.

Clearly it is no longer a question of “if” a company will move to public clouds but “how fast.” Some are cloud-first and others are more measured. But to take advantage of the significant business benefits, there’s a growing movement to public cloud services.

Here are three tips to help you prepare.

1. Recognize the knowledge gap and work to close it. There’s a dearth of IT and security professionals with a deep understanding of cloud today. Even with various certifications, there’s no substitute for specific knowledge of the actual service. Get to know the best practices for your particular cloud provider. Documentation is also approached differently in the cloud, using scripting language that may not be familiar to security management and architecture teams. It’s time for a refresher on JSON and Python.

2. Understand how security operating models must change. The cloud is a dynamic environment and our approach to security likewise must become more agile. Gone are the days of releases every six months and governance run by committee with manual reviews on a monthly basis. When multiple releases a day are the norm, security decisions must be distributed real-time throughout the organization. This will require mechanisms for better security accountability and visibility.

3. Adopt security frameworks built specifically for the cloud. Frameworks from NIST or ISO only mention the cloud and many of the controls still assume the traditional way IT is managed. You need a cloud security framework that can serve as a lens for planning cloud security and that you can use to help develop your cloud security architecture. For example, solutions that allow you to control and discover SaaS apps and protect data usage in the cloud, while enabling employees to get their work done from wherever they are, must be part of your architecture.

Many organizations are comfortable right now in their hybrid environments. But as more IT innovation happens in the public cloud and the enabling infrastructure continues to mature, organizations need to put themselves in a position to benefit from the latest cloud services. Beginning to lay the groundwork now, you can confidently shift to the cloud that offers the greater silver lining.

view counter
Ashley Arbuckle, Cisco’s VP of Security Services, is responsible for the oversight and global delivery of the Cisco portfolio of Advisory, Implementation, and Managed Services, bringing a pragmatic approach to helping Cisco’s clients solve their most complex security challenges. Arbuckle started his career in security consulting at PwC working with Fortune 500 customers. After PwC he joined PepsiCo where he led enterprise security and the strategic planning process for PepsiCo’s IT budget of over $2 billion. He has a BBA in MIS and Accounting from the Rawls College of Business at Texas Tech University, is a CPA, and holds a CISSP and CISM.