InsightaaS: Security has been a central issue from the earliest days of cloud. IT professionals cited it as a reason not to embrace the power and flexibility offered by hyperscale providers; providers in turn were quick to note that they are cybersecurity leaders. Research (by InsightaaS, Techaisle and others) has found that business decision makers (BDMs) tend not to get ensnared in the details of this debate; they want to avoid disclosures that would upset customers and/or regulators, but are more focused on understanding how best to thrive in an increasingly data-centric economy.
These BDMs and the senior IT executives who work with them tend to look to top-tier management consultants - including, and notably, McKinsey - for guidance on these types of issues. "Making a secure transition to the public cloud" does an excellent job of informing both groups, addressing technical issues via an approach that highlights how firms with differing approaches to cloud are navigating migration or development of workloads to/in public infrastructure.
The post highlights four key practices, including one - "applying DevOps to cybersecurity" - that is not part of common debate on this issue, and is worthy of further exploration. DevOps has clear implications for IT, in the form of rapid development and deployment of new capabilities; it also impact business, as it delivers new capabilities much faster than has been the case in the past. "SecDevOps" may not roll fluidly off the tongue, but the underlying concepts bear careful examination.
After a long period of experimentation, leading enterprises are getting serious about adopting the public cloud at scale. Over the last several years, many companies have altered their IT strategies to shift an increasing share of their applications and data to public-cloud infrastructure and platforms.1 However, using the public cloud disrupts traditional cybersecurity2 models that many companies have built up over years. As a result, as companies make use of the public cloud, they need to evolve their cybersecurity practices dramatically in order to consume public-cloud services in a way that enables them both to protect critical data and to fully exploit the speed and agility that these services provide.
While adoption of the public cloud has been limited to date, the outlook for the future is markedly different. Just 40 percent of the companies we studied have more than 10 percent of their workloads on public-cloud platforms; in contrast 80 percent plan to have more than 10 percent of their workloads in public-cloud platforms in three years or plan to double their cloud penetration. We refer to these companies as “cloud aspirants” (Exhibit 1).3 They have concluded that the public cloud offers more technical flexibility and simpler scaling for many workloads and implementation scenarios. In some cases, using the public cloud also reduces IT operating costs. As a result, companies are both building new applications and analytics capabilities in the cloud and starting to migrate existing workloads and technology stacks onto public-cloud platforms...