After the rush to digitalize and embrace more cloud resources, it is time to reassess strategies for cloud security and resilience.
When it comes to cloud strategies in 2020, speed is key. The pandemic has been a catalyst for change where digitalization solutions that used to take months to roll out have now been delivered in weeks. Because of this, there’s now an expectation that technology programs will be delivered much sooner.
According to IDC, the pandemic has impacted the long-term cloud strategy of many organizations, causing an accelerated move to cloud. Consequently, businesses have had a short time to reflect and reassess their cloud strategy, how security fits in the picture and how they can ensure that remote workers and their devices are protected and have the security they need to keep their organizations safe and comply with any regulations.
Amidst all this, companies have had to look into other important factors such as how their suppliers and partners have coped and implemented their own changes to ensure the supply chain remains secure, and that workarounds that have been deployed have not exposed the organization to more threats.
In addition, they need to think about some of the wider impact, such as how the budgets that organizations have may be impacted as a result of the financial downturn caused by the coronavirus.
Four key lessons
The past few months, while highly challenging, have encouraged businesses around the world to not just re-think how things work, but how things can be done differently going forward. Essentially, this unprecedented situation has given companies the opportunity to rewrite the rules. Here are four key lessons the BT team has learned through our own experiences and our close relationships with partners around the world:
- Make security an enabler. As users demand a better experience and want to work differently, IT needs to be more human-centric and accessible, and security needs to keep pace. It is time to move away from providing security measures just because they are expected—it should be an enabler, rather than a blocker.
- Security should flex with the business. The power of the cloud comes from flexibility: when one element changes, others flex to meet the new requirements. Security needs to flex too, and react rapidly and scale with demand.
- With cloud security, knowledge is power. Strong cloud security comes from knowing the applications a business wants to use and the business’ plans for moving forward: knowing this will help build in effective security faster, more easily and at a lower cost.
- Education is still key. Security is only as strong as its weakest link, and individual error can undermine the strongest security setup, so it is important to turn on the human firewall. Maintain campaigns to educate employees on how to protect their information against phishing and scamming.
Five steps for future-proofing
While these key learnings have been instrumental in helping customers around the world build better and more secure cloud strategies, the uncertainties of the future present some concerns.
As evidenced throughout 2020, it can be very hard to predict the next big game changer until it suddenly hits. How can organizations ensure the cloud strategy they have now will still be appropriate in 2021 and beyond? To provide organizations with some ideas on how to be resilient, we have come up with five steps to ensure that your cloud security strategy is future-proof:
- Re-baseline your risk appetite
Understand that threats have not really changed but the exposure to them for different roles and/or groups has. Thus, you need to re-baseline your security against specific personas. For example, think about the key groups spending more time working from home and remotely-accessing critical systems, as well as those with handling highly confidential data.
- Get the most value from long-term investments
As well as having the right policies and processes in place, it is critical that you optimize the tools that you do invest in and have the capabilities to grow and flex according to any future changes. This is to ensure that you have longevity in the solution you deploy.
- Ensure your strategy is scalable and optimized
Understand your priorities and the balance between addressing immediate risks and putting in place the right capabilities to deliver them at scale. Often the benefits of simplicity and tool consolidation are underestimated.
- Find the holes
Identify potential issues by assessing and reviewing your cloud architecture, threat management capabilities and security controls. Try to identify the holes in your security posture so you can see potentially exposed areas in order to address them accordingly.
- Create a roadmap
Create a plan after assessing existing partners and their capabilities. Having a prioritized roadmap of investments will help provide direction and move you to where you need to be.
Embrace continual adaptability
The aforementioned five steps can assist organizations in developing a future-proof cloud security strategy. However, organizations must also consistently adapt to new and emerging threats.
Regularly-learning the latest trends and updates can prove to be invaluable to ensuring that your cloud strategy remains optimized and secured.
There is also great value in having trusted partners and vendors to help mitigate risks through the sharing of information and resources, because today, it is rare to achieve great things alone, especially in business.