Cloud Adoption – Early Adaptors & The Security Perspective
I will like to start with a comparison of where we were in late 90’s and early 2000’s with open source Linux OS adoptions to current adoptions of the public clouds. In the late 90’s, there were many enterprises who would out rightly reject an opensource Operating System/platform because it was considered or it posed ‘security’ threats in a production environment. Then came some big adopters’ and decided that their entire data centers will run on the opensource Linux OS. Rest is history. Today no one challenges the selection of opensource platforms. In fact, many enterprises have created a mandate to follow “Open Source First” strategy.
In many ways, today’s public cloud phenomenon can be compared to be at the same point of time where the masses are about to follow the early adaptors. Many large enterprises have shown clear intentions to migrate their workloads: dev test and production to the public cloud. This includes big banks, telcos, pharmas, and of course a huge percentage of startups. Now we are expecting the “Cloud First” strategy to be spiraling upwards to make its way into many CIO office boards. This is a major shakeup in the financial spend/ cost centers of the enterprises in the next decade. The backup Data Center, Disaster Recovery Data Centers can become a thing of the past and public cloud has started with a clear double digit percentage stake holder in the dollar spend moving towards a significant percentage in the annual IT budget.
Security, Compliance and Governance are the first few inhibitors for adopting the cloud. But thanks to the very well laid out security guidelines and principles of clouds like AWS and Azure, various CIO’s have publicly said that cloud is perhaps more secured than their own data centers. Concepts like DevSecOps are prevailing today where we go beyond Continuous Integration and Continuous Deployment and the tools are enabling Continuous Security now (CI/CD/CS). Defining and implementing the required levels of security, governance, and risk management in turn lets the enterprise achieve the compliance requirements required.
Cloud requires the shared security model where the security of the cloud is provided by the cloud provider and security in the cloud is to be addressed by the enterprises migrating to the cloud. This shared security model has become a success now - it has moved from an inhibitor to actually an accelerator. The automated cloud tools enable Identity & Access Management, various NW and FW configurations, data and traffic protections, thus securing the applications and platforms in the cloud.
In the traditional Data Centers, security has become a cost center. Changing regulatory environment worsens the CAPEX prediction and aligning security spend to the top line has become a focus area. Control points are still at the periphery in these Data Centers. Whereas, cloud brings the control points to every VM, almost every data object and network appliance. This increases the security posture by multi folds and gives a completely distributed security architecture which scales at every layer rather than just the thick firewall around the network.
By making Security as one of the first enablers/advocate, we can ensure accelerated adoption of the cloud for our internal or external customers.