Stop Hiding Behind Cloud Security Myths

Photo credit: iStockphoto/Sonsedska

Would you do your entire disaster recovery in the cloud?

It was the question that Equis, Asia’s largest independent infrastructure and real asset investment management firm, faced.

The Singapore-headquartered company wanted a cloud-based disaster recovery system. But it wanted to do it in the cloud.

The motivations were clear: protect their operations against incidents while enjoying the scalability of cloud.

Lined with misconceptions

While the benefits are clear, the path to cloud or even multicloud is not. Fear, misconceptions, old wive’s tales and the fear of the unknown make it feel perilous.

Sandeep Bhargava, managing director of Asia Pacific Japan (APJ) at Rackspace feels part of the problem lies in our inability to understand cloud or multicloud architectures.

Take disaster recovery as an example. “The need to restore data and infrastructure is often overlooked due to the belief that being in the cloud equals a built-in disaster recovery plan.”

Cloud vendors are not helping when they quote uptime values of over 99.95%. “There is a perception that the cloud never fails, and that the vendor is responsible for all infrastructure and its recovery in the event of a failure,” adds Bhargava.

In truth, vendors and their customers need to get involved.  “Like security, a disaster recovery plan requires each part of the team to be prepared for the unseen and unknown,” says Bhargava.

The truth is out there

Bhargava advises that IT leaders should not assume cloud providers are not secure, “but at the same time, they should not also assume that they are completely secure.”

He adds that the cloud platform provider is responsible for securing cloud services, but companies need to ensure that their environment is configured with a “security first mindset,” including how they manage sensitive data.

A multilayered approach to cloud strategy helps. “To minimize cloud risks, organisations need to have a multilayered security strategy across on-premise and multiple clouds to provide detection, response and remediation,” he says. 

To develop such an approach, CDOs and CISOs need to work closer. “Chief Information Security Officers (CISOs) will also need to work across more departments in 2020 to ensure that security is not overlooked when innovative solutions and new business processes are introduced,” Bhargava observes.

Steps before cloud security

So how can companies address cloud security? Bhargava shares some insights:

  • Define correctly. With the right strategy and understanding, companies can drive efficiency through operations automation, grow revenue through innovation, modernize applications and save costs.
  • Speed up DX. Overcome DX hurdles such as legacy infrastructure, out-of-date operating models and resistance to change right from the onset.
  • Stop DYI-ing. Look for a partner who can relieve you from the burden of optimizing your applications and infrastructure, managing day-to-day operations, and maintaining security.
  • Modernize. You need a holistic view of application modernization — not just digitizing a few applications.
  • Secure your digital presence, not just apps and data. Roll out a multi-layered security strategy that detects, responds and remediates, while augmenting all teams with security professionals.
  • Optimize spend. Misunderstanding workload usage, poor cloud architecture or poorly performing applications can add to runaway costs; you need a realistic assessment of the cost and ROI of each platform, and clearly understand what drives those economics.  

Debunking the multicloud security myth

Bhargava attributes much of what makes multiclouds insecure is a myth.

“More clouds, more problems? This myth centres on the fact that with the increasing complexity of multiple clouds, there is a greater risk of security issues. However, this is not necessarily true if the infrastructure is well managed,” he explains. 

Bhargava feels that we should look at multiclouds from an opposing view— “How can a multicloud strategy enable enterprises to be more secure and compliant.”

He sees multicloud security reducing vulnerabilities. “Through the proper utilization of multiple clouds, risks such as the loss of or application downtime due to a localized failure can be mitigated.”

Multiclouds can also help businesses to address data security issues that on-premises can’t.

Take, for example, complying with the General Data Protection Regulation (GDPR) or local data privacy regulations. “The leading cloud providers all have data centres across the globe, so companies that require data for specific workloads to reside within particular national boundaries can easily do so through a multi-cloud strategy,” Bhargava describes.

Maximizing the partner effect

It is what Equis did. They engaged Rackspace’s Professional Services team to build a tailor-made, cloud-based disaster recovery system. 

The move assured that Equis’ operations will continue when an incident occurs as the new disaster recovery system “can deliver recovery point objective (RPO) and recovery time objective (RTO) by over 80%.”

Equis’ move also highlights the value of engaging a managed service provider.

“These digital business and IT opportunities can be seized through the help of a strategic partner. The right partner can accelerate a business’s digital transformation journey, providing guidance through the maze of confusing and conflicting cloud platform claims and value propositions,” Bhargava adds.

Photo credit: iStockphoto/Sonsedska