Authors: Dean Fantham, Partner and CTO and Sean Deuby, Senior Architect
November 7, 2017
As someone responsible for your organization’s information security, you’ve closely followed the rise of cloud computing. You’ve watched it grow—from a collection of broad, one-size-fits-all services mainly suitable for email or virtual machine hosting—to sophisticated systems with a broad and deep array of capabilities. At the same time, you’re acutely aware of the dramatic increase in cyberattacks against internet services and on-premises corporate data centers—and the often-catastrophic consequences that result.
Feeling that the risks outweighed the benefits, you’ve resisted a “cloud-first” corporate IT strategy up to this point, but it’s clear the landscape has changed. Plus, several of your business units have already begun using some of the most popular services such as Salesforce and Office 365. You admit to yourself the time has come to help drive a strategy that extends your enterprise into the cloud.
How do you move forward?? Which enterprise cloud service is right for you? How do you ensure your implementation meets compliance requirements from the business, and how can you help guide application owners toward modernizing their software?
This blog series will help you answer these questions—and more. It’s based on Edgile’s experience helping organizations adopt best practices to modernize their IT, and extend it securely to the cloud. In this series, we’ll explore important subjects you may have thought about, and others that perhaps haven’t occurred to you.
The cloud can make you more secure–not less.
As Edgile CEO Don Elledge recently wrote in his Forbes column, cloud services can be a security enabler – not a security blocker. Why: the cloud can shrink the overall surface area of risk for the enterprise, whereas the private network has left them exposed in a number of ways. As a security executive, you should view this as an opportunity to improve the security posture of your organization. Historically, security has been the most common barrier to adopting cloud computing. Our experience has shown that—when configured correctly—cloud services not only make your organization more secure than it is today, they can make your organization more secure than it can ever become on its own.
Companies tend to use cloud services in three ways. The first is by subscribing to third party applications and services to make corporate processes and IT support more efficient. Second, they look at the cloud as a more capital efficient, scalable data center to host traditional applications—commonly migrating the apps from on-premises data centers. Finally, companies use cloud services as a platform to quickly build modern, scalable applications.
We spend much of our time helping organizations secure these services, often using a fourth set of cloud services focused on security and threat management. Due to the global scale and massive amounts of security data collected, analyzed, and dynamically turned into new rules by the top cloud security providers, these supporting services have capabilities that just aren’t possible for a single traditional organization. These cloud security providers are also significantly more nimble, and they’re evolving their features and services far more quickly—sometimes on a daily basis—than traditional on-premises software can.
We’ve repeatedly seen how large cloud services’ combination of security and capability provide not only greater security for an organization, but enables them to conduct business in ways that weren’t possible before.
Restructuring your organization’s technology and security capabilities around the promises and pitfalls of cloud computing is probably the most important project in your career. Join us as we explore how to make wise decisions on your journey along the path to the cloud.