CSO Strategies: The Paradigm Shift towards a Successful, Secure Cloud Transformation Journey
The volatile year of 2020 and the first half of 2021 has accelerated businesses towards building a secure and trusted organisation with the advent of “everywhere” workforce and increased cloud adoption. As per 2020 IDG global security priority study, almost 33 percent reported that their 2021 security budget will be higher than the pre-pandemic years. Apart from improving the protection and confidentiality of sensitive data and enhancing identity and network-access controls, the CSOs in the survey prioritised on enriching cloud data protection and cloud cybersecurity for everywhere workforce.
However, cloud transformation is often hindered by roadblocks like legacy systems, cost of cloud operations, data security, compliance issues, and adverse culture and skill gaps. As Manoj Sharma, Global Head, Security Strategy, Symantec, Network & Information Security, Broadcom Software, rightly indicates that the challenges companies face are multi-fold and are similar across industries, slowing down the cloud migration journey for them. Cloud adoption and serving the customers is only picking up pace, and presents an ideal opportunity to plan and implement a data-centric security strategy.
“Before managing security,” says Renju Varghese, Fellow & Chief Architect-Cybersecurity & GRC, HCL Technologies, “it’s important to identify the right cloud platform, the capability of the application on the cloud and how much of transformation it has to go through. The next important aspect is to consider the process of data migration securely and who has got the access to the data as you establish a strong governance and control management and monitoring capability,” he adds.
Key Security Challenges for CSOs
Ambarish Singh, CISO, Godrej & Boyce points out that organisations must understand detailed security features provided by cloud / SaaS providers and identify the gaps to their security architecture and solutions required, as cloud transformation becomes a necessity today. “This also calls for a thorough assessment of what organisations have on premise, from a database and infrastructure perspective, and how it can be migrated to cloud platform they choose.”
As companies opts to migrate to cloud, Mandar Kulkarni, CISO, Grasim-Aditya Birla Group, observes that they should be able to develop realistic business case that factor in critical cost areas & benefits. However, often it is also difficult to change the attitude of technology business users for cloud migration, as T R Venkateswaran, CISO (DGM), Punjab National Bank explains, “cloud security architectures are still evolving, since the mechanisms and controls in relation to this need to be more workflow oriented.”
Sharma from Symantec also agrees, “Enterprises ought to plan ahead on the optimisation of cost and operations and how to make the businesses more profitable.” And, the migration to cloud, as he calls it, needs to be a ‘strategic commitment’ and is equally important to set the security framework in place to avoid any attacks.
CSOs in India at large, across industries, agrees that cloud migration is more of a mindset change in the people and teams of organisations. Mukesh Kumar, VP & Head – Enterprise IT Risk & Compliance, Mphasis indicates, “We’ve been so used to seeing the physical servers in our datacenters and a sudden cloud migration often creates anxiety about security concerns for the organisations in the minds of the team members. It’s time people should consider data security as their own responsibility and not of the cloud provider’s whom they partner with.”
Cloud Concerns with Everywhere Workforce
While most of the companies are open to leveraging cloud security platform, they face concerns like cost implications, which includes initial and ongoing user-experience. To add to the list, Manoj Shrivastava, CISO, Future Generali Insurance opines that visibility and validation of data to manage virtual/digital identities becomes extremely crucial, and CSOs need to take care of data privacy, confidentiality and integrity in today’s ‘everywhere workforce’ climate. “Not to forget,” Venkateswaran says, “for most of the applications hosted in owned datacentre, there should be a combination of on-premise and cloud security solutions to meet the requirements for work from home, which has been challenging and entails additional cost.” And in work from home situations, there is no clarity as to the number of users who will access over a period of time and hence it leads to waste of subscriptions and revenue.
“Also, CSOs are pondering over the question of how will the users be provided with right access to right applications, and how will be data be protected in the cloud,” Renju elaborates. “It is therefore critical to increase user-awareness on different actions which could have a detrimental effect and potential breach of critical information or data.”
Moreover, in a hybrid environment, visibility and posture management of the environment becomes paramount as the security issues often arise from human errors and configuration errors. Apart from visibility, the important things to consider, therefore, are prevention, detection and automation to be the key theme to fight against security breaches, reveals Kiran Belsekar, SVP & CISO, Ageon Life Insurance.
— Manoj Sharma, Global Head, Security Strategy, Symantec, Network & Information Security, Broadcom Software
Top Business Drivers & the Future Outlook
With the rise of cloud adoption and investment, the worries for unauthorised access and data privacy have increased largely. Rajkumar Ahile, CITO, RPG Enterprises stresses on the fact that no matter how much investments we make in cloud security technologies, we cannot say that we are fully protected. The aspects to note before making the investment are to identify business value and ensure business continuity will not get disrupted at any cost, since the sophistication of attacks we’re dealing with today are much more advanced. To combat these attacks, security leaders should continue to invest in people, process and technology.
Additionally, Ambarish states, cybersecurity is now being treated as necessity rather a ‘nice to have it.’ It has become the baseline for organisations to spend on technology and build processes and capabilities. He also add that since certain sectors are highly regulated, they have more compliance need to do certain things.
Scott Dawes, Managing Director ANZ, ASEAN and India, Broadcom Software, reveals, “We’d all like the vendors to provide technical resources with all solutions on the ground, at the same time, invest in the education of the capacity of those solutions in the market. But, skillset gap—both in-house and the market at large—is something we should bridge before considering any other factor to securely support the remote workforce.”
One other thing in everywhere workforce is the requirement of BYOD security; Sharma talks about a novel idea by Symantec that allows users to have a very rich experience and access to the application from BYOD, ensuring end-point security at any cost, because “our success is always measured against the success of our customers using our solutions,” he adds.
Emphasising on the ‘strategic commitment,’ to security, Sharma also shares, “Symantec has a SaaS-delivery model that convinces the customers on how security controls are deployed, policies and commitments to security are implemented and certifications done for them. This becomes a significant discussion point for organisations with their respective SaaS vendors for all time security.”
Copyright © 2021 IDG Communications, Inc.