Defining A Modern Cloud Security Strategy For Your Organization
By Kazim Somji, Chief Technology Officer
March 2, 2021
Microsoft published some interesting ideas on their Azure cloud adoption framework strategy guidance. The focus was how to define a security strategy and, as we are talking about Azure, this naturally included a cloud security strategy, but it was good to see that the Microsoft advice is to follow an approach to security that embraces all forms of risk. There is no separation of ‘regular’ security and ‘cloud’ security.
When planning a comprehensive cloud security strategy your end objective is not just to deploy a cloud-based solution for your business. Moving to a cloud solution is not itself a security strategy – although it may help. Your cloud becomes an integral part of your operational reality and therefore you need to focus on how to reduce the business risk of an attack on any of your data or information systems, wherever they are located.
Microsoft published some interesting ideas on their Azure cloud adoption framework strategy guidance. The focus was how to define a security strategy and, as we are talking about Azure, this naturally included a cloud security strategy, but it was good to see that the Microsoft advice is to follow an approach to security that embraces all forms of risk. There is no separation of ‘regular’ security and ‘cloud’ security.
When planning a comprehensive cloud security strategy your end objective is not just to deploy a cloud-based solution for your business. Moving to a cloud solution is not itself a security strategy – although it may help. Your cloud becomes an integral part of your operational reality and therefore you need to focus on how to reduce the business risk of an attack on any of your data or information systems, wherever they are located.
The Microsoft document is fairly detailed and is a very good baseline for anyone defining a new security strategy, but I’d like to draw out a few of the specific elements that I think are worthy of extra attention. These include:
- Modernize your security strategy: as your organization adopts a cloud strategy, and then adapts how it is used over time, you will need to adjust your architecture, technology, and security. The aim of a modernization program is to remove some of the burden associated with legacy security and tools. The security team is often left out of the decision-making process when a new cloud is adopted as a result of legacy approaches to technology and security. Often, an entire culture of bringing security to every part of the organization has to be adopted before any other meaningful change can take place.
- The right level of security friction: security creates friction – we all know this. Every user with a forgotten password knows that applying more and more security to the system can eventually make it difficult for authorized users to do anything productive. You need to build a strategy that makes life relatively easy for approved users, but with the retention of security.
- Standalone and integrated responsibilities: some security functions need to operate as dedicated and standalone, while some need to be tightly integrated into business departments. This will require expertise in different areas within the business but will almost certainly be transforming constantly and therefore needs a flexible approach.
In my next few articles, I will explore each of these topics in turn. As I mentioned, they are not the only areas you need to think about when defining a new security strategy, but in my opinion these three subjects are often the most overlooked. Careful consideration about topics such as security friction before you even start building out your security strategy can prevent expensive mistakes further down the road.
Computing in general is undergoing a major transformation at present. The adoption of cloud is similar to when companies started rolling out a computer on every desktop or installing their own servers inside the office. There will be a technological disruption but change ripples throughout the organization. Long established roles, responsibilities, skills, and relationships will all need to change.
Job descriptions and places inside the corporate hierarchy that mapped well into a traditional enterprise do not fit well once a cloud is adopted. The technology industry has been trying hard to normalize this new model, as this detailed plan from Microsoft describes. They are not just arguing that every company needs to buy an Azure solution, they are making it very clear that cloud adoption will change (and improve) how your organization functions.
Security teams are affected by this transformation of the business and the technology they need to support. This is why it is important to modernize your entire security strategy – to redefine how security will work in the new normal for your business.
Follow the WatServ company page on LinkedIn to ensure you never miss our articles and commentary.
WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.
About
WatServ is an IT solutions provider that helps organizations digitally transform through cloud technologies and managed services.
Serving clients as a trusted advisor since 2006, WatServ provides experience-tested, strategic solutions across all stages of the digital transformation journey. Clients choose WatServ to migrate infrastructure and applications to the cloud, secure critical data, implement disaster recovery, deploy virtual desktop, enable data-readiness for productivity solutions and manage IT environments.
Our clients span a broad range of industries, and we’re a global supplier of IT services for many Brookfield Portfolio Companies. To help our mid-size clients, we provide scalable offerings that simplify cloud adoption and drive business optimization. For enterprise clients, we co-create cloud solutions that enable stability and efficiency for complex IT tools and processes.
With more than 15 years of experience, WatServ has a track record of delivering quantifiable business results and a superior client experience. Ranked as one of Canada’s Top 100 Solution Providers for the last three years in a row, WatServ is always on.