The maturity of security and compliance in the hybrid cloud lags behind that of software development. Review your cloud strategy.
Author: Cyrill Rüttimann
The hybrid cloud promises faster time-to-market, higher efficiency and more resilience. But does this promise also apply to security and compliance with internal guidelines and regulatory requirements?
Our project experience clearly shows that the maturity of security and compliance clearly lags behind that of functionality. It is therefore essential to review the security and compliance of your Hybrid Cloud strategy. You can do this by following 5 concrete steps.
The Hybrid Cloud is the means of choice for Swiss companies to gradually outsource their workload from their own data center to the Public Cloud. This strategy promises to take advantage of on-premises and the public cloud.
It is usually hidden that the cloud provider only ensures the security of the cloud itself. However, you, as an entrepreneur or leader, are responsible for security and compliance in the cloud.
You now multiply this responsibility by the service catalog of a public cloud provider (over 200 services) and the configuration options (over 10,000) of these services. To keep the security expertise as well as the overview here must be carefully planned.
With the advent of the agile way of working, the focus is on speed and efficiency.
Painted black means this:
Building a hybrid cloud while maintaining an agile way of working is a desirable goal. It is important that you not only involve IT in the cloud, but the whole company. And this is a transformation, not a product launch. With the following 5 steps you can implement this in an orderly and targeted manner.
Communicating your own aspirations as an entrepreneur is halfway there. This means that you determine for each individual in the company which criteria are to be applied in the subsequent steps.
Some examples of claims:
Security and compliance must be rethought in a hybrid cloud. Many assumptions and concepts must be questioned. For example, the assumption that data in a private cloud is more secure than in the public cloud (Gartner 2019). Many concepts that had to be implemented in the private cloud with a lot of effort are available in the cloud as service-out-of-the-box.
A cloud operating model is an abstract representation of how your organization operates the hybrid cloud efficiently and profitably. Among other things, specific skills are required and organizational changes are usually unavoidable. Using an outside-in assessment, you can determine your own maturity and identify the gaps to the targeted cloud operating model. These can now be closed in a targeted manner.
The capabilities and maturity of the offerings of AWS, Azure and Google differ, sometimes significantly, in terms of compliance and security. You have to compare the offers exactly and align them with your own security needs. In the majority of cases, the capabilities of the cloud offerings in terms of security exceed the capabilities of your own data center.
For example the Cloud Service AWX Macie:
With the automation of repetitive processes you can:
The Hybrid Cloud is a soft approach to combine the advantages of the public cloud and your own data center. However, successfully building a hybrid cloud requires additional knowledge and collaboration aligned with the public cloud. This applies in particular to the topic of security.
With the 5-step plan you have an instrument in your hand to give your project a structure. The first step for a secure, efficient and accepted introduction of your hybrid cloud.