In this week's edition of "What CISOs Are Saying," we featured Dave Ledoux, VP of Technology Services at Nizhoni Health and his thoughts on the topic of cloud migration. Migrating to the cloud is best defined as the transfer of data and applications from a local, on-premise center to a cloud solution. As someone who has over 20 years of experience in the industry, Dave is aware of the ever-changing nature of security and is a passionate proponent for learning new management techniques in order to stay on top of emerging technologies.
A change agent who's currently responsible for providing fiscal oversight for a regionally-dispersed team, Dave understands the importance of baking security in from the beginning. It's crucial that security is involved early on in strategic business discussions and works hand in hand with the business to ensure a seamless transition to the cloud. By doing so, we guarantee that security is a forethought, making cloud migration more secure. Here's what Dave and other security leaders are saying in terms of overcoming cloud challenges and predicting the future of cloud adoption:
When deciding on cloud providers, CISOs tend to choose solutions that are as close to 100% cloud-native as possible.
Dave Ledoux comments, "It’s really been in very recent history – maybe the last 6 years or so – that going 100% cloud has become completely accessible. Any vendor I come across now that expects a data center or server installation for their product just isn’t considered. While not server-less, I am down to one hyper-converged array and have long since pulled out of all data centers. The rest is cloud-native. I migrated this company 2 years ago from a completely terrestrial profile."
CISOs like Adam Fletcher from The Blackstone Group agree that we'll see an increase in these types of providers. On page 13 of our March 2020 Issue, he states, "Newer companies, if they haven’t already moved completely into the cloud, that’s happening fast. I think you’ll see a continued adoption of these PaaS and SaaS providers, which will then create opportunities for security companies to help manage that [migration], both on the strict security side of identity and access management, of configuration, of monitoring and alerting and response and things like that, as well as the ops side of things."
Erkang Zheng, the CISO at LifeOmic, comments on page 14 of the same Feats of Strength issue, "On our product side, we work with many large cloud native companies, and they have all adopted engineering operating models for their security." When it comes to deciding on the best cloud provider for your organization, CISOs agree that being cloud native is no longer a "nice-to-have," it's a "need-to-have."
Running an organization that's entirely cloud-based is a tough feat, but CISOs agree that these efforts are easier to implement in smaller and younger organizations.
Adam Fletcher comments on page 13, "I think that the largest companies will probably be hybrid for a very long time. I think companies that have 25-to-50,000 endpoints and below are probably moving to the cloud, moving to Infrastructure as a Service platform, and are out of data centers within three to five years. Newer companies, if they haven’t already moved completely into the cloud, that’s happening fast."
Dave Ledoux agrees, stating "Nizhoni Health is about 98% cloud, aside from a couple of legacy in-house platforms that are kept alive for audit purposes. Cloud implementation is easiest in smaller and younger companies due to the nature of less history and the inherent terrestrial platforms that come with that." While it's difficult to maintain an organization that's 100% in the cloud, it's certainly a feasible effort, and the speed at which this adoption occurs depends greatly on the size and age of your company.
The rapid pace of digital transformation plays a large role in regard to the speed at which companies approach cloud adoption and migration.
For Dave Ledoux at Nizhoni Health, "The two biggest challenges were helping the company keep up with the fast pace of change (80% was migrated to the cloud in 12 months time 2 years ago), and illustrating the value proposition along the way to foster adoption. Change is not always perceived as good, but once your office number rings on your mobile phone while on a business trip (cloud VoIP) and then you securely log on to all business applications on a shared PC at your hotel business center via Okta, you quickly realize that 'work from anywhere anytime' is the real power of a well implemented cloud migration."
In the December 2019 issue of Feats of Strength on page 5, Danaher Corp. CISO Chris Lugo says there is no playbook or off-the-shelf program that is going to work in every organization, true to the constantly evolving and ever-morphing nature of businesses and today’s threat actors.
In that same issue on page 19, Flexport CISO Kevin Paige explains, “In security, we must stay ahead of the curve. We must stay at least on par with our technology brethren as they’re bringing in these new technologies such as new cloud type capabilities. We have to stay on top from a technology perspective and really understand the technology they want to bring in, why they want to bring the technologies in, what problems they’re solving, so that we can really understand the risk and give them meaningful security responses in order to help them.”
As threat landscapes continue to expand and CISOs struggle to keep up with the pace of transformation, they seek to ensure that the cloud providers they're using are solving clearly defined goals for the security program as well as the overall business.
K logix works with organizations to help their information security leaders move at the same pace from a strategic perspective as the business. K logix can help your security program have a meaningful impact on cloud migration efforts through strategic business-focused consulting services. Drop us a line for more information on how we can work together to strengthen your program.
Want more? Read our blog post on how COVID-19 and the shift to remote work has impacted cloud adoption and migration.