IT leaders have been thrust into the spotlight since the sudden move to remote working and the need to build business resilience during turbulent times. Digital technology played a vital role in enabling businesses and organisations to remain productive and secure during lockdown, and as a result, many CIOs finally got approval for digital transformation projects they had been pushing for years.
Having gained a mandate for digital transformation, CIOs now need to ensure they make the right decisions going forward. As most employees now divide their time between remote- and office-based-working, many businesses are moving away from a strictly on-premises infrastructure in a continuing trend towards either a public cloud or, more commonly, a hybrid cloud model.
Business leaders therefore need to ensure that they find the most efficient ways to manage the hybrid cloud and ensure that their cybersecurity practices are fit for a dispersed workforce.
While many organisations are likely to remain at least partly dependent on private cloud for their infrastructure and data storage in 2022 and beyond, most have already shifted some operations to public cloud platforms like Microsoft Azure or AWS. Much of this shift will have resulted from necessity, as organisations have inevitably rushed to implement remote working solutions – but the move to the cloud should be a result of planning, and not purely reactive.
IT decision-makers now have a chance to take stock and review their cloud implementations. The pros and cons of private, hybrid and multicloud models should shape future strategy, and alignment to business requirements is vital for this to be successful.
Quite simply, hybrid cloud delivers the best of both worlds. For example, some organisations may choose to keep their most sensitive data (such as customer data or intellectual property) in the private cloud but host less-sensitive data (such as employee payroll data) in the public cloud. This approach gives more control over security where it is most needed but also delivers the benefits of flexibility and convenience that cloud platforms provide.
Alternatively, organisations may choose to keep ‘cold’ data (which is accessed infrequently) on-premises (rather than paying for public cloud storage) and keep ‘hot data’ in the public cloud where it can be accessed quickly and easily. This allows businesses to fully benefit from the accessibility of a public cloud, without paying more than they need to for storage.
Another advantage of the hybrid model is that it enables organisations to make use of their existing on-premises infrastructure, but ‘spin up’ cloud services when they need to – during busy times of the year, for example, when extra compute power or storage space is required.
Multicloud is a combination of on-premises infrastructure with more than one public cloud provider. For example, an organisation might choose to use one cloud provider for compute services, and another for database services. There are several pros and cons to this approach.
The main consideration with a multicloud approach is complexity. Managing a multicloud estate can be challenging – and organisations need to ensure that they have the necessary skills and are maintaining visibility of both costs and security.
The shift towards hybrid and multicloud environments, along with a geographically dispersed workforce brings a new set of security challenges. The old model – of securing the perimeter – no longer applies. In the first place, with a hybrid cloud environment, the perimeter has grown. And secondly, with a dispersed workforce, much of an organisation’s cybersecurity assets are now located outside that perimeter.
One trend that is rapidly gaining traction in response to the dispersed workforce is cybersecurity mesh. According to Gartner’s four top priorities for IT leadership “Cybersecurity mesh is the most efficient and effective way to extend security policy to digital assets that are outside of the traditional enterprise.”
Put simply, ‘cybersecurity mesh’ an IT security infrastructure that, instead of building a perimeter around your IT estate, puts smaller, individual perimeters around each IT device or access point within your IT estate. This cloud-based modular approach to cybersecurity is one of the foundations of the zero trust approach. The zero trust approach goes beyond perimeter defence and assumes any attempt to access data – from inside or outside the organisation – could be a threat and should be subject to the same level of scrutiny.
According to the zero trust approach, access to data should always be based on identity. The core principles are:
Combined with cybersecurity mesh, the zero trust approach is the best way to secure a dispersed workforce.
The widespread move to remote working has not gone unnoticed by cybercriminals. Since the initial lockdown there has been an increase in malware and ransomware attacks – in which malicious agents gain access to company data and either encrypt it, so that employees cannot access it, or threaten to make it publicly available. There were several high-profile ransomware attacks in 2021 including one on Brenntag, a German chemical distribution company that paid $4.4 million to the Eastern European hacking group DarkSide.
But, while ransomware attacks can be devastating for an organisation, there are ways to minimise the risk. Adopting a zero trust approach (as already discussed) is a good place to start. By limiting data access to only verified and approved individuals and devices, organisations can significantly lower the risk of a data breach. Educating employees to ensure they are following best practice and are aware of the risks of phishing attacks is also an important step.
Another highly effective way to improve security and mitigate the risk of a cyberattack is through cloud-based security. Cloud-based security systems offer the functionality of on-premises solutions, with the added benefit that they have access to a vast range of data. Microsoft’s Azure Sentinel, for example, sees trillions of operations across the globe daily. So, while an on-premises security system might detect that malware has come from a phishing email, and then block that email from other machines, Azure Sentinel will perceive and block most phishing threats before they even reach a protected organisation.
We are now at a turning point, where IT is taking a central role in business strategy – more so as the dispersed workforce looks here to stay. Making the right IT decisions now could make the difference between success and failure for any organisation.
That’s why Insight has invited IDC – the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets – to speak at our invitation-only webinar: Navigating the new normal.
The webinar will draw on unique research from IDC’s 2021 multicloud trends survey to reveal:
Gain real, actionable insights to help your organisation stay productive, secure, and prepared for the digital future, register for our virtual event with IDC: