Article by David Ohrn, assistant vice president - product management for cloud solutions, AT&T
There are many reasons companies are growing their cloud footprint: digital transformation, expanding into new business segments, and looking for new ways to optimize costs and improve employee productivity.
Due to the proliferation of data (driven by IoT and digital transformation), the old model of “dumping data” is gone. We are at a tipping point where costs to keep data in-house are only increasing.
Many companies are looking at how they can monetize their data and are looking to the cloud – in many cases a multi-cloud approach – to stay competitive and meet their evolving business needs.
In 2018, we foresee the direction of cloud computing (whether public or private) to continue towards a ubiquitous cloud environment. The direction is to have clouds where you can move applications/workloads around at will. This is a powerful leap in cloud integration as it puts the customer in the driver’s seat.
Here is a list of best practices to consider in 2018 as you continue your cloud journey:
Deploying to the cloud without a plan or an overall approach could leave you worse off than if you had simply stayed with the — increasingly antiquated — dedicated data center model.
In fact, a piecemeal strategy might actually lead to gaps in an organization’s defense that didn’t previously exist.
When it comes to threat management, the success of your cloud deployment depends on coordinated actions that will integrate a cloud strategy with your overall cybersecurity posture. In particular, security experts argue on behalf of a multilayered approach to keep cloud data safe.
Deploy private connectivity instead of a regular internet pathway to a cloud provider’s network.
At the same time, protect all of your mobile endpoints with anti-virus and anti-malware applications. Lastly, add EMM (enterprise mobility management) to track and disarm mobile devices that get stolen or lost.
Confusion about how to balance data privacy with regulatory considerations can lead to no shortage of headaches. For instance, local laws in some states mandate that companies encrypt backups.
That begs the question of who should be responsible for taking care of the backups and the encryption in a cloud environment.
Also, when it comes to compliance, play it safe; don’t collect more than the minimum amount of personal information necessary. In case of a data breach, notify customers immediately to avoid legal fallout later on.
You need to be clear about spelling out the accountability of your cloud service provider.
The provider should be prepared to do its part, but you need to hold them responsible in order to ensure that your data is secured when breaches occur.
Also, find out what they will do to make sure attackers can’t cross from another environment to corrupt or otherwise imperil your data.
Similarly, if someone else gets hacked, how will the provider assure customers that nobody will be able to access your environment.