Cybersecurity + cloud = Levers for transformational change

A blog post by Vikram Kunchala, principal, Deloitte & Touche LLP; Jimmy Joseph, managing director, Deloitte & Touche LLP; Carlos Amaya, principal, Deloitte & Touche LLP.  

Cloud is a dynamic environment that can enhance an organization’s security posture, as it provides both proximity to data and the native tools to move things faster and keep them secure. However, organizations rapidly adopting new solutions from cloud hyperscalers are often unaware of the scope, opportunities, and limitations of cloud security. When organizations adopt the cloud without a well-thought-out security strategy, many face challenges from misconfigured platforms and migrations that negatively affect business and technology environments. Some of the business and technology challenges that arise without a thoughtful security strategy include: 

Business challenges

• Regulatory compliance: Difficulty adhering to rapidly changing security regulations in the cloud
• Functional or operational: Lack of standardization, automation, and productivity within and across departments that use security in the cloud
• Changing responsibilities: Difficulties managing employee life cycle changes, especially with cloud identity security roles
• Long-term costs: Forgoing security now means potentially spending time and money on mitigating potential security breaches and reputational damage in the future

Technology challenges

• Speed and agility: Long lead times to refresh or launch products, procure infrastructure, or deploy new code
• Scalability and reliability: Difficulty matching capacity with business demand and maintaining security and reliability during peak usage
• Data security: Lack of clarity on responsibility of managing data security on the cloud service provider (CSP) side of the shared security model, leaving organization-side data security and privacy at risk

Collective power of cybersecurity and cloud

While the shift to the cloud has brought a new level of risks and challenges to many organizations, it has also created endless opportunities and use cases. As organizations progress on their cloud adoption journey and seek to achieve the full benefits of cloud, they will need to integrate and embed security in each step of their cloud journey to safeguard their cloud environment, accelerate capabilities of the cloud, and develop the ability to proactively react to adverse cyber incidents.

The pandemic has catapulted already accelerated digital transformation and investment in cloud/SaaS. As organizations adapt to the changing environment, many are opting to keep a portion of their workforce remote as well as prioritizing some virtual experiences over in-person meetings. Within this constantly changing environment, cyberattackers are looking for new ways to exploit preexisting and new vulnerabilities across organizations. The proliferation of devices and scale of distributed access has only increased the potential for attacks on the surface of networks. Thus, organizations should establish security controls to prevent breaches and help their organization stay resilient to business disruptions.

Powerful alone. Transformative together.

Cloud is powerful alone. With cyber, it provides enterprisewide visibility to actively manage and mitigate the risk of increasingly sophisticated threats and can bring transformational changes. Cyber with cloud can accelerate and amplify value for organizations. Cyber secures data moved to (and from) the cloud and mitigates the risks of bringing cloud-enabled technologies to market.

Several benefits from cyber investments in cloud include the following:

• A strong brand for products through trustworthy cybersecurity controls and practices
  
• Confidence to take full advantage of technological opportunities
• Preparedness and resilience to respond to complex cyber events
• Measurable reduction in cyber risk

Developing a secure program design is crucial in laying the foundation for an effective cloud migration and a sustainable cloud journey. Cloud or on premises, organizations risk negatively impacting the availability of their business services and assets or exposing sensitive data if the program and the underlying processes are not designed effectively.