One year on from the beginning of lockdowns in the UK, businesses and people alike are more than accustomed to the challenges and perks of working from home. Mass remote working is a sizable shift to working cultures, and it is equally matched by the technological shift which is happening beneath the surface to support this. Rapid multi-cloud adoption has driven the tools and infrastructure required to enable the remote working practices necessary to keep businesses functioning.
This adoption is central to delivering digital transformation at pace, driving cost-savings and facilitating the rapid deployment of applications which will deliver high-quality customer experiences. After a full year, ordinary people may have adapted to their new remote working routines, but for technologists, the journey has only just begun.
The unique security challenges of pandemic remote working
Most businesses had a cloud adoption plan pre-pandemic. But in this time of unprecedented volatility, these business-critical digitalization projects have had to be brought forwards. As enterprises accelerate their cloud adoption plans ahead of schedule, they are dealing with a new set of challenges and run the risk of increased security issues. Enterprise attention should be turning from implementing cloud-enabled remote working, towards fine-tuning and securing this infrastructure to ensure no vulnerabilities have appeared.
A key barrier to the adoption of embracing remote working pre-pandemic was concern over increased security risks. Many more devices connecting over multiple networks can greatly increase the attack surface. In fact, in one survey 69 percent of organizations expressed serious concerns over security risks introduced by workers; with employee awareness (59 percent), insecure home WiFi networks (56 percent) and use of unsecured personal devices (43 percent) the biggest contributors. The worries about a greatly expanded attack surface will only have worsened as remote working has become the default over the last year for many enterprises.
Maintaining control of your network in the cloud sprawl
A critical challenge faced by cloud migrations is visibility. As enterprises face a workforce that is more spread out than ever before, they are ever more reliant on a distributed cloud infrastructure to give employees access to business-critical data. Keeping track of this infrastructure, and the protocols which govern how a wide variety of devices and networks can connect is a huge challenge.
The reality is that many enterprises still do not have a clear understanding of just how much they are consuming in the cloud. According to estimates from Cisco, the average large enterprise uses around 730 individual cloud services and capabilities. To reduce risk and exposure, businesses need to increase their visibility over their cloud estates.
The urgency of establishing visibility
How does a business establish greater visibility over its cloud estate? From effective data management and migration, to cloud networking and realizing strong security policies, the adoption of multi-cloud must be carefully managed if it is to capture the intended cost-saving and agility benefits while remaining secure.
The first step is consolidating operational data. When migrating to multi-cloud, a common issue is operations siloing, across multiple clouds, making it difficult to apply clear security policies. With the right approach, cloud services information can be collated into a single dashboard where observability tooling, and policy monitoring can be applied to achieve a real-time view of what the organization’s inherent security risks are.
Integrators have an essential role to play, because they are able to work with pre-validated solution architectures which simplify the data visibility process and ensure that a complete picture is formed. Far from replacing an enterprise’s engineers, integrators augment and enhance existing capabilities to ensure that any solution is tailored to the particular security challenges of that business.
An action plan for all employees
Once visibility is established, every organization should have a clear cloud strategy. This begins with an audit of what security controls have been put in place and validating if these live up to industry standards. We would recommend creating an action plan to accelerate the execution of security controls and protocols up to industry standards, for example introducing segmentation, and controlling and limiting 3rd party access wherever possible.
Achieving these strong governance protocols is as much a human goal as a technical one, particularly in the era of remote working. Security teams cannot provide protection if they are unaware of how applications are being used, and what data is being accessed from where. Businesses need to create policies that make sure employees use trusted services and vendors, and that they involve IT from the outset of any new venture. With employees using multiple devices, and a variety of networks from home, fostering secure habits and behaviors is more important than ever.
The adoption of multi-cloud was planned for most enterprises, but it has arrived sooner than expected. An evolution of the plan requires a matching adjustment in the execution. Accelerating a cloud adoption plan carries its own security risks, and sticking to a rigid, long-term IT strategy, will not cut it in the face of a constant rate of change. Companies should have security embedded at the source, with a dual emphasis on both the technical control as well as the human aspects of managing a multi-cloud environment.
Integrators have the experience and expertise to complement any enterprise looking to accelerate its multi-cloud journey, and ensure that the key pillars of visibility, risk evaluation, and governance are at the heart of it. With these principles, enterprises can embrace remote working while reducing risk, defending their valuable data and applications, and helping to protect their business as a whole.
Dave Locke, Chief Technology Advisor, WWT