Under pressure to support a newly distributed workforce, organizations are rapidly migrating to the cloud. While this may be viewed as a leap forward for business, it can be a double-edged sword, as too often, cloud migration and cybersecurity are considered separately. In a paper released recently, “An integrated cyber approach to your cloud migration strategy,” Deloitte explores how an integrated cloud-cyber strategy enables organizations to use cyber as a differentiator, and outlines how cybersecurity teams must adapt. Specifically, Deloitte suggests that organizations:
- Collectively Manage DevSecOps: Under the DevSecOps approach, cloud and cybersecurity specialists work together, enabling organizations to embed security into their workflow rather than as a bolt-on to development.
- Shift Mindsets: C-level leadership may need to reconsider security models, tools and capabilities as they move from on-premise to cloud.
- Look Within and Beyond: A cloud cyber risk program should consider insider threats and the organization’s supply chain as a specific threat vectors to balance security and trust inside and outside the organization to avoid potential data leaks and spillage.
Additionally, a Deloitte analysis of patents granted between 2018 and 2020 suggests that with the increase in companies adopting cloud, cloud security innovation has grown as well:
- Over half of the patents applied for and granted between 2018-20 were for cloud security technology with a focus on data encryption, authentication, tokens, control and storage modules.
- Yet, the pandemic may have slowed innovation: there were approximately 1,500 patents related to cloud security in 2018 and 2019, but that number dropped to 500 in 2020.
Deloitte researchers suggest that for organizations looking to enhance business and technology resilience, increase security and cultivate trust during the cloud migration process, a conscious decision to embrace cloud “security by design” can be essential. By pursuing security by design, organizations can benefit from:
- incorporating leading-edge, innovative approaches such as intelligent threat detection
- balancing the need for speed while reducing risk related to technology, insider threats, and the supply chain
- supporting developers and engineers while enabling the business with DevSecOps
- establishing a cyber-forward approach that reinforces business objectives such as security and trust
The article asserts the importance of taking a conscious approach to “security by design” (focused on mission-critical business applications) to guide greater collaboration between cloud and cyber teams and to drive greater agility, security, and trust. For the full article, please visit https://www2.deloitte.com/us/en/insights/topics/digital-transformation/integrated-cyber-security-cloud-migration-strategy.html