Securely embrace the public cloud

Digital transformation: the new normal

The push to make the digital transformation (DX) was accelerated the last couple of years, with an unprecedented digitization of activities, when organizations needed to move to remote and, later, hybrid work setups. Those that made that push know that innovation is the key to staying competitive, but it shouldn’t be at the expense of security. 

The digital transformation depends on the adoption of cloud computing, but like all technology, the cloud is also evolving and innovating. A notable effect in the digital domain is that the use of cloud-hosted solutions is no longer just about data storage. These solutions now extend to environments in which data is used for transactional purposes and supports the daily operations of companies (digitization of internal operations, back-office processes, production, R&D,…).

Familiar platform technologies like PaaS (Platform as a service) have moved to cloud-native designs. For organizations to make a successful digital transformation, they must understand the capabilities of these new cloud architectures and how to adapt their old systems for these changes. Cloud-native architecture offers greater scalability for larger numbers of users and identities, with the ability for rapid data transfer across disperse locations. In a nutshell, the digital transformation to cloud-based applications have made new business operations possible over the past two years. Going forward, organizations will continue to adjust to connect a widely distributed computing, workforce and customer base.

But as more companies continue their journey to a digital transformation and cloud computing becomes more ubiquitous to business operations, organizations must also adopt new strategies for cybersecurity. An evolving cloud architecture introduces an evolving new attack vector for threat actors. 

It is possible to embrace the public cloud and digital transformation in a secure manner, but to do so is to understand how the cloud is changing and where the risks are.

Before considering the move

No matter the technology or network architecture, security has to be front and center in any consideration within the digital transformation. Because so much of the transition is cloud-centric, organizations must consider the risks before moving anything into a cloud format. Forbes offers the following questions to ask to best understand your data because the more you know about where your data lives and how it is used, the more confidently you can secure it:

  • What sensitive data resides on premise?
  • Where within your network infrastructure does sensitive data reside?
  • What data do you want residing in the cloud?
  • What security controls will you manage for data in the cloud?
  • Who has access to your organization’s data and are they able to access sensitive data?

Once you determine how to best manage your most sensitive corporate data, you can then begin to look at your different options within a cloud-native architecture and how to address security.

From Monolithic AppDev to Microservices

The old way of thinking about the cloud is its role in data storage. While that’s still a vital role of the cloud, the cloud of today (and of the future) is about microservices. Monolithic app development is designed as a single unit and is difficult to add new functions. Microservices are distributed applications that can be run using containers and are designed for rapid scaling and deployment. They make applications easier to build and maintain by decomposing them into manageable services that are faster to develop. 

But the move to microservices increases the security risks. A larger attack surface and relying on traditional logging applications are just two threat vectors to watch for. 

And any time new risks are introduced, threat levels around sensitive data rise. The need to protect sensitive data, which can include anything from corporate intellectual property to consumer personal identifying information, has long stood as a barrier to the digital transformation. That’s why data security must be a high priority within the microservices architecture throughout every stage of production including deployment.  

Public cloud Adoption-Related Innovation

Cloud adoption innovation offers new opportunities for business operations, ranging from greater agility to maneuver through abrupt changes (the pandemic and the supply chain is a good example of this problem), to deploy IoT and OT (Operational Technology) throughout a distributed workspace, and add the DevOps process to build products and services.

Of course, with innovation comes the need to re-evaluate security. In DevOps, it begins with DevSecOps, and as with microservices, building security directly into all new development and products. 

Shift left testing and security is growing in popularity as a way to bring testing and security into the development cycle much earlier. Rather than look for bugs in the software just before deployment – or right side of the development lifecycle – shift left adds testing and security during the earliest analysis and feasibility study phases as a way to prevent errors and problems further along the line.

Keeping innovations secure requires action before cloud adoption occurs. Organizations should be able to answer questions such as:

  • How much of the security within the cloud am I responsible for and how much is my cloud provider responsible for?
  • What steps will be used to authenticate access and identities within the cloud?
  • What security is available for the tools and technologies used in cloud-based innovations, like IoT?
  • Where and what type of security systems will you use? Will you implement a zero trust process? Secure data on the edge? 

Public Cloud versus On-Premise

There are still many who balk at relying on the cloud, saying it still lags behind on-premise security, and therefore, they delay their organization’s digital transformation. It’s time to dispel that old way of thinking. Maybe a decade ago, cloud security was unpredictable. That is not the situation today. Cloud providers have the resources, both human and technology, to offer security levels that most small companies can’t offer on premise. In the case of sensitive data and code, users can ensure an even higher level of security by using Confidential Container-as-a-Service (CCaaS), which provides confidential computing while offering more business agility in a secure environment.

Also, on-premise operations and security have become too costly. As Tom’s Guide stated, “for most businesses, implementing the necessary security measures on-premises is so costly as to be virtually impossible. Unless your business has multiple offices, a 24/7 security team, and an unlimited IT budget, cloud storage is more secure than on-prem storage.”

Security solutions even for the most sensitive data

Business needs the advantages brought by the digital transformation, particularly the adoption of the cloud and the edge, to remain competitive. Companies are still gaining an understanding of the shared responsibility model in public clouds, dictating the security accountability of the provider and of the user.

Virtual sovereignty can be gained with a solution like ARCA Trusted OS to isolate and execute sensitive workloads using confidential computing on demand. It is therefore possible to securely embrace the public cloud even when handling highly sensitive data, allowing your organization to innovate faster, with security built in every step of the way. The team at CYSEC can walk you through your digital transformation while offering the level of security you want for your data and code.

Learn more with a technical webinar 

Get a technical deep dive into understanding how ARCA Trusted OS leverages AMD-SEV security features utilized on Google Cloud Platform for confidential computing.

Latest Industry News