Four digital experts tell us about how businesses can transition to the cloud, best practices for security, and using the cloud to enhance productivity and output.
How have you most effectively used cloud software in your personal and business life?
I use cloud file-sharing software more than enterprise cloud storage today. I speak at a lot of events around the world, so cloud software helps me access and share files no matter where I am. While you still can’t get online over an ocean, it’s definitely a lot easier to use the cloud than to carry lots of hard drives around the globe in my backpack.
How have cloud solutions allowed large companies to operate differently?
It is usually faster and easier to add cloud storage than another hardware system in a company’s data center, so enterprise cloud storage can help engineering teams get new ideas developed faster. This can be a big advantage for an innovative company. The cloud also goes beyond storage. Cloud computing is growing, especially as we are all used to having our mobile devices link us to data wherever we are. Cloud computing puts lots of unused CPU power to work, and the end user gets a great experience.
As companies move toward cloud platforms, what advice would you give to ensure a smooth transition?
No matter which cloud file-sharing or enterprise cloud storage you choose, make sure it can still deliver data seamlessly for users. People expect technology to be transparent today, and as engineers, it’s our job to deliver a great, easy experience. One thing that some companies overlook when adopting enterprise cloud storage is how much it will cost them to move data off that cloud when the time comes. Sometimes this can be very expensive, so doing your homework at the start can save you from surprises later.
Companies have spent a vast amount of money over time on infrastructure maintenance alone. How is cloud computing assisting in cutting costs while allowing for IT innovations?
Cloud capacity is great for cost savings, but the even better thing about the cloud is that it’s easy for both IT and engineers to deploy and use. I love that it can help engineers get the resources they need to keep working on development of their ideas as fast as possible without having to wait for more local systems.
To support fast development and testing for engineers, you can add cloud storage more quickly than buying more hardware when developers need to clone a database for testing. The clone doesn’t have to be on high performance storage, so the cloud is a good option to use when you need to test something quickly and inexpensively.
Where do you see the big data and cloud storage industry going?
Ease of use and automation will be big trends for enterprise technology. [Adobe] Flash made applications fast, and the cloud makes it easier to scale, but nothing ties these two tiers together yet. The missing link is the ability to manage an application’s evolving needs for more performance or capacity.
Chief Cloud Strategy Officer, Deloitte
When should a business migrate to the cloud?
When it feels it is ready to gain value from workloads running in the cloud. Timelines for moving to the cloud should be based on need and not expectations from the industry or other forces. Businesses should keep in mind that the migration to the cloud will last for years and the investments made must be sound. They need to keep their eyes on the prize, which typically includes better security, governance, compliance, agility, and cost efficiencies.
What steps should a business be taking to ensure it is maximizing the full potential of its cloud technologies?
Make sure you establish solid metrics first. Or, better put, define what success means. This means sitting down and agreeing on a set of criteria and numbers that will determine that the movement to the cloud has been worth the investment. For many enterprises, it will be the ability to take products to market faster, or the ability to raise customer satisfaction by 20 points. These really need to be business metrics, with core business objectives that can be quantified.
What are obstacles businesses should expect when migrating to the cloud, and how can they prepare for them?
The first obstacle is cultural. Most in traditional IT found moving to the cloud as something that is at least scary and at most threatening. You have to set up a culture of innovation: those who are willing to try things have the potential of improving the business. If they feel they are going to get punished, nothing will happen for the good.
The second obstacle is resources. Enterprises often underestimate what it costs to move to the cloud. It’s a huge investment for most companies, and that means adjusting expectations to leadership and investors. However, in most instances it will likely cost you more not to move.
How is the modern business using cloud technologies to more effectively achieve its long-term goals?
In a word: agility. Modern business is looking to move as fast as, or faster than, its close competitors, or those who wish to disrupt their industry. Cloud computing is a force-multiplier in this regard and learning how to use it effectively to make the business more agile and innovative comes back hundredfold in the initial investment. The trick is understanding what the objectives are, and then aligning the use of cloud technology with those objectives.
How can IT make a difference use cloud solutions?
Become the organization of “yes.” For example: yes, we can get that system running in a week. Yes, we can change systems to match product changes. Yes, we have a view of the data that allows us to predict future states. Over the years, traditional IT has been the organization of hindrance. The cloud will now enable IT to meet the expectations of the business.
Americas President, Check Point Software
What are some challenges organizations face when moving assets and data to the cloud?
The most common set of challenges seen in today’s cloud environment includes visibility and response to security incidents, protection of sensitive data, meeting compliance requirements, assessing risk to your business – across your on-premise and cloud environment – and the lack of qualified staff.
Moving to a public cloud provides another challenge, especially when viewed through the lens of the shared responsibility model. Because the cloud provider is only responsible for securing its computing, storage, and infrastructure, organizations are burdened with the task of securing their own applications, data, and workload. As a result, weak “self-service” cloud security provisioning often leads to common misconfigurations and mistakes, and inevitably the data breaches we hear about in public clouds today.
What should business owners do to prevent a data breach in the cloud?
Provide cloud security education and training to your employees in and around the cloud environment and security services provided by that cloud. Many cybersecurity incidents stem from human error, so it’s important to educate your employees on the nature of security controls and compliance requirements in the cloud.
Encrypt sensitive data, restrict access to the internet for applications and workloads, and implement strong password protections as well as two-step authentication to mitigate the risk of unauthorized access in the cloud. Update your software (especially open source) with the latest vulnerability patches, since older software may be riddled with bugs vulnerable to attack. Remember to create a schedule for regular software maintenance to help minimize system hacking.
What are the key requirements needed to secure today’s modern cloud implementations?
First, the solution must be comprehensive enough to secure multi-cloud environments. It must be able to work with multiple cloud service providers and software-defined data center solution providers.
Second, it must offer visibility into security log and incident data for rapid incident response and forensics. When dealing with a multi-cloud environment with multiple workflows and management systems, IT staff must maintain visibility across these different cloud platforms. Last but not least, the solution must keep your enterprise in compliance with various compliance standards including CIS, HIPAA, NIST, and GDPR.
What are the benefits of cloud adoption?
I think that a leveling of the IT cost infrastructure is really the biggest benefit. Typical IT departments over the last 35 years have run through a cycle of forklift upgrades that are very expensive, very intrusive, very dangerous, and then followed by two or three or four years of no activity whatsoever.
The cloud can now take all of those forklift upgrades and smooth them out so that there’s really a fairly predictable monthly cost for all of the services that are being provided in the cloud. Some clients have data centers that they are running and maintaining, potentially leasing, and so for those larger clients there is an added benefit of lower cost. They’re simply not in the data center business anymore.
For smaller clients, there’s an added benefit of skill sets that they typically have never have access to. When they go into a full-service cloud, they get that level of expertise that comes in the cloud.
How do you reduce threats from cyberattacks?
The Chief Information Security Officers (CISOs) that are in these large organizations are in charge of protecting their organization from cyber threats, from malware to ransomware to brute-force attacks to data destruction, and so they have a very important job to do.
Clients without the capability or the budget to have a CISO benefit by the fact that if you move to the right cloud, you can gain access to one who will help you really understand where all of your vulnerabilities are and get them resolved and get them closed.
Who are cloud users protecting their information from?
Bad actors can be organized syndicates that run inside the United States or other countries that are literally using cybercrime the same they way they were using extortion and blackmail in the physical word for the previous hundred years.
There are individual evildoers that really get cache by bringing down organizations. That’s been happening 35 years since the internet was at all a thing. Those people are still very, very dangerous. Being in the cloud makes you in some ways more exposed, and so these types of people, the individual hackers, are really capable of causing a lot of damage.
In terms of public clouds, there’s a real threat coming now from nation actors. These people are far more advanced than the organized crime syndicates that I spoke of earlier. They have massive access, and the ability to bring down an Amazon or a Microsoft or a Google can pose a real threat to the U.S. economy.
What’s the responsibility of a business to protect its customer base?
I think cloud providers are going to have to start wrestling with that very question. We keep duplicate copies of our clients’ data away from where anyone could possibly ever know where it is for actually that reason. So if that section of the internet happens to bring down my portion of the cloud, I can bring them up very, very quickly within a few minutes and have everybody running as usual.
What can be compromised in a breach?
Well, that depends on what kind of information the client is putting in the cloud. In a lot of situations, it’s user ID and password information. So it doesn’t cause immediate pain to the company itself to have their clients’ user IDs and passwords stolen. But it certainly costs them in the public trust domain when nobody wants to keep their user IDs and passwords with somebody who isn’t protecting them.
If companies are compromising their own proprietary data or processes, they can go out of business in a hurry. Anything that the companies put in the cloud is at risk. To be fair, that data is already at risk. The old-school solution was to keep it all in-house. While it seems like it’s safer to keep data in-house, is absolutely not safer by any stretch. That data is at risk whether it’s on-premise or in the cloud.