Many companies embark on their Cloud Journey to increase scalability, flexibility and cost savings. In Wabion’s Value Acceleration Session on Enterprise Readiness & Cloud Security, experts from Wabion & Google Cloud discussed obstacles to success – and provided a guide on what to do better.
There is no general definition of “Enterprise Readiness”. It is mostly referred to as a state of robustness of a solution or practice, enabling companies to maintain their ability to
Whereas most of our customers are challenging, if Google Cloud services are “enterprise-ready”, they sometimes underestimate the other side of this equation:
How ready is your own enterprise for the Cloud?
When you share the responsibility for a solution stack with another party, especially when working with services outside of your direct control, you need to follow the principles of “shared responsibility” and change your approach to create best value from a shared stack.
A particularly persistent impediment for Enterprise Readiness can be IT Security. Sometimes for technical reasons, but more often due to concerns regarding Cloud security concepts that may be a roadblock for Cloud-based solutions. To mitigate this “not-so-sure-about-Cloud” feeling, you should make Security a part of your Cloud Journey as early as possible.
Your Cloud Journey should always cover three areas: People, Technology and Process:
Overlaps of two or three areas lead to crucial activities:
But where to focus?
As the first graphic above illustrates, SECURE is where LEARN, LEAD and SCALE overlap: your security department must LEARN reaching at least Google Cloud Platform (GCP) Fundamentals or, ideally, Cloud Security Engineer level. That is one of the reasons why it is worth liaising with an experienced Google Cloud Premier Partner.
You need LEADership to provide resources for Cloud readiness (time, personnel, budget), to ensure collaboration across all IT functions as one team and to make informed decisions in a timely manner. Your security team should act as an enabler for change.
As mentioned before, every cloud security solution entails shared responsibility. Large Cloud Hyperscalers are investing billions in security. With a high twofold billion figure invested in security and its unique infrastructure over the past years, Google provides benchmark security solutions.
Some security innovations such as Google’s “Beyond Corp” concept from 2009 have already been around for quite some time. Building on “Zero Trust Networking” and other elements, this concept is still fighting for adoption in many IT departments despite its proven track record. This article from the Google Cloud Blog explains why you also need to trust less and secure things in your own way to trust cloud computing more.
To be sure that you are delivering your part in the “Shared Responsibility” model and to strengthen your trust in your Cloud Provider, Security Assessments are a great start. The Wabion Security Assessment incorporates tools, best practices and findings of many Cybersecurity Frameworks (NIST, CSA, CIS etc.). Regardless of where you are in your Cloud Journey – start somewhere, start early and get in touch with us to learn more about the Security Assessment by Wabion.
Your “Enterprise Readiness” Cloud Journey may take you from Day 0 (planning, concepts, architecture, theory) via Day 1 (configuration, implementation, integration) to Day 2 (operations and maintenance):
This “Three-Day”-framework reminds us what matters most: It is too late to bring security on board when you have done your first implementation. On Day 1, you can’t onboard IT Security for Day 0 activities. In our experience, waiting too long to involve IT Security mainly leads to long delays and cumbersome re-engineering of solutions – and to a lot of frustration on all sides. Just remember:
In case you need inspiration, concepts, assessments or advice – you know where to turn to.