Enterprise Readiness and Cloud Security
Specialization Infrastructure – Services
29. Oktober 2020
Success Story: IOB
16. November 2020
Wrap-up: Value Acceleration Session 11.11.2020
Enterprise Readiness & Cloud Security - setting up for maximum speed
Many companies embark on their Cloud Journey to increase scalability, flexibility and cost savings. In Wabion’s Value Acceleration Session on Enterprise Readiness & Cloud Security, experts from Wabion & Google Cloud discussed obstacles to success – and provided a guide on what to do better.
Enterprise Readiness – the two sides
There is no general definition of “Enterprise Readiness”. It is mostly referred to as a state of robustness of a solution or practice, enabling companies to maintain their ability to
- use the right power at the right time (“scalability”)
- execute its business purpose (“reliability”)
- meet its obligations against standards (“compliance”)
- ensure integrity and confidentiality of company data (“security”)
Whereas most of our customers are challenging, if Google Cloud services are “enterprise-ready”, they sometimes underestimate the other side of this equation:
How ready is your own enterprise for the Cloud?
When you share the responsibility for a solution stack with another party, especially when working with services outside of your direct control, you need to follow the principles of “shared responsibility” and change your approach to create best value from a shared stack.
The Security Gap – potential for long impediments
A particularly persistent impediment for Enterprise Readiness can be IT Security. Sometimes for technical reasons, but more often due to concerns regarding Cloud security concepts that may be a roadblock for Cloud-based solutions. To mitigate this “not-so-sure-about-Cloud” feeling, you should make Security a part of your Cloud Journey as early as possible.
Early Involvement of Security
Your Cloud Journey should always cover three areas: People, Technology and Process:
Overlaps of two or three areas lead to crucial activities:
- LEARN:
Apply cloud best practices tailored to your business through in-house skills and borrowed experience
- LEAD:
Articulate objectives and execute based sound decisions in a timely manner to achieve your goals
- SCALE:
Translate activities and policies into code, making them repeatable, scalable, and auditable
- SECURE:
Set up a defense that meets the right objectives, reduces human error, and copes with latest threats
Regardless of where you are in your Cloud Journey, make sure to have your security team on board from day one:
But where to focus?
As the first graphic above illustrates, SECURE is where LEARN, LEAD and SCALE overlap: your security department must LEARN reaching at least Google Cloud Platform (GCP) Fundamentals or, ideally, Cloud Security Engineer level. That is one of the reasons why it is worth liaising with an experienced Google Cloud Premier Partner.
You need LEADership to provide resources for Cloud readiness (time, personnel, budget), to ensure collaboration across all IT functions as one team and to make informed decisions in a timely manner. Your security team should act as an enabler for change.
Security Innovations by Google Cloud
As mentioned before, every cloud security solution entails shared responsibility. Large Cloud Hyperscalers are investing billions in security. With a high twofold billion figure invested in security and its unique infrastructure over the past years, Google provides benchmark security solutions.
Some security innovations such as Google’s “Beyond Corp” concept from 2009 have already been around for quite some time. Building on “Zero Trust Networking” and other elements, this concept is still fighting for adoption in many IT departments despite its proven track record. This article from the Google Cloud Blog explains why you also need to trust less and secure things in your own way to trust cloud computing more.
Security Assessment by Wabion
To be sure that you are delivering your part in the “Shared Responsibility” model and to strengthen your trust in your Cloud Provider, Security Assessments are a great start. The Wabion Security Assessment incorporates tools, best practices and findings of many Cybersecurity Frameworks (NIST, CSA, CIS etc.). Regardless of where you are in your Cloud Journey – start somewhere, start early and get in touch with us to learn more about the Security Assessment by Wabion.
Security Engineering and Security Operations
Your “Enterprise Readiness” Cloud Journey may take you from Day 0 (planning, concepts, architecture, theory) via Day 1 (configuration, implementation, integration) to Day 2 (operations and maintenance):
This “Three-Day”-framework reminds us what matters most: It is too late to bring security on board when you have done your first implementation. On Day 1, you can’t onboard IT Security for Day 0 activities. In our experience, waiting too long to involve IT Security mainly leads to long delays and cumbersome re-engineering of solutions – and to a lot of frustration on all sides. Just remember:
Think Big – Act Small, Start Early and Learn Fast
In case you need inspiration, concepts, assessments or advice – you know where to turn to.