In terms of culture, it’s important to establish strong cloud security governance, equipped with purpose and mission. A smart cloud strategy relies on key security talent – and integration of that expertise into a unified cloud team across functions within the organization. To retain ownership over the cloud strategy, organizations should seek to nurture that in-house talent while building relationships with strong external partners. This also helps to foster continuous innovation and ensure accountability for technical changes needed over time.
Another core capability of the internal cloud organization is oversight. But you cannot control what you cannot measure. For this reason, companies should work to establish visibility around the cloud security posture and compliance footprint. The insights gained serve to inform both urgent need for action and long-term improvements. Centralizing cloud security services translates into reduced attack surfaces, improved depth of defense as well as economy of scale. We believe that an independent technology strategy supports the greatest level of agility and resilience. At the same time, investing in provider-specific but strategically independent security capabilities can make sense for organizations seeking to support multi-cloud capabilities.
Responsibility for the cloud should not be an isolated “function” within an organization. Core cloud teams should foster regular exchange on concepts, ideas and status to break down silos, while inclusive sprint meetings can accelerate progress at critical points in the cloud development process. And a process it is: a smart cloud approach is never “done”. As new threats and opportunities emerge, cloud teams need to respond and evolve.
Summary
A “no cloud” strategy in five years will feel like a “no internet” strategy today. Yet many organizations feel overwhelmed by the complexity and pace of change. EY believes a smart cloud strategy should focus on embracing cloud-native technology, shifting left to consider security at every stage of the cloud lifecycle and establishing a culture of excellence.