We believe that strong cloud security governance is needed, so that organizations can provide much-needed visibility and execute the right level of controls for their business. As the regulatory landscape catches up with technological advances, legislation is likely to mandate stronger cloud security governance for all companies, not just those operating in sectors already required or recommended to adhere to stringent security standards. Whether required by law or not, many companies are keen to future-proof their cloud environment. However, many experience challenges along the way.
Although the cloud is well established, there is still often hype around applications and solutions. Significant interest from the capital markets drives this to some extent. At the same time, periods of hype have in the past given way to incremental security improvements – a positive development for all stakeholders. Providers have raced to create comprehensive cloud hosting and security packages. While this may seem convenient at first, reliance on such models can restrict freedom of choice when it comes to integrating competitive security solutions.
At present, highly fragmented technology across the cloud solution space can make it difficult to know where to head with your cloud strategy. Business leaders can feel overwhelmed by choice, especially as there is often considerable overlap between providers and solutions. And technology moves fast. Depending on where an organization stands on the cloud transformation journey, point solutions can be a short-term fix, but will often add to the complexity of the cloud environment and drive silos – the very opposite of the cloud intention.
Partnering with a knowledgeable external partner can help. At EY, we aim to take the burden of compliance and risk out of the client’s cloud journey. From design, build and operation. With that we strive to be the nr 1 cloud security services provider for regulated industry within the next couple of years.
Whether you’re an early or late adopter, now’s time to get cloud smart. This means adopting the cloud where it makes sense from a business, regulatory and compliance perspective. It also means retaining whatever function is necessary; and being bold enough to leapfrog some neglected security capabilities through smart adoption of cloud-native security functions. A healthy split between cloud and retained function is the current direction, as recently underpinned by AWS’s CEO Adam Selipsky.