Our Legacy IT Infrastructure Is Secure:
We hear this often from our clients, even those considering a move to the cloud. So far you have not had a major security breach or a data loss event. That is certainly a really good thing and we are glad. But how much of that was just due to plain old fashion luck, and then the real question is, will it continue. We all know – a major incident can be fatal for an organization, especially in the data-driven world of today.
We have all read a lot about the golden triangle of People, Process & Technology. Today we will use this paradigm to elaborate our point on security. Available resources in a firm is a relative term. For some companies, the consideration of “limited resources” indicates knocking off “Nice to Haves” from the list, while for many others it can boil down to dropping a few “Must Haves”.
So what does that have to do with our point – that moving to the cloud can really ‘up’ your company’s security and compliance profile. Well, let’s examine each of the three works in the paradigm.
We have People who know their job & love the company:
Yes, but, the fact remains, whether it be intentional or accidental, often people within an organization are somehow behind information leaks or data breaches. This is usually due to unauthorized access, improper configurations or aging technology, mostly it’s a combination of all three of these factors as well as other factors.
Unfortunately, training on security awareness program is something which small to mid-sized organizations simply don’t normally have. Employees often carry business-critical information on their unsecured mobile devices and exchange that information using un-authorized mediums over loosely configured and/or legacy infrastructure. The social media factor has also compounded the problem is business critical data spilling out of an organization.
The right step towards security starts with modernized user identity & access management. It is one of the first building blocks which needs to be modernized so all other elements can be placed around it ensuring authorized access for users. And the key point here is – this is a step best done as the first step in moving your IT to the cloud. As you’ll note – if you engage us – the first step in our roadmap involves this building block!
We have great Processes in place:
We have often observed that organizations have extremely good processes related to their core business (of course, that is not unexpected – that is why they are successful!). Whereas when it comes to security, compliance and domestic IT policies the processes are often not nearly well defined or practiced.
Moving to the cloud takes care of many aspects of security and compliance processes. Organizations can benefit from the cloud’s inherent best practices and pre-build processes that can simply be adopted by the new company moving to the cloud, rather than creating them all from scratch. In our view, it is the most cost-effective & reliable way for a small to mid-sized company to achieve security and compliance, and then to maintain via the cloud rather than in-house.
Regulatory bodies and company’s B2B or B2C customers often trust big names such as Microsoft or Amazon to be the cloud service providers due to the muscle these companies have to stay updated and keep the latest technology moving securely.
So, choosing one of these big vendors does help small or midsize organizations to divide their risk and add enterprise-grade reliability via such prominent cloud provider while continuing to offer best in class service to their customers.
Our Technology stack that we invested in 5 years back is still good enough:
It’s often a scenario we encounter – those company executives sanctioned a big procurement ~3-5 years back and anticipate that it is still good enough. But the reality can often be – systems are stretched beyond their end of life, causing potentially major security and reliability loopholes. From that point on, it’s really an accident waiting to happen. The luck the company is having might run out causing much bigger loss any insurance can cover, not to mention that there is no solution for a damaged repute.
The solution for such organizations is to embrace cloud technology and make a strategy to lift and shift to the cloud. Cloud brings modern services to a company which is always up-to-date. Cloud provides scalability to meet that urgent need. And, with cloud, you, of course, have a pay-as-you-go model which is often a most suited approach for small to mid-sized companies!
By Joe Rafanelli | October 3rd, 2019 | General