By Martin Walshaw, SE Team Lead - Sub-Saharan Africa, F5 Networks
Multi-cloud ambiguity can make enterprise security a daunting prospect. Technological misconceptions are rife, and inadvertently prompt the wrong cloud implementation decisions across the world. To avoid the proverbial data protection pitfalls and boardroom bust-ups, it is important to cut through the noise, explode the myths and unlock true cloud return on investment.
Myth-take 1: security and cloud do not go together
Many business leaders think the cloud is still in its infancy and it is too strategically risky to shift applications to public cloud environments. There is no option to solely rely on native app security from cloud providers as they are not responsible for application level controls. F5’s recent 2018 State of Application Delivery Report (SOAD) noted that EMEA businesses believe applying consistent security policies across all company applications is the “most challenging or frustrating” aspect of managing multi-cloud environments (42%).
39% said the biggest challenge is protecting applications from existing and emerging threats. Nevertheless, adopting a multi-cloud route does not have to mean compromising security. With advanced security solutions, businesses can safely move their applications to any cloud model that works best for their strategy without geographic or infrastructural constraints. According to SOAD 2018, 54% of EMEA businesses determine which cloud is best for each application on a case by case basis. This is fueling an uplift in multi-cloud environments with 75% of respondents claiming to use multiple cloud providers. Consumer demands and industry competitiveness continue to make the cloud an unavoidable option. The right deployment strategy makes it a viable and safe.
Myth-take 2: IT departments can still manually cope with security threats
The threat landscape is more sophisticated than ever due to volumetric attacks, malicious bots, and other tools targeting apps and sensitive data. Many traditional practices are no longer effective because they are too labour intensive and time inefficient to protect what really matters. This is where automation comes in to streamline and standardise IT processes, as well as remove human error. It also helps IT staff focus on other priorities, such as analytics and problem solving. According to SOAD 2018, over half (57%) of respondents indicated they are employing IT automation and orchestration to drive digital transformation efforts.
Myth-take 3: multi-cloud is only good for start-ups
Whilst born in the cloud organisations are disrupting markets, many long-established firms are investing heavily in the cloud to improve performance, achieve greater efficiencies and add value to the business. Consider Electrolux, which was recently recognised in EMEA’s Top 50 Cloud Climbers, a report on the top businesses in the region leveraging the cloud to fuel innovation.
By connecting its factories to the cloud, it has achieved new levels of smart manufacturing that include real-time assembly-line monitoring and a newfound ability to adapt plans on the fly. HSBC is another recognised Cloud Climber, standing out for using cloud-driven machine learning and data analytics to analyse huge datasets and combat money laundering.
Other Marquee names in the report include Spotify (for continually evolving and optimising its massive music streaming service), Mercedes F1 (cloud-fuelled performance analytics) and Airbus (cloud and machine learning to store and process several hundred terabytes of satellite imagery annually). The cloud can change the game for everyone. Too much apprehension is already becoming a major developmental handicap.
Myth-take 4: cloud security is not an executive decision
Leaving cloud security to the IT department alone not a good idea. It is essential to bridge the gap between the executive boardroom and those responsible for security decisions. A recent F5-commissioned study among global CISOs by the Ponemon Institute found that 58% of surveyed businesses had IT security as a standalone function, meaning most lack an IT security strategy spanning the entire enterprise.
Only 22% said security is integrated with other business teams and 45% had security functions without clearly defined lines of responsibility. CISOs must be given greater voice in the boardroom and security-focused education initiatives must be structured to benefit the entire workforce. This will ensure app and data protection strategies are optimal, compliant and successfully meet customer needs.
Myth-take 5: solutions are not ready to tackle cloud security issues
Embracing modern application architectures, cloud models, and a wide diversity of devices means organisations of all sizes can better capitalise on the digital economy. Encouragingly, awareness is growing across industries for the need to expand protection efforts beyond the traditional network perimeter. A case in point is the rise in Web Application Firewall (WAF) deployments; SOAD 2018 reports that 61%organisations now use the technology to protect their applications.
Myth-take 6: the end consumer never sees the benefit
IT optimisation is based on having a cohesive, enterprise-wide strategy that enables new and existing services to be managed with greater control. Protecting end-users from identity fraud, loss of data and vital funds should always be a top priority. Consumers turn to the business they trust. Those with dubious data security track records are becoming obsolete.
Manage out the myths
More businesses than ever before are adjusting their security strategies to focus on securing the application and to find ways to innovate faster within the multi-cloud environment. Now is the time to mitigate the myths and manage out the misconceptions. By embracing modern application architectures and sustainable multi-cloud models, EMEA organisations will capitalise on the digital economy and drive greater profitability. Don’t procrastinate and confirm the myths - act today and become a legend.