| According to a recent survey by research firm McKinsey & Company, the current rate of cloud computing adoption is increasing, but most organizations are still in their infancy. Only 40 percent of organizations have more than 10 percent of their workloads on public cloud platforms. Eighty percent of organizations plan to move more than 10 percent of their workloads to public cloud platforms within the next three years, or plan to double cloud penetration. |
According to a recent survey by research firm McKinsey & Company, the current rate of cloud computing adoption is increasing, but most organizations are still in their infancy. Only 40 percent of organizations have more than 10 percent of their workloads on public cloud platforms. Eighty percent of organizations plan to move more than 10 percent of their workloads to public cloud platforms within the next three years, or plan to double cloud penetration.
McKinsey & Company surveyed about 100 businesses to determine how companies are adopting cloud computing and the security challenges they face along the way.
Please click here to enter image description
For many businesses, security is the biggest obstacle to cloud migration. However, corporate CISOs say the security resources of cloud computing service providers (CSPs) are much more secure than their own on-premises data centers, the report found. Today, they're asking how to adopt cloud services in a more secure way, as many of these companies' existing security practices and architectures may be less efficient in the cloud.
According to a McKinsey report, businesses can safely move their workloads to the public cloud by following these 10 steps:
1. Decide which workloads to move to the public cloud
The workloads an enterprise chooses to migrate will determine which security requirements are required. For example, many enterprises initially choose to move customer-facing applications or analytical workloads to the cloud and keep core transactional systems in on-premises data centers.
2. Identify at least one cloud computing service provider (CSP) that can meet workload security requirements
Enterprises can choose multiple cloud providers for their different workloads, but these choices should be aligned with the goals of the enterprise's overall cloud strategy.
3. Enterprises need to assign a security prototype to each workload based on ease of migration, security posture, cost considerations, internal expertise
For example, businesses can choose to rebuild applications and use default cloud computing service provider (CSP) controls for customer-facing workloads, and when rebuilding data access, decommission and move internal core transactional applications without having to rebuild design.
4. For each workload, determine the level of security to enforce for each control
Organizations should determine whether identity and access management (IAM) requires single-factor, multi-factor, or higher-level authentication.
5. Decide which solutions to use for the control of each workload
Enterprises can determine the capabilities of each cloud service provider (CSP) for each workload and decide whether to use an existing on-premises security solution, a solution provided by the cloud service provider (CSP), or a third-party solution.
6. Implement the necessary controls and integrate them with other existing solutions
Enterprises need to fully understand the security capabilities and security enforcement processes of each cloud computing service provider (CSP). It also means cloud computing service providers (CSPs) need to be transparent about their security practices.
7. Develop a view to see if each control can be standardized and automated
Businesses must analyze controls and decide which controls can be standardized within the organization and which can be automated.
8. Prioritize the first set of controls
An enterprise can choose priorities based on the applications being migrated and the security model it chooses to apply.
9. Implement control and governance models
For implementing standardized but not automated controls, companies can develop this checklist and train developers on how to follow them. For controls that can be standardized and automated, businesses can use a secure DevOps approach to create automated routines to implement controls and standardize.
10. Use the experience gained during the first round of implementation to select the next set of controls to implement
Learning from these experiences can help improve the implementation of future control systems.
According to the survey report, “Our experience and research show that cybersecurity in the public cloud can be achieved with the right approach. By developing a cloud-centric cybersecurity model and designing robust controls in various security domains, it is clear that cloud computing The responsibility of the service provider (CSP), and with secure DevOps, businesses can better protect their most critical information assets by moving workloads to the public cloud.”
This article is reproduced from: https://www.linuxprobe.com/quanyun.html
Provide the latest Linux technology tutorial books for free, and strive to do more and better for open source technology enthusiasts, open source site: https://www.linuxprobe.com/