Why organisations must approach integration and security in the cloud differently
Despite growing cloud adoption rates, many organisations still have concerns around security and integration
It’s clear that enterprise cloud technology has reached a new level of maturity. The questions around cloud adoption are no longer if, or even how, but how fast and how much.
We need to look no further than the numbers to truly grasp the reach of cloud technology within today’s enterprise, as 82% of organisations now consider cloud technology a key part of their IT strategies.
Yet for all the headway it’s made in the enterprise – and we really have come quite a long way – many organisations still take a measured approach to cloud adoption.
But if cloud technology delivers proven benefits like improved intelligence, collaboration and agility, why is that? In most cases it has to do with security concerns and, albeit slightly less so, integration concerns.
On-premise security and integration requirements are still pretty important concerns for IT teams – and the weight these concerns are given shouldn’t be any different in the cloud.
Security and integration are two areas to which organisations need to pay close attention in order to properly safeguard their users and data, regardless of whether they have cloud or on-premise technology.
That said, businesses can’t take the same approach to security and integrations in the cloud as they do on-premise, and that’s where many organisations start to hit some speed bumps.
For example, most security challenges that organisations encounter in the cloud don’t arise because the cloud is inherently insecure (quite the opposite is true when you consider the assurance cloud providers offer), but rather because they failed to make the necessary investments in a comprehensive cloud security strategy.
Consider the approach many organisations took with legacy technology of developing siloed security strategies based on individual project needs. That model no longer works in the cloud era, as users and systems consume and share data far more often and in far more places. It’s the systems piece, especially, that illustrates how cloud technology changes the landscape.
Typically, integration concerns have taken a backseat to security concerns, and while that may have worked on premise, it’s something that needs to change in the cloud.
In the world of cloud applications, information can sit anywhere, and this is especially the case when factoring in shadow IT behaviour. As such, an integration strategy that considers both data in motion and data at rest can go a long way toward ensuring security for sensitive information.
Although this cloud model adds significant complexity to integration requirements, a proper strategy can deliver several benefits, including improved costs, resource utilisation, efficiencies and, perhaps most notably, security.
Integrations have such a direct impact on security because data no longer lives in just one system – organisations want to pass data between multiple systems in order to make it more meaningful, but that means that just securing each of those systems on its own isn’t enough.
Given that integration and security go hand-in-hand, organisations need to consider their integration strategy as they plan their security strategy.
By looking at both requirements together, they can better understand the flow of their data and the touch points that they need to secure. Once they have that visibility, they can then answer questions that are critical for both of these areas, such as what is the level of sensitivity of data passed between any given systems and how do the security controls across the systems work in harmony to provide the right level of protection regardless of the location.
Ultimately, a comprehensive, well thought-out integration strategy can help organisations develop a much stronger security strategy and make it easier to do so.
For instance, they might discover that some data requires more encryption because it moves outside your corporate firewall than other data that remains inside your firewall. This discovery then has the added benefit of improving security as well as lowering cost, resource and maintenance requirements.
So what do organisations need to do to develop a leading practice integration strategy that enables security? They can start by taking the following five steps.
1) Adopt a business-centric approach
Thinking about your integrations from a business process perspective will help streamline your requirements and avoid creating a disorganised web of point-to-point integrations and security controls.
2) Emphasise the importance of data quality
Ensuring you have a sound data strategy that places a high emphasis on data governance will help you maintain clean, quality data and identify important factors like data sources, systems of record and systems of origin.
3) Think enterprise-wide
As described above, you need to let your business processes dictate your integrations. In doing so, make sure you have a clear picture of how information is passed and consumed across your entire organisation. Reviewing your enterprise and solution architecture can help here.
4) Consider external requirements
A best-practice integration strategy is not only robust, but it’s also flexible, as a flexible strategy will make it easy to absorb and divest pieces as needed – for example in cases of business growth, mergers and acquisitions. These external needs make creating highly modularized, loosely-coupled integrations critical.
5) Establish a well-defined governance structure
How will you monitor and manage your integrations? The answer to this question should be a key part of your integration governance. Beyond that, this governance should be more business-driven than it is IT driven so that business users are empowered to detect any issues.
The fact that security and integration are among the biggest concerns enterprises have about cloud adoption is a good thing. These factors should be a concern – but they should be a concern whether looking at the cloud, on-premise, or any other technology arena, because they are critical to the health of an IT environment.
In today’s cloud-driven world, the key to managing these concerns is to change your approach to them, as the cloud model is far different than the on-premise model. And in the cloud model, especially, how organisations govern integrations directly impacts the security of their IT environment given how often cloud systems pass information to one another as well as the growing number of applications that users can easily tap into.
As such, evaluating these two strategies side-by-side is essential to maintaining a healthy, secure and well-governed cloud architecture.
Sourced from Matt Johnson, VP cloud advisory, Cloud Sherpas