Moving to the cloud, digital transformation and prioritising zero trust security

Why are organisations, especially the larger ones, focusing on cloud growth?

According to Frederic Kerrest, co-founder and COO at Okta, it’s so they can take advantage of benefits of the cloud, enhance their digital transformation efforts and prioritise security.

IT spend in 2009.
IT spend in 2009.
IT spend in 2019.
IT spend in 2019.

SaaS has had a 1200% increase in spend over ten years. But, this is still a fraction of IT spend. What does this say? It’s very early in the shift to software

Moving to the cloud helps traditional organisations reduce IT friction, improve M&A agility, reduce costs, attract a digital native workforce and plan for the future.

“Large organisations want to do the same things that small companies do,” said Kerrest. To do this, they need to adopt the cloud, and they recognise this.

According to Okta’s Digital Enterprise Report cloud adoption is, unsurprisingly, on the rise: 67% of organisations expect the number of cloud-based apps to increase.

But, they are just getting started. The report of 1,000 technology leaders also found that 69% of large organisations are less than halfway into their ‘cloud end state’.

In reality, “there is no end state,” explained Kerrest. It’s a constant movement or journey.

Trust at Oktane19: the new frontier in technology

At Oktane19 in San Francisco, Information Age explores the importance of trust and identity in supporting continued technological innovation. Read here

Moving to the cloud

To illustrate why the larger, more traditional industries and businesses are moving to the cloud, Kerrest introduced Spencer Mott — SVP and global CISO at McKesson — and Ashish Sanghrajka — SVP, CIO at Hitachi.

McKesson delivers one-third of pharmcetuicals in North America. It is a huge organisation, which achieved $208.4 billion in revenue for 2018.

Why do they want to move to the cloud? “Healthcare is changing rapidly,” explained Mott. “We need to move to the cloud because of changing consumer expectations. The expectation of an omni-channel experience.”

McKesson touches many parts of the healthcare ecosystem, which generates a huge amount of data. The cloud helps “connect that data,” said Mott. And, this will “provide better outcomes for patients.”

Hitachi’s desire to move to the cloud stemmed from its desire to overcome the challenges of history.

The multinational is made up of 80 companies and is over 100 years old. As a result, there’s a lot of legacy and “we are trying to move from a product to a solutions and services company,” said Sanghrajka.

“We want to drive operational efficiency, reduce costs, improve revenue growth and change our business model,” he continued.

“We’re using cloud as a technology to standardise and consolidate structure — to integrate cloud application with identity infrastructure, in a secure manner.”

Achieving this cloud environment depends, in part, on talent. Specifically, millennial talent.

In order to retain and recruit the millennial workforce, Mott said that “we need to define a meaningful mission, which is relevant and combine that with a nice work environment that is well payed.”

And both agreed that the millennial workforce needs to have access to modern, cloud native tools that enable them to do their job. They need to feel they are “bringing success to the enterprise,” said Sanghrajka.

IBM’s Michelle Peluso: what should we expect from technology?

IBM’s chief marketing officer and SVP, Michelle Peluso, reveals IBM’s attitude to technology, digital transformation and diversity in tech. Read here

Digital transformation

Digital transformation is a term that’s overused, but what it comes down to is that “every company has to become a technology company,” said Kerrest. It’s easier when you’re a small company, but larger companies can’t ignore this trend.

Why? Because “software is eating the world — it’s the great equaliser,” continued Kerrest. Becoming a technology company leads to a more efficient way of doing things, including customer experience.

Who are the large enterprises customers? Increasingly there are digital natives, and as a result, organisations have to become a digital business. And again, they know this.

According to Okta’s enterprise report, half of formal organisations have a strategy to digitise their business.

“We have a lot of legacy to protect and a spectrum of customers who have different demands,” said Ramiya Iyer, GVP, IT Digital, Data and Pharmacy at Albertsons — one of the largest food and drug retailers in the United States, following the 2015 merger with Safeway, Inc.

“We can meet this demand through innovation by digital transformation,” she said.

During the major M&A, it was important to create a “digital backbone” that integrated all the different businesses that are under the Albertsons umbrella.

This was necessary in creating a “cohesion of end user identity into a seamless experience,” continued Iyer.

Mike Towers, the CISO at Takeda — the pharmaceutical giant — also emphasised the importance of digital during tech M&A.

“The cloud-base helps,” he said. “Because we require a level of independence and above business capability during tech M&A. Lots of aspects have to integrate without the weight of legacy.”

For a company that was founded in 1781, digital innovation, R&D and research-driven have almost become a commodity to Takeda.

Prioritising security

Why prioritise security?

Well, the cost of a data breach — both financially and in terms of brand reputation — is growing. In 2018, researchers at the Ponemon Institute found that the mean time to identify a data breach incident was 197 days, and the mean time to contain was 69 days.

CEO and co-founder of Okta, Todd McKinnon said that this means that security should be part of an organisation’s mission statement. If they don’t they will “pay a price in their business results and their brand.”

Boards are now worried about business risk and brand reputation. It is an issue with consumers.”

Trust and security based on network perimeter and firewalls are no longer viable. Once these defences are breached, hackers have access to everything.

This has led to a new paradigm in security: zero trust.

“The amount of respondents who knew about zero trust surprised me,” said McKinnon.

At its core, zero trust recognises that modern businesses should no longer have a “trusted” internal network and an “untrusted” external network.

Zero trust is described by Cloudfare as ‘a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter’

So, why is zero trust coming to the fore? The cloud has enabled new ways of working: mobile working, business collaboration and forced consumer tech into the enterprise.

With these new ways of working, companies need to move beyond traditional security parameters.

According to Okta’s report this is exactly what they’re doing. It found that more than half (60%) of the world’s largest companies are pursuing zero trust.

Never trust always verify

The research also notes that some of the control of zero trust hinges on multi-factor authentication — which too few companies are adopting.

“Zero trust is a good framework,” said Sarah Urbanowicz, CISO at AECOM — the civil engineering giant. “But, it’s not a project. It’s a principle.

'Perhaps the drive to zero trust is being led from the management layers in IT, rather than the boardroom,' said the report.
‘Perhaps the drive to zero trust is being led from the management layers in IT, rather than the boardroom,’ said the report.

Heather Abbott, SVP, corporate client technology and enterprise IT at Nasdaq, also commended zero trust as a “user-centric security, which is a top priority for senior directors.

“We see app development move towards zero trust from an application segmentation perspective.”

Tim Berners-Lee on the World Wide Web: “it seemed like a good idea at the time”

Tim Berners-Lee reflects on his invention, the World Wide Web, how it has changed and how it must be corrected. Read here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...