Cloud transformation is one of the most important technology—and security—trends facing businesses today. The value, risks and additional benefits of cloud computing are talked about constantly at organizations of all types and sizes. While cloud migration started several years ago, it continues to accelerate as more organizations are finally moving their business-specific applications into the cloud. Unsurprisingly, security is a top concern when it comes to this latest migration.
It’s critical to understand how your cloud services provider handles security. That’s because, ultimately, it’s still your responsibility to ensure the security of the data you handle—even when it resides in someone else's data center. That's why you need to make sure your cloud provider has the right controls in place and can provide assurance they are handling your—and your customers’—data with the highest level of security.
This is more important than ever, since so many organizations have begun to migrate their business-critical applications to the cloud. The most prevalent way of doing this is known as “lift and shift.” That involves doing a full refresh of existing applications, upgrading to the latest and greatest versions and then porting everything to AWS, Google, SAP, Oracle, Azure, etc.
Once that’s done, you’ll have the same technology you’ve been using and you’ll have very similar business processes. The only difference is now it's running somewhere else. And because it’s no longer in your “fortress,” aka your internal data center, and behind your firewall, it can be more than a little nerve wracking. That’s why now, even though you might be running the same technology stack, you need to put strong controls in place to make sure those applications stay within the security boundaries that you define.
After this big first step is complete, comes the second and third steps of cloud migration: leveraging software-as-a-service (SaaS) and platform-as-a-service (PaaS) capabilities.
What’s the benefit of adopting SaaS (and complementing through PaaS)? One of the major benefits is the ability to standardize many businesses processes. Take travel expenses, for example. There’s usually not a lot of difference between how a Fortune 10 business handles its travel expense processes and how most other businesses do it. While there can be some complexities, for the most part it’s easy to standardize travel expenses on a SaaS solution (have you ever heard about SAP Concur?).
But when it comes to more complex processes, such as manufacturing or finance (especially in large enterprises), moving to a SaaS solution can be more complicated. That’s because when you adopt SaaS, you adopt standard processes, and that standardization can be restrictive, especially for multinational organizations, which require flexibility to customize those processes to meet region-specific requirements. So, it might be best for your organization to keep such applications on-premises.
That’s why we see a lot of hybrid scenarios, with some on-prem solutions, some infrastructure- as- a- service-based (IaaS) solutions, and some SaaS solutions. One of the ways an organization can achieve more flexibility from a standard SaaS implementation is by opting for another cloud option known as platform- as- a- service (PaaS). So, ultimately, business applications in the cloud, for most organizations, means a completely hybrid scenario where you have a little bit of everything in different cloud service models. Because each cloud service model will give you the flexibility and the capabilities that you need to actually run those business processes in the way that works best for your organization.
Once you’ve decided on which cloud options are right for which applications within your business, the big question is, how are you going to secure your business applications in the cloud? Providing security and compliance for those various cloud deployment models isn’t easy, but it can be done.
From an Onapsis perspective, we provide comprehensive security visibility and compliance capability for customers who are migrating to and running in the cloud, regardless of what cloud service model they’re using. And we are further developing and extending our capabilities to provide even greater visibility into other cloud scenarios that are not specifically based on SAP® NetWeaver®, SAP HANA®, or SAP JAVA, but are completely different technologies. Either way, it’s the same familiar business processes that we protect.
In part two of this series, I take a closer look at the challenges of providing effective security and compliance for a range of cloud deployment models.