A few years ago, McKinsey coined the famous SMAC acronym for concepts that needed to be digital. When looking closely at this acronym, we are led to assume that the most important letter is the C, i.e. Cloud. Why? Because the other letters – S (Social), M (Mobile), and A (Analytics) – all rely on the cloud. In fact, the cloud is the foundation of these technologies and the foundation of the digital transformation. This internet-based architecture, made of open standards with many lightweight and interoperable technologies, is thus perfectly suited for the digital era.
Cloud computing is the de facto standard for new digital companies, and an increasingly important part of IT for most companies and administrations. In the beginning, it was mainly confined to certain public SaaS services, but IaaS and PaaS developed quickly and are now strongly present in many companies. The cloud, initially public, found its way into companies in the form of the "private cloud", then "managed private", before the new wave of public IaaS and PaaS began. As such, cloud computing quickly conquered Internet front offices, then integrated with legacy infrastructures to create new hybrid systems; the expansion towards more complex back-office workloads has however made its integration and management increasingly difficult. To give a current example of cloud usage: the German car manufacturer Volkswagen understood that cars are iPhones on wheels and that the cloud is their future. The company is thus transferring large parts of their IT to the cloud, including some of its industrial and embedded systems.
Why am I telling you this (highly) abridged history of the cloud? How is it relevant for cyber security?
First of all (and in contrast to some of the initial statements made in the cloud pitch), the result of the cloud is increased IT complexity. Integration, multi-sourcing and management are now major issues, as one of PAC's surveys on the hybrid cloud suggests. And complexity and lack of visibility are clearly counterproductive to cyber security.
Second, as most businesses and administrations are now embracing the digital transformation, IT’s share in the value chain of their activities has seen a dramatic rise. This change has attracted pirates and corsairs (state-sponsored pirates), which are posing an increasing threat to organizations; as IT is becoming a key part of many companies' activities, attacks are having an ever more dangerous impact.
And third, cyber security rules and regulations are being tightened at all levels (continental, national, industry, etc.), so even if you decide not to bother too much about cyber security, you will have no choice but to comply (or face a fine). Since the cloud is an integral part of your IT systems, said rules, of course, also apply here.
For several years now – in PAC's CxO 3000 global annual survey – cyber security has been the main concern for companies who are using or want to use cloud computing. To be successful in your digital transformation, it is key that your cloud(s) are secure.
PAC's new analysis on cloud security will look closely into how the cloud can be secured but also how cloud computing can enhance security: i.e. security from the cloud.