Security in the cloudMoving your IT environment to the cloud is a multi-dimensional challenge. It affects your infrastructure, platforms, applications and process, together with organisation, culture and working practices. It may be your largest ever transformational change activity.
Moving to the cloud should reduce your cost base (though it may take some time before the full benefits come through), and has the power to transform every aspect of how you operate. In the cloud, you can collaborate more effectively, target your products and services more precisely and become much more agile.
All these factors lead to major competitive benefits, but only if you can manage security effectively. Just as all other operational aspects need to be rethought for cloud, so does security. So why is that?
From Perimeter Security to Zero TrustMoving from an internally focused business model to one that is essentially collaborative, means you cannot rely only on “perimeter based” security. That is, an approach that keeps internal systems locked securely behind high walls (physical and logical), making them inaccessible to outsiders. In a collaborative world, that doesn’t work. Instead, you must move to a “transaction based” security approach, in which your data, systems and processes can be shared with partners and customers, under the right circumstances.
This is why companies in the cloud are using a Zero Trust security strategy.
Zero Trust is the opposite of “perimeter based” security. It treats each new communication, transaction or interaction as a separate, individual action that must be secured end to end in an environment where nothing is taken for granted. That’s because operating in the cloud changes the rules of the security game.
For example: businesses of every kind now use co-development platforms for rapid service and product creation, testing and launch, involving multi-partner teams with participants who could come from almost anywhere. They are enabling end user customers to define their own personalized services for automated configuration, often using automated agents to provision and deliver.
In these and all the many other examples of agile cloud-enabled working, it is not possible to safeguard an entire environment with 100% certainty. Instead, we need to build secure pathways for service creation, secure routes for each contact, with defence in depth, early threat alerts and continuous response.
Partnering for Cloud SecurityZero Trust is now the bedrock of cybersecurity for all cloud-based activities. This does not mean it is easy to deliver or can be achieved without significant specialist skills. So what are the basic requirements?
Broad capability. To build an effective cloud-based security approach, you need to understand every component that forms part of your future business model. That means Infrastructure, Platforms, Processes, Software, Design and Transformation. In reality, most consultancies and Systems Integrators are specialists in some areas, not in others. You may understand IaaS and/or PaaS, for example, but not be an expert at SaaS or Networks. NTT DATA is present in every part of the Cloud and Intelligent Networked environment. That matters.
Lifecycle approach. Moving to cloud is a transformational process, so you need to be engaged all the way through, from today’s model to the future. As enterprises prepare to move an entire environment to the cloud, you need to be present, building the “landing zone” and ensuring that moving to the new “virtual home” is not just smooth but also secure. NTT DATA is one of the few large global technology partners that has the scope and scale to be present every step of the way, across the entire lifecycle.
Move to DevSecOps. A key factor in monetizing the move to cloud is the ability to develop collaboratively in cloud-based platforms. To make this process secure, you need to move from DevOps (which is already a challenging prospect for many) to DevSecOps, in which security is a basic component of the process. That means building a secure environment from the ground up, often by working with a hyperscale cloud provider, such as MS Azure. NTT DATA is one of the few SIs with the ability to take a major enterprise from a “clean slate” to a complete secure development environment, efficiently and without compromise.
Integration. Finally, security in the cloud requires interaction and coordination across every technology and process component in extended, complex online environments. That demands consultancy of the very highest order, of the kind NTT DATA regularly executes for large and demanding global enterprises.
Working with a Germany-based automotive company, for example, we established an Identity and Access solution expressly designed to manage everything consumed in all processes from the cloud. The scope, scale and complexity of this example illustrate the special nature of security in the cloud.
Best practices and how to use themIn this constantly-changing environment, NTT DATA builds solutions optimized for cloud operations, enabling agile, collaborative working, compliant with all relevant regulations covering:
- Identification, ensuring you know which assets are to be protected, where they are and how you manage access to them.
- Protection, providing strong defences for each asset or interaction at multiple levels, so that attacks are slowed and potentially defeated before issues occur.
- Detection, enabling early sight of possible attacks or security lapses, including those that may escape initial detection through careful disguise.
- Response, for fast mobilisation of resources around attempts to penetrate defences, with immediate rapid alerts and in-depth communication at all stages.
- Recovery, with meticulous removal of all threats, once an attack has been defeated, and rapid lessons learned for the next time.
We apply a defence in depth approach, ensuring that we never depend on any single points of failure, and that human, cultural and organizational issues are fully factored into all solutions. Finally, we apply the Zero Trust philosophy end to end, across the full scope and lifecycle of the largest enterprise environments. NTT DATA delivers:
Consulting, providing comprehensive assessment of current status, agreement on goals and best practice advice, covering all aspects of security management.
Design & Implementation, developing detailed plans for security environments, then managing build and roll-out for all relevant environments, including hyperscale cloud and all forms of hybrid infrastructure.
Managed Services, covering specialized requirements, such as forensics, incident response and zero trust network management, through to management of everything from digital trusted identity to DevSecOps applications security and beyond.
In the cloud, the environment changes all the time, so do threats and, therefore, so must our responses. That’s why working with an established expert in the field is the best way to keep your operations agile, collaborative and highly efficient, without incurring unnecessary risks.
Security in the cloud is about technology, people, controls, access management and constant vigilance. NTT DATA is committed to making Intelligent Networked Cloud the environment in which 21st century businesses live, do business and succeed. We provide the security solutions that allow you to build a successful business- in the cloud.