There are many reasons for enterprises to move to the cloud. It might be “emergency migrations” to cope with the uncertainty and upheaval of the COVID-19 pandemic. Or, it could be part of a longer-term IT modernization plan. Whatever the reason, the cloud represents a basic challenge to IT departments: it’s a fundamentally different environment, which makes it prone to human error. This is why, according to the Verizon 2020 Data Breach Report, cloud misconfigurations - a fancy term for “human error” - are by far the no. 1 cause of cloud data breaches.
Migrating to the cloud does not have to be fraught with risk, however. If the migration follows a well-constructed strategy and taps the right skills, processes and understanding of the shared-responsibility model, risk can become quite manageable. Here are some foundational elements to consider for controlling risk in the cloud:
These are just some of the issues to consider when embarking on a cloud journey. By setting a sound strategy, and aligning talent, processes and an understanding of the cloud operating model, enterprises can embark on a transformational cloud journey that grows their business, not their risk.
Want to hear more? Listen to Deloitte Global Cyber Cloud Leader Sean Peasley discuss cloud security in depth on a recent podcast from Cyber Crime Magazine.
Sean is a Partner with Deloitte & Touche's Cyber Risk Services practice and is the Global Cyber Cloud Leader and Cyber IoT Leader. He delivers solutions to help organizations address their most pressing and pervasive cyber security challenges for Enterprise, Cloud and IoT environments including cyber risk, cyber threat intelligence, cyber war gaming, IoT and OT security, identity management, privacy and data protection, and business resilience focused. He has over 35 years of consulting experience and serves some of Deloitte’s largest clients. He is a proven leader with diversified, in-depth experience in consulting and has demonstrated an ability to consistently achieve desired results and provide exceptional value to clients across a variety of business problems, technologies and industries. Specialties: IoT/OT security; cyber cloud, information security strategy; cyber risk & security; identity management; application security; secure systems development; information technology risk management; governance, risk and compliance; and resiliency. He has experience in several industries, including automotive; consumer products; energy & resources; financial services; health care; high technology; life sciences; manufacturing; and media, entertainment & sports. Sean is passionate about working with the community and he currently serves on the board of directors of YMCA of Orange County and is the chairman of CSUF College of Engineering & Computer Science College Leadership Council.