CLOUD SECURITY IS A COMPLEX ECOSYSTEM THAT RELIES ON CONSTANTLY EVOLVING TECHNOLOGIES, PROCESSES AND SKILLS. IT MUST BE CREATED AND MODULATED ACCORDING TO THE SPECIFIC NEEDS OF THE COMPANIES THAT USE IT. SECURING ONE’S CLOUD IS CRUCIAL TO BE ABLE TO MEET THE CHALLENGES OF TODAY AND ESPECIALLY TOMORROW, BECAUSE ONE THING IS SURE: THE REVOLUTION SPARKED BY THE CLOUD IS ONLY JUST BEGINNING.
Already in 2019, 69% of corporate organisations have created new roles in their IT departments: a necessity dictated by the introduction of the cloud , which has entered the sector, indelibly changing several pivotal paradigms. Despite the exponential growth in its use, there are many people and companies, especially larger ones, that are still concerned about security issues.
According to a 2020 survey conducted by Sophos, 70% of companies using data or workload hosting in the public cloud experienced at least one security incident during the year. On the other hand, enterprises that adopted the multi-cloud had twice as many incidents as single-platform organisations.
The report notes that often the superficial approach with which companies dealt with this issue contributed to undermining platform security. Also according to Sophos, 66% of the organisations have made themselves vulnerable to attacks by leaving backdoors open due to configuration errors in cloud services. According to a study by Thales Group, only one fifth of organisations claim to encrypt more than 60% of their data, and more than half of these still do not encrypt data on the cloud. In the year of the pandemic, therefore, the cloud was not yet totally perceived as a safe tool.
Today, after this first phase of cloud adoption, based mainly on the simplest and fastest approaches, we can define the awareness and experience companies have gained in facing the most complex challenges as mature. These inevitably also require the modernisation of the core applications.
Leveraging this awareness for an organisation means building a long-term vision that places the cloud at the basis of its digital strategies and takes into account all the technical and organisational elements that guarantee a pervasive and effective transformation.
The growing technological maturity on the cloud of large enterprises and the increasing complexity of information systems have led organisations to understand the need to rethink their governance models, engaging in the development of vertical competencies on different technologies and managing peculiarities while optimising expenditure and the overall quality of systems.
Today, the cloud is consolidated within corporate information system evolution strategies through a dual path. As the data from the Cloud Transformation Observatory of the Politecnico di Milano show: on the one hand, new application projects are created in the cloud for 43% of large enterprises (compared to 42% in 2019), on the other hand they are a compulsory choice (in 13% of cases) and a preferred choice in 30%. 11% of large enterprises no longer have a data centre of their own, while a further 27% plan to progressively migrate all their legacy to private and/or public clouds in the coming years. Furthermore, 50% plan to implement a hybrid strategy whereby part of the legacy will migrate to the cloud and the remainder will remain on-premises. Only 12% will instead implement a completely on-premises strategy.
The business transformation to the cloud model is also linked to the consequences of the energy crisis, which is forcing companies to re-evaluate their operational processes with a view to creating sustainability and supply chains. In order to tackle these challenges, according to Mariano Corso, Scientific Director of the Cloud Transformation Observatory, all stakeholders will have to commit if the cloud is to take a cultural leap forward. Companies will have to recognise the complexity of the management model they are facing, and focus on improving the skills and solidity of the professionals involved both within the ICT management team and in the various business lines.