The 5 Most Commonly Asked Questions About Cloud Solutions

We believe there are many reasons to migrate your organisation’s applications to the cloud, not least of which are cost savings, streamlined operations, redeployment of resources, reskilling of your internal teams and talent retention.  

In this blog, I answer the five most common questions I get asked about moving applications to the cloud, so you can make an informed decision about whether it’s the right thing for your organisation.  

1. Is it secure and where is my data? 

“Is it secure?”  is one of the most commonly asked questions about the cloud. But as the cloud has become universal in organisations, the nature of the question has changed. 

Every year, major cloud providers like Amazon and Microsoft spend billions to make their cloud services stable, robust and secure. Security measures and compliance certifications are available for all to see, and Microsoft’s cloud offering is as secure as it gets in terms of compliance, governance and physical security.  

The result? Today, almost everyone accepts that the cloud is secure. The conversation now is less around how secure it is and more around data control. It’s essential that organisations understand where their data lives, where it may go and who can access it in order to feel comfortable with moving to the cloud. 

A lack of understanding around how the cloud works is a barrier to adoption for many organisations. In the UK, law firms are amongst some of the most cautious adopters of cloud solutions, largely because of questions about where confidential client data will reside and who can access it.  

There needs to be an understanding that, by its very nature, the cloud exists in multiple locations – and your data can too. Azure, for example, for resilience can have multiple copies of data in multiple locations. And this conversation isn’t always an IT-led discussion; it needs the business to decide in which country their data should be reside, and whether they are comfortable with it potentially leaving UK soil. The cloud gives customers choice here, different services having different options about where data is stored, but it’s important that well informed decisions are made in this regard. 

Organisations need to know what they are letting themselves in for and understand how data will be stored and accessed which needs a complex, but not impossible, discussion about trust and understanding. In our experience, anyone who truly understands the options and how the cloud works has been confident in making an informed decision based on facts not fear.  

2.  Will all my IT staff be out of work/redundant? 

Generally, there isn’t a direct correlation between adopting cloud services and IT staff being let go.  We prefer to see this as freeing up IT staff to focus on more strategic tasks. 

Whether they’re in retail, manufacturing, healthcare or any other sector, businesses are trying to be ‘the best’ and provide the best service to their customers. IT should enable them to do that. It should be a supporter and enabler for a business to do its job and operate at its highest level. And for organisations that are held back by inefficient, outdated IT systems, embracing the cloud is one way to make improvements. 

Few organisations today choose to use physical servers; they are costly, require office space and need people to maintain and manage them. Solutions like O365 and Exchange Online are making delivery of common IT services easier, better and lower cost, and like it or not, the requirement for on-premise skills will reduce as cloud adoption becomes the new norm. As IT evolves, the skillset of IT teams needs to evolve with it, or face being left behind.  – Read more

Trial by Fire: Making the Mobile Workforce Work

My Post (11).pngMore people than ever are working remotely, and about one-third say the coronavirus pandemic was their first chance to do so. As companies return to a new normal, they are considering how to manage workers who are not in the office, and mobile workers add a unique challenge.

The term “remote worker” includes work-from-home employees and mobile workers. Most employees who work remotely do both. Using your phone for a video meeting, messaging from the grocery store or checking email on your laptop through a café’s mobile hotspot are all forms of mobile work. When you get back home and connect through VPN, you are working from home.

All workers need secure, remote access to co-workers, files and data, but mobile workers face another layer of complexity. When they go from computer to phone or tablet they need their data to sync, and they need a seamless experience from desktop app to mobile app. There are also the fundamental requirements of secure access, a quality wifi signal, video and audio. That is the ideal state.

The coronavirus pandemic exposed a lot of things that were less than ideal in our ability to work remotely. We’ve experienced co-workers unable to hear or be heard when their phone audio cut out, or headphones failed, or they dropped altogether because of dead batteries or bad connections. We’ve seen workers struggling to get necessary data or access tools and dashboards when on a mobile connection. And we’ve had IT leaders worry about privacy, even basics like screen protectors, for people working on the go.

As organizations transition to a new normal following the stay-at-home orders, they will need a strategy to sustain remote workers and their mobile needs, and that should center around three common business principles:

Plan and Invest

Employees need the right equipment to work from home and collaborate, both hardware and software. IT managers should plan for any additional software licensing and equipment purchases. It’s not just a corporate issue — consider the many schools that were unable to teach because students lacked computers and wifi. Identifying needs and planning for future investments is the way resilient organizations will manage through the uncertain months — or years — ahead.

Make the Best Use of Your Technology

For a tech geek like me, it’s easy to assume everyone knows how to use all the remote tools and is comfortable with them, but that’s not always the case. Even though remote connectivity is easier and more secure than it’s ever been, there are still a lot of steps, a lot of interactions and interdependencies. I’ve made some quick internal videos for Splunkers where I explain some of the basics and also some best practices.

You also need to make sure that remote workers’ tools are working optimally. For every computer issued and every software license granted, the IT team should have a policy and governance to track hardware and software updates. An employee on the go with expired software is not productive. It’s also absolutely vital to be able to monitor your network for potential issues and security threats, which can be done through cloud-based applications with both desktop and mobile versions, easily accessible through a company’s single sign-on. – Read More

Learn More About Splunk

Prevent and Detect Threats Across Multi-Cloud Environments

My Post (22).pngThe cloud has become ubiquitous in all we do, and the line between the perimeter and the cloud continues to shrink as most enterprise organizations are looking to shift their cloud strategy to a multi-cloud approach. Moving to the cloud comes with plenty of benefits like performance optimization, improved reliability and overall cost savings, but cloud adoption is not without its risks and challenges. In a recent webinar, “Approaches for a More Secure Cloud Environment,” members of the Splunk security team covered how building a strong, unified multi-cloud security strategy can help detect and prevent misconfigurations and other security threats.

It’s important to understand that organizations are typically at multiple stages of their cloud journey simultaneously, and when building a cloud strategy, security must be considered at every stage. Also, cloud security and the journey to the cloud is not an exact translation of inside-the-perimeter security or lift-and-shift models — there are shared customer and provider responsibilities.

Cloud Security not an exact translation of inside-the-permeter security

Because of significant vendor competition and connected products, multi-cloud systems introduce new complexities and an expanded attack surface.  Additionally, the analytics products made available by cloud service providers focus on proprietary offerings and lack comprehensive views of an organization’s entire environment. Lack of visibility, ephemeral workloads and an ever-increasing knowledge gap makes cloud security an ongoing effort whether you have a single cloud or multi-cloud environment.

But let’s get our heads out of the “clouds” for a moment, because in another light, the cloud can be thought of as just another data center. By taking ownership and making security visibility a high priority, we can focus on preventing cloud attacks against targets like admins, users and data across AWS, Microsoft Azure and Google Cloud environments.

Common Criteria for Cloud Security

The Splunk Security Research Team recently introduced the Unified Cloud Infrastructure Data Model. In creating this data model, the first step was to create a set of common criteria for cloud security. The team identified six main categories that group together the three major cloud providers and created a data model to enable organizations to perform analytics across multi-cloud providers including AWS, Microsoft Azure and Google Cloud for a more unified security posture. The common criteria identified are: – Read more

Learn More About Splunk