Sign up for our newsletter
Technology / Cloud

Tackling cybersecurity challenges of cloud migration strategies during the pandemic

Ahead of an upcoming clinic on cybersecurity, held in partnership with Intel, we look back at some of the lessons already learned.

A report from McKinsey & Company found that we catapulted forward five years in business and consumer digital adoption within the first two months of the pandemic. There was little time to find one’s feet in the new normal: digital transformation strategies were suddenly turbocharged as survival became a driving strategic imperative. Almost overnight, operations were moved online and staff empowered to work remotely. The scale and speed of change was staggering. 

But such scale and speed also brought with it several challenges that, 12 months latercontinue to reveal themselves. survey and upcoming discussion, hosted in partnership with Intel, will focus on cybersecurity, addressing the changes in the attack landscape and security priorities that have evolved over the last year. The previous iteration, The Cloud Clinic Centre, also focused heavily on security, but through the prism of cloud adoptionsurveying IT leaders’ main concerns and priorities around migration strategies in a dramatically altered operating environment.  

Ahead of an upcoming clinic on cybersecurity, held in partnership with Intel, we look back at some of the lessons drawn from The Cloud Clinic Centre. (Photo by Horoscope/Shutterstock)

Over 100 cloud professionals – drawn predominantly from a mixture of infrastructure and transformation leads, chief architects, and analysts – participated in an initial survey. Asked about what concerns most hindered cloud migration strategies within their organisations, security ranked first, followed in descending order by cost, skills and application migration.  

Over half of respondents said their organisations were planning either full or partial migration to the cloud, with just 4% claiming their migration plans had been completed. Only 8% identified themselves as cloud-native organisations. In terms of preferred deployment models, 63% cited hybrid; 13% went for public cloud infrastructure; and 9% for private. 

Respondents were also invited to ask questions of a panel of experts, who convened for a video roundtable to discuss the survey’s findings and answer some of the most pressing queries about the cloud journeyChris Feltham, industry technical specialist (cloud) at Intel, said he was unsurprised to see security at the top of respondents’ minds, as attacks become more sophisticated and attack surfaces much larger.  

“It’s something we observe as well,” Feltham observed. “The way security is deployed has to evolve to keep up and the view we take is that using software to protect software has too many limitations. The way forward is to use hardware security that can extend all the way up through operating and software stacks, through to applications and the cloud. Build that capability at the root level and have it protect everything above. Security is only ever as good as the next level below you.” 

Progress should never be taken for granted

Bart Challis, product manager at UKCloud, believed security attitudes were shifting. “It has long been seen as an insurance policy – a just in case,” he said. People do it begrudgingly and the main reason is that it’s traditionally very costly to do properly.  

Organisations with smaller budgets need to protect their data just as much as larger enterprises. By lowering that bar, productising, commoditising security services, even interweaving security services as a tick box on a virtual machine, that starts to make security much more approachable.” 

Improvements in security were being mirrored in stability enhancements, the panel agreed, but progress should never be taken for granted. “Expect the best and plan for the worst,” cautioned Chris Folkerd, director of enterprise technologies at UKFast“Take a full stack approach – there’s not one area to focus on to the detriment of others. In terms of underlying infrastructure, we’ve seen leaps and bounds in recent years. Above that, in the application space, it’s about making sure the stack itself is resilient. Then you have the visibility piece; most organisations are now running in a multi-cloud environment. Monitoring plays a key part in keeping visibility. Newer monitoring tools that provide a single pane of glass can help with that.” 

Asked about the feasibility of adopting a standard cloud migration policy, Andy Webb, director of product management at UKCloud, believed more flexibility was requiredYou have to look at your rationale for moving,” he said. Is it cost-based or is it a reengineering effort? We advocate using more open standards and believe in a multi-cloud approach because different platforms are going to be best suited for serving different priorities. There are lots of ways to do it, but no single solution.” 

On deployment of artificial intelligence, Webb similarly advised on ensuring a full and nuanced picture of your requirements. “AI a broad church and the thing to remember is that it’s just a tool that sits inside a broad set of tools. It has potential to create new insights of large data sets, but is that data being stored and managed in line with all requirements – and can your provider provide not only a technical solution, but also a commercial and compliance solution.”    

This fed into a wider conversation about how to best unlock value from one’s provider, amid general concerns surrounding cost. “It’s really important you’re looking at moving the right infrastructure, moving services that will see real benefits from migration, rather than pursuing a large-scale lift and shift approach of your whole infrastructure, creates much more value,” said Folkerd.   

The pandemic has injected urgency

“Cloud can be a lot more expensive, but it can also be more cost-efficient depending on how you implement it. There’s also the value-added piece. You’re getting a lot of access to expertise you wouldn’t necessarily have in-house. Cloud often involves a lot of crosstraining and skills exchange when implementing. Having a service provider there can ensure you have the skills and security expertise. 

The pandemic and shifting operational models have injected more urgency into all of these considerations. While unprecedented events have pushed several enterprises into action, many have been struck by the benefits unlocked. 

“For most of us here, I think it’s fair to say, even prior to lockdown, work wasn’t somewhere you went, it was something you did,” said Feltham. “Recent events have shown how alien this is to a number of people though, including IT departments charged with supporting it. People have been forced into it in many cases, but have been pleasantly surprised by the results. We’re seeing a lot more creativity in how these solutions are adopted. It’s opening their eyes to new ways of doing things. Forced acceptance, maybe, but with generally positive outcomes.” 

The second clinic, presented in partnership with Intel, will launch shortlyThe survey is now live. You can also access the Cloud Clinic Centre by clicking here.