Phillip de Waal, Systems Engineering Manager at Nutanix Sub-Saharan Africa.

There is an ongoing debate about which cloud or on-premises is more secure. Both can be equally secure, but it requires the business to take responsibility and control the chosen environment. It is also not something that can be done overnight. The organisation must be willing to invest the necessary resources to ensure the security of its data footprint.

In the case of on-premises implementations, companies usually retain complete control over security as they do not trust anybody else to do the job. This creates a gap between existing implementations and cloud-based ones. In the latter case, businesses are looking to standardise on robust and secure hyperconverged infrastructure to deliver all applications and data at scale across any cloud environment.

It becomes essential to select a robust solution capable of bridging the gap between on-premises and the cloud. Through this, a company can have cloud-like scalability and simplicity on-premises while effortlessly moving applications and data between these platforms.

Security foundation

Before such a solution can even be considered, the organisation must have a proper cloud security strategy. The alternative is the introduction of significant security issues in its cloud computing architecture. Cloud security is not a singular solution that can be implemented and be done with. It is an entire ecosystem of processes, policies, solutions, and approaches that are integrated to secure the data and applications that live in the cloud.

With an integrated cloud security approach, a company can more effectively mitigate against the risk of sensitive data loss, malware, contractual breaches, revenue loss, and damaging brand reputation. Going the cloud route with security delivers a centralised environment that significantly reduces costs and administration time. It also provides a business with improved reliability as the cloud introduces more advanced, automated measures of safeguarding data and applications. These form the building blocks of a more secure real estate.

Data accessibility

A cloud-based security approach also highlights who has access to business data on-premises and in the cloud. Traditionally, data access was managed through a firewall and role-based access control. However, frameworks like micro-segmentation and Zero Trust have emerged to deliver a more secure environment. These modern methodologies must be kept in mind when the company designs and implements access control into the cloud.

An ideal approach would be a layered one that takes into consideration the development and implementation of a secure development lifecycle, platform hardening and automation, network micro-segmentation, identity and access management, and data encryption both at rest and in flight. The golden thread tying all these layers together is compliance and being able to audit and report on as and when required. In the complex data regulatory environments of South Africa and the rest of the world, this compliance is mission-critical to success.

A secure approach

Given how widespread the hybrid work model has become, a business should consider implementing Identity Access Management (IAM) as a way to more effectively control the cloud access of multiple users spread across a variety of geographic locations. By combining IAM with role-based access control, the business can have the peace of mind that employees can only access the data and applications required for their specific role.

In fact, IAM and Privileged Access Management (PAM) are widely used Zero Trust frameworks that identify and provide access to not only people but also devices, applications, and endpoints. There is also a Secure Access Service Edge (SASE) to consider.

This technology, typically provided as a service, delivers WAN and security controls as a cloud computing service directly to endpoints. With workloads and services running in a hybrid model, businesses require uninterrupted access for their users irrespective of location. With workloads and data moving between locations, SASE provides a new approach to delivering cloud security.

Once companies make the move into a cloud or hybrid cloud model, they should consider adopting a cybersecurity mesh. This is a distributed approach to shoring up reliable and scalable defences. It is less about perimeter protection and more about proactively finding effective ways to detect and monitor security incidents.

All about visibility

As businesses start integrating their on-premises environments into the cloud, accessing integrated insights becomes more critical. Providing visibility into cost and having sight of how resources are used and scaled can empower decision-makers to optimise their hybrid and multi-cloud investments.

However, cloud providers also have responsibilities in this regard. They must clearly define service availability and thresholds and provide customers with reporting and notifications. The modern data environment requires organisations to have clear insight and visibility into not only their cloud usage and spending but also cloud governance and intelligent resource optimisation recommendations.