The State of Cloud Adoption: Are You Rethinking Security?

Cloud adoption is accelerating. It’s no surprise that the cloud unlocks tremendous business opportunities, but moving to the cloud requires organizations to rethink security. It begins with understanding the adoption model. 

In a traditional model, the organization would own and manage 100% of its workloads. The ownership and management of the data center and everything within it dissipates when migrating from legacy to cloud. A cloud model is a shared responsibility between you as the cloud customer and the cloud service provider (CSP). 

Consider three available cloud services or adoption models: PaaS – Platform-as-a-Service, SaaS – Software-as-a-service, and IaaS – Infrastructure-as-a-service. 

Platform-as-a-Service

When you look at PaaS, you’re building applications, migrating data to the cloud, and building native cloud applications. The CSP is responsible for managing the protection of the cloud platform. You are responsible for the security of the applications, workloads, and data.

The cloud provider must ensure that the workloads are compliant and secure (e.g., network security, runtimes, container security, isolation, etc., so that the customers can have their own space within the platform. 

Infrastructure-as-a-Service

If you’re adopting IaaS and migrating workloads to the cloud, then the CSP manages the hypervisor on down. In this case, you are using virtual servers. Or, if you’re using bare metal, you can completely control everything and up, including the (e.g., virtual servers, OS, applications, and data). 

Software-as-a-Service

The CSP manages all of its applications and security. You only worry about securing the data and governance.

The cloud customer will always be responsible for data, governance, risk and compliance in each adoption model. You may also consider Private, Public, or hybrid cloud deployment. In either deployment model, consider those factors as well. Your portion of the security will vary for each.

Success starts with a security strategy. You must understand your business drivers to determine its security needs. So, before rethinking security, plan to spend some time identifying which cloud adoption model fits your organization’s business needs before moving to the cloud and driving digital transformation.