Migration to the cloud is an essential step in the journey of digital transformation as organisations are now operating remotely and workloads are migrated to the Internet due to more mobile-connected customers and workforce. As activities within a company are still limited, businesses are compelled to adapt through digitalisation.
This change in the digital landscape acts as the catalyst of change in this new normal, but as Aaron Tan Dani, Chairman of IASA Asia Pacific, said at the Malaysia Cloud and Data Centre Digital Summit 2020, such change is more than just “another project”.
“Many people think that digital transformation is just another project. But actually, it’s a totally different perspective because transforming digitally means that we have to do things differently than we’re used to doing. Decades ago, we were in the computerisation era, but now we are going through digitalisation”, Aaron said. He added that COVID-19 has forced many organisations to take a more serious look at transforming their digital architectures.
With this sudden start of the digitalisation journey, many companies are still left clueless about what to do. “Most organisations are going through digital transformation without knowing what is there to consider. That’s why most of them are failing. To reflect the complexities in driving digital transformation, we have to consider the four pillars or key designs”, added Aaron.
These four pillars include a customer-led business model, insights-driven system to leverage data for strategic advantages, responsiveness to changing customer demands and market disruption and connected internal processes, operations and ecosystems within the enterprise.
“To answer these demands, we need enterprise architecture. Without this, there would be many duplications which lead to islands of projects with no integration and unity”, Aaron further explained.
This enterprise architecture requires migrations of workloads and systems to the cloud and for organisations to have a serious discussion on the importance of the cloud and its accompanying security, said Sina Manavi, Senior Security Manager, AIA Group.
For Sina, cloud migration from an enterprise standpoint is, without a doubt, imperative now. This digital transformation that was projected to happen in 2025 is already happening now as organisations adapt to the pandemic by accelerating remote working practices and cloud deployments.
For higher chances of success, organisations have to look for the right cloud providers that will meet their needs. “There are different cloud providers but the question is always, which one is the best? Most of them have the same provisions from a security standpoint but again it comes back to the customers and what they want to achieve”, said Sina.
Before choosing a provider, organisations need to ask what kind of challenges they are going to face and whether they are ready for it. One of the most critical challenges is the protection of their data. Organisations need to define what data is critical (and what is not), what data is compatible for cloud migration and what should be retained on-prem.
Another challenge that companies will face during cloud migration involves asset inventory. There are many cases where companies can’t even keep track of how many ISPs, servers, applications and other such inventories they have. Without this knowledge, it would be difficult to come up with a proper cloud migration roadmap. Sina added that once businesses can define this roadmap, they need to define the policies, standard procedures, as well as the risks that come with it.
These risks include data breaches, misconfigurations and inadequate change controls, lack of cloud security architecture and strategy, metastructure and applications failures and limited cloud usage visibility.
To end the session, Sina mentioned the following aspects in achieving cloud security risk control and governance:
Build and maintain inventory.
Define roles and responsibilities within employees and customers.
Management of accessibility.
Auditing and logging.
Deploy computer–telephone integration and have regular red team assessments.
Govern Bring Your Own Cloud (BYOC) practices and 3rd party software used by end-users.