During ONUG Fall 2020, Nick Lippis, Co-Founder of ONUG, shared his thoughts on the post-Covid world of cloud-based technologies. His presentation focused on three points.

• Enterprise cloud is the solution for surviving in a digital-first world
• The enterprise cloud has gaps that need to be addressed
• A critical gap in the implementation is security

Addressing the gaps in the enterprise cloud infrastructure has become a priority as the demand for digital-first solutions has increased. The global pandemic has accelerated the adoption of cloud-based technologies to accommodate a remote workforce and contactless interactions. While the rapid application of technology has enabled businesses to survive, it has also highlighted vulnerabilities that need to be addressed.

What is the Enterprise Cloud?

During the 1990s, companies’ digital infrastructures were on-premise data centers that were accessed using desktop computers and connectivity was through wide-area networks (WANs). About 20 years later, the infrastructure began to shift to include cloud providers and services, but the majority of operations were still on-premise. Access had expanded to include mobile devices, laptops, and desktops. It was anticipated that it would take another ten years before new technologies would be fully integrated into business operations.

Then Covid happened. In less than a year, organizations were becoming cloud-based enterprises. More and more resources were moved to the cloud, with on-premise data centers shrinking. Based on the rapid changes in 2020, corporate networks will soon be housed in the cloud, with distributed offices and remote workers connecting through edge technology. A new service, Network as a Service (NaaS), will emerge.

NaaS would reside at the center of a corporate enterprise with its zero-trust architecture, SD-WAN support, and 5G connectivity. Data centers would shrink as more services would move off-premise. Instead of on-premise networks as the center, NaaS would become the piece that holds a corporate network together. 

What Covid has taught us is that businesses must be remote-first and cloud-native. When companies look at their business strategies, IT must be foundational to a strategy’s success because technology and business strategies have merged. In an unusual turn of events, executives who are traditionally hesitant to implement new technologies are eager to move forward. They have witnessed the benefits of cloud-based technologies over the past year and realize how critical they are to business survival. Unfortunately, the tools and skills lag behind, creating a gap in how that impacts the enterprise cloud’s successful implementations.  

What Are the Gaps?

Deciding to move on-premise solutions to the cloud is often a trade-off between control and convenience. As long as the solution stays on-premise, a company has control. When applications move to the cloud, they give up some of that control. Faced with the rapidly changing business environment of 2020, companies were forced to give up control so their employees could work remotely and customer needs could be met.

Unfortunately, technology lacks the tools and skills to address the gap between control and convenience at an enterprise level. This inability creates operational inefficiencies that only widen the gaps. For example, security notifications are vendor- or cloud-specific, requiring organizations to devote significant resources to integrate the information for analysis. This results in companies needing more tools, more people, and more time. 

One way to address the problem as it relates to security is to implement a standardized framework for the transfer of information between the cloud provider and customers. A uniform format reduces the number of tools, people, and time needed to process data. With a standard framework, companies can maintain control and benefit from cloud-based convenience.

Cloud Security Notification Framework

Beginning in 2019, the ONUG Collaborative created the Automated Cloud Governance (ACG) Working Group to develop a cloud-security notification framework to address the lack of standards. The framework is designed to reduce the number of tools and staff needed to manage security while providing a governance and risk framework. Each cloud provider relays security information to their customers and the customers are tasked with interpreting the data using vendor-specific tools. As Zhen from FedEx explained, the current implementation creates an unmanageable number of tools and people.

ONUG’s proposed framework eliminates the need for multiple tools, which reduces the strain on IT resources. It also enables companies to manage security data more efficiently and respond more effectively. With a standardized format, automated tools can be developed to minimize human involvement in basic data integration. Operational improvements enable businesses to be more agile when it comes to addressing security.

As John Willis illustrated, a cloud security notification framework opens the door to more meaningful information for the governance of digital assets. Processes can be developed based on operational data and evaluated in relation to governance, risk, and compliance. A feedback loop is established that enables informed decisions throughout the supply chain.  

The framework would allow providers to create standardized and proprietary formats to differentiate themselves within the market. Applications would be needed to process the notifications. And, companies could decide whether to accept standard or expanded notifications.  

What Is the Solution?

You, the customer, are the solution. If you want cloud providers to adhere to a framework, you have to make it part of doing business. When you issue a request for proposal (RFP), make compliance part of the requirement. As customers, you can transform the existing landscape into one that is more agile and gives you convenience and control of your digital assets.

Over the course of ONUG Spring 2021, we will continue to discuss the challenges inherent with multi-cloud solutions  and the benefits a security notification framework can provide. 

ONUG Spring 2021

Be sure to join us at ONUG Spring 2021, May 5-6, 2021, where we will continue these discussions. You can learn more about ONUG and other events by clicking here or you can contact us here.