The complexity of compliance in hybrid environments

Secure by design – a critical factor in cloud migration

Attitudes to both security and compliance are changing. As Security becomes viewed as an enabler of transformation, rather than a cost, it is also critical that it is a core tenant of the business strategy. As organizations adopt agile frameworks as part of their cloud transformation, depending more upon cloud-based services and applications to support a highly digital and distributed workforce; security needs be built into (not bolted onto) organizational digital programs from the outset.  

This is why Chief Information Security Officers (CISO) and their security teams are closely involved in the cloud decision-making process. And, why 61.6% of organizations say security and compliance are ‘critical’, and the first consideration in vendor or service provider selection for hybrid cloud planning.  

And it’s easy to see why. One successful cybersecurity attack can fundamentally damage profitability, trust, and reputation. Unfortunately, for a vast majority of enterprises, there is a huge degree of complexity in being compliant. 95.2% of organizations say they struggle to keep up with compliance obligations. 

Leveraging visibility and control to simplify the complex

Cloud security and compliance are complex, yet the end game is about visibility and control. Without it, gaining a complete picture of digital risk is very hard, which is important when considering the appropriate set of technology, tools, and controls needed to remain secure. This is further complicated by the fact that businesses tend to use multiple clouds. As such, getting consistency in common security policies, procedures, and behaviors to address the fragmentation of the different cloud environments is a constant, ongoing challenge.  

There is also the question of whose responsibility it is to secure what part of the cloud and its supporting infrastructure. Responsibility for securing different parts of hybrid cloud infrastructure varies by vendor but ultimately, it’s the business that needs to ensure their cloud environment is secure end-to-end. 

It’s equally important to know where sensitive data is being stored, how it is accessed and used, and by whom; particularly in light of the huge surge in bring your own device (BYOD), and with an increased reliance on cloud-based services. Uniform visibility is required across the entire cloud landscape, as well as having policy consistency – to remain compliant and to withstand and respond to attacks at ‘cloud-speed’. 

Partnering for simplified, powerful security

Ensuring your organization is resilient requires the skills and expertise of a trusted partner. 52.7% of global organizations strongly agree on the need to engage with consulting or professional service experts to ensure their hybrid cloud solution meets compliance standards. The short answer is that security not only matters, but it’s also fundamental to an organization’s ongoing transformation and long-term success – pandemic or no pandemic. 

Source

All statistics are taken from NTT’s 2021 Hybrid Cloud Report, conducted by 451 Research. To read about the complexity of compliance in more depth, as well as the other topics featured in our report. To view the infographic, click here.