Cloud providers like Amazon Web Services (AWS) offer security capabilities that outstrip what most companies could ever hope to achieve on-premise. But it can still be a complex landscape to navigate. Partnering with external expertise can make all the difference.
The days of going to cloud purely as a cost-saving measure are long gone. Thanks to the maturity of today’s public cloud, the level of data security offered is now just as likely to be the deciding factor. IDG’s latest research backs this up, with 38 percent of respondents from numerous industries now citing rigorous data security as their principal business driver for accelerating public cloud adoption.
These companies recognize that the security offered by the public cloud is likely to be superior to on-premise solutions. Three-quarters of respondents said they trust their data in the cloud is secure, for instance, and over two-thirds said they were confident the benefits of public cloud outweigh any perceived security risks.
Take AWS as a prime example. They support a growing array of security and governance functions, including everything from fine-grained identity and access management controls to automated security assessments and machine learning-powered security services. The result: Cutting-edge security is now much easier and cheaper to implement in the cloud than on-premise.
That’s not to say complexity has been completely eliminated. Integrating data security remains a challenge for many. Nearly half of respondents to IDG’s survey said security integration was their most in-demand skillset. It’s become a focal point for a simple reason: Cloud raises integration challenges companies just haven’t had to face in the past.
Moreover, thanks to the advanced nature of the security tools offered by cloud providers, internal IT teams sometimes need retraining to use them effectively. Take Amazon Macie—a service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. It’s highly effective—but it requires different skillsets than many security teams have needed to date.
It’s part of a general "shift left" trend in security. As security is incorporated earlier into agile and DevOps development processes—often called DevSecOps—the security community is having to adapt. Static solutions are being eclipsed by near-real time environments, where code is pushed through APIs to the cloud. It’s a very different way of working for most.
What’s more, most cloud providers don’t yet offer the full spectrum of security services a business needs. Analysis is required to identify the gaps and other third-party tools are selected to achieve holistic protection. That’s another level of complexity to manage—especially in security integration.
This is why partnering with external expertise can be so important. IDG’s research shows 98 percent of companies agree this expertise is valuable in at least one facet of cloud security, whether that’s integration, analytics, risk management, or staff training.
So there’s a wide recognition of the need not to go it alone. The key reason is partners can offer leading expertise and experience more cost-effectively across a whole range of security functions. In everything from conducting audits and developing strategies to identifying application portfolios and retraining IT teams, they can offer vital help in securing the public cloud. Many will even deliver managed security services on a company’s behalf, taking the burden of data security off the shoulders of internal teams.
But partnering up can have other, less immediately obvious benefits. By joining forces with external experts, a company starts to build an ecosystem around their public cloud strategies. Done in the right way, that creates the kinds of positive feedback loop that can accelerate the capabilities of the whole ecosystem exponentially. So every participant gets better outcomes faster with shorter learning cycles. It’s a win-win.
Ultimately, as more and more companies migrate to public cloud, and as leading providers like AWS make further big leaps forward in data security, the landscape is getting ever more complex. Core skillsets are changing fast—companies need to be ready to adapt.