Executive Summary
In this Virtual Think Tanks session for DXC Technology and VMware, Frost & Sullivan Industry Director Toph Whitmore spoke with industry IT security experts with experience leading secure cloud transformations in their organisations. The group discussed best practice strategies, roadmaps and use case examples for securing enterprise work spanning on-prem and cloud environments.
“The cloud is different. You secure it in a different way. The old ways of securing on-premise infrastructure don’t really apply in the same way. You can do amazing things with the cloud and that’s why we’re all interested in it, but you’ve got to deal with all of that reality.”
— Peter Scott, global director of Security, DXC Technology
Each panelist detailed their own unique experiences securing disparate, dispersed and diverse infrastructure. Some key takeaways:
- “Everything-all-at-once” cloud migration initiatives are bound to fail.
- Securing hybrid- and multi-cloud environments can complicate regulatory compliance.
- Third-party risk increases in hybrid and multi-cloud environments.
- Data in motion between clouds is difficult (though imperative) to secure.
- Cloud misconfiguration is a tangible risk in hybrid environments.
- Collaboration with partners can facilitate integrating security into phased cloud migration.
Discover how DXC is helping our customers transform their businesses here.
In this session, Peter Scott, global director of Security at DXC Technology, noted the challenge of ensuring strong cloud security posture management in a complex, cloud-migrated enterprise environment.
“The cloud fabric itself is very well engineered, very well secured,” said Scott. “The mistakes that [IT leaders] make will be how [they] configure it and use it. And it’s that transition from old ways of working to new ways of working [that are difficult]. And every customer we talk to, they struggle with that extra complexity. We’re ending up with more complexity, more things to look after. And we know that’s the enemy of security.”
What is the reality of hybrid security? As the panelists’ unique experiences illustrate, putting hybrid cloud security into practice is an ongoing journey, not a destination.
“Try and plot a path that simplifies and converges, because if you’re not careful, everything just gets more and more complex, more and more security to [apply], more and more things to deal with,” said Scott. “With security...you need to make sure that you are executing [the basics] brilliantly. There’s no magic source for doing that, but [then] that’s the challenge in front of us all.”