Cloud Infra Presents Sovereignty, Regulatory Challenges

ManageEngine Vice President Rajesh Ganesan discusses hybrid-work and zero-trust models and the changing regulatory environment concerning all things cloud.

By Rajesh Ganesan

Due to the pandemic, a great number of companies have accelerated migration and consumption of cloud platforms to deal with working remotely, and varying demands on different services and capabilities. As this has happened in unprecedented speed in terms of adoption, some companies may find themselves short.

When a major portion of employees start to access an organization’s technology infrastructure remotely, the primary challenge is maintaining information security. Attackers will exploit the opportunity, so IT leadership needs to ensure security is tight before opening up remote access. They should look into investing in technology that facilitates secure remote access.

Yet another challenge concerns the drop in productivity, which is inevitable due to the sudden shift to working from home. The leadership should prepare for this and instill continuous awareness and training to keep their workforce’s productivity at optimal levels.

They should also look at the at-home environment where employees are expected to get their work done. While office environments are built to be conducive for business work, unless employees can set aside a dedicated office space with access to necessary tools and software in their homes, their productivity may be heavily impacted by remote work. The leadership should be proactive and understanding of employee needs, and prepare plans to allocate a portion of the workstation budget for employees that need to replicate an office setup at home.

For many businesses, technology has mostly been an afterthought or they did not build the right expertise to leverage technology to its full potential. At best, it was used as a business enabler to reduce some manual effort and not as a transformational force.

The pandemic has clearly established technology as a frontline function for any business that not only survives but can also thrive even during adversity. It has given the right perspective to stakeholders on how to approach technology as a building block for the business and make the right investments.

Once the right mix of technology is applied, the other significant aspect business stakeholders figured out was how easily it enabled remote work that unlocked great levels of overall productivity. Barriers like travel, commute, real estate, facilities and logistics are not really show stoppers anymore with businesses managing to stay productive with most employees working from wherever they can. Taking the plunge to allow widespread remote work became so natural which was otherwise a long-standing dilemma for many businesses.

Most significantly, this allowed businesses and employees to take care of their overall well being in a more natural way than running tailored programmes. Being home for the most part with the family around, not spending a lot of time on hard commute, not having to sacrifice on physical and personal space are all factors that contribute greatly to employee well-being, eventually resulting in productivity benefits for the business.

As much as we want to deny it, the hard truth is the future is inherently uncertain for everyone. It helps businesses to not let go of the basics and focus on their core purpose, which is to serve customers and delight them better than anyone else. The pandemic situation is transient and it is good to see it just as a factor that has catalysed changes for the better, rather than reducing the future to just uncertainty.

To muster and build more resilience businesses must continuously self retrospect on how to rediscover and transform themselves better than the competition, how can they become more nimble to respond to situations and how can they keep delighting their customers. This is the technology era, more than the covid era and so build and develop in-house technology expertise which helps in achieving those objectives.

What the pandemic taught us is to expect the unexpected, to be prepared to face disaster and find opportunities to thrive in adversity. So businesses have to get their basics right, and apply technology to improve their resilience.

Tech has enabled businesses to operate despite closing their doors to prevent large gatherings and enforce social distancing. Thanks to IT support teams, many businesses were able to mobilize their workforce for remote work. Now that they had time to overcome the initial hiccups, IT teams should focus on two of the biggest tasks at hand –

Enhancing employee experience while working remotely; and

Supporting business continuity while strengthening security.

To improve employee experience, they need to rebuild their knowledge base for remote employees, enhance the service catalog to encourage use of the self-service portal, use workflows to standardize support process and scale expertise, invest in a robust remote access tool and make IT support more accessible.

Securing the company data and endpoints, providing privileged access for code deployments or infrastructure changes, doubling down on cyber surveillance and insider threats, and creating relevant dashboards for critical resources and changes are essential to support business continuity while strengthening security.

A cloud-native hybrid IT infrastructure helps organisations respond to change and uncertainty better. That said, even as organisations move to a cloud-first or cloud-dominant approach, it is important that application, infrastructure, and data security are not compromised.

Cloud makes it possible to add and remove virtual infrastructure dynamically, which in turn allows you to attend to any scaling demands. Since cloud providers act as extended IT teams helping to maintain cloud infrastructure, IT teams with a restricted staff do not have to focus on “keeping the lights on.”

A few areas where IT teams need to focus on is training staff with relevant skills to manage cloud infrastructure, find ways to optimally meter and use cloud assets, decide what parts of a company’s infrastructure needs to be taken to the cloud, and finally find ways to track and manage cloud and on-premises IT assets together in a single console view.

Because of remote work, enterprise data and endpoints that access this data have moved beyond the confines of the enterprises. Organisations should adopt data-first and network-driven security models instead of relying on the traditional models.

In addition, BYOD made enterprises understand the need to regulate personal device use, while the usage of third-party cloud services led to end-to-end encryption of network communications and comprehensive cloud authentication and authorization mechanisms.

With the hybrid work model set to stay, the focus will be on endpoint and network security as enterprises continue to understand where the data is and where it flows within the network and then build a security model based on this knowledge.

Trends for 2021 

With the accelerated cloud adoption, it is inevitable that governments across the world will bring in region-specific regulations to uphold aspects of sovereignty, user privacy, security, culture, policies, and other issues; and this will call for cloud infrastructure to be hosted in every such region to comply to those regulations.

When it comes to their data as well as their customers’ data, it is imperative for businesses to operate with clarity of regulations and how they apply.

There will also be more emphasis on securing the identity than the perimeter. Due to the full move to cloud, perimeters don’t exist anymore, and protecting just the local networks and assuming cloud is secure is not a good approach for businesses. A completely new and holistic approach to information security is mandatory to cover everything from directory services to databases to business applications that are moving to the cloud. The trend will be to build a unified and central mechanism to secure identities, entitlements, and access to information for users as well as to authorize and control every single access.

Businesses can enable this by moving to a Zero Trust access model and leveraging modern identity and access management, privileged access management, and secure remote access management technologies.

Lastly, it is all endpoints, not devices. The definition of a ‘device’ will continue to evolve as the line between the hardware and software devices start to blur. A smart phone is a device that needs to be managed and so will be the individual apps within the phone, in terms of usage policies, security, and privacy. With remote work becoming the norm, users will access information and carry out work using multiple devices and apps, all of which will become technology endpoints requiring to be managed tightly.

Businesses should prepare to manage hundreds of thousands of endpoints by investing in the right technologies.

Scroll to Top