KuppingerCole Report
Advisory Note
By Dan Blum

Rising to the Security Challenge of Heavy Cloud Adoption

Many enterprises have decided on a “cloud first” strategy, or have seen heavy cloud adoption evolve spontaneously as their business units embrace cloud for cost savings, agility or other competitive imperatives. Security teams face challenges controlling, influencing or enabling cloud adoption. This document provides guidance on how IT security leadership should deal with the challenges of strategic uncertainty, regulatory compliance, shadow IT, fragmented security infrastructure and agile development and devops practices.

1 Management Summary

If it is the goal of information security to enable the business as well as protect it, then traditional security responses to cloud computing adoptio ...

Login Get full Access

2 Highlights

  • A surge of cloud adoption can create many challenges
    • Strategic uncertainty in IT itself leaves security organizations rudderless, without direct ...
Login Get full Access

3 Cloud Security Challenges

Relentless global competition for operational efficiency and rapid technology advances in vertical industries have created great need for the scalabil ...

Login Get full Access

3.1 Strategic Uncertainty in IT Itself

Amid heavy storms, some businesses will fail. Others will ride the wind, transforming their IT and security organizations to leverage cloud computing, ...

Login Get full Access

3.2 Regularity and Shared Responsibility Conundrums

Growing regulation of IT security and privacy practices has slowed – but not stopped – heavy cloud adoption. One of the ways that cloud-based serv ...

Login Get full Access

3.3 Shadow IT Brings Risks

Lack of visibility and governance of cloud services can create risk for enterprises. According to a study by Cisco4 :

"IT departments estimate the ...

Login Get full Access

3.4 Unplanned Adoption Fragments IT and Security Infrastructures

Public cloud adoption further fragments IT security infrastructure from whatever pre-existed in the on premise IT environment. IT interoperability bet ...

Login Get full Access

3.5 A Lack of Agility Disconnects Security from the Creative Forces in the Business

Just as some cloud computing services have literally acquired power plants and built compute and storage factories in search of scale and agility, clo ...

Login Get full Access

4 Recommendations

Login Get full Access

4.1 Find Cloud Security in the IT Strategy

Security staff must align information security principles, architectures and processes with an IT Cloud Strategy. That is difficult if the cloud strat ...

Login Get full Access

4.1.1 Establish a Team Framework and Approach

Security should pervade the IT cloud strategy. Cross-functional cloud security teamwork is needed at the Executive, Business Units, IT Architecture, I ...

KuppingerCole recommends that organizations actually charter an IT Cloud Strategy team involving stakeholders with the IT Cloud RACI’s roles or func ...

Login Get full Access

4.2 Elicit the Core IT Cloud Strategy Decisions from Stakeholders

IT Cloud strategies have many complex, interlocking elements and require many decisions that stakeholders may not have reached, shared or agreed on. H ...

Login Get full Access

4.2.1 Set Primary Cloud Direction and Governance Model

Primary cloud direction should be the first decision in the IT Cloud Strategy. Together with decisions on strategic CSP partners the business will us ...

Login Get full Access

4.2.2 Develop Application Hosting Guidance with Input from EA, Development, Risk Management and Compliance

Security architects must align technical patterns with the application hosting guidance. Technical cloud security patterns guidance should leverage bu ...

Login Get full Access

4.2.3 Develop Cloud Management and Assurance Frameworks Appropriate to the Emerging Strategy and Core CSP/MSP Partners

„Select core CSP and MSP partners“ appears at approximately seven o’clock on Figure 1‘s IT Cloud Strategy wheel – the optimal point in the s ...

Login Get full Access

4.2.4 Optimize the Cloud Networking and Mobility Strategy

A cloud network topology emerges from the organization’s geographic footprint, CSP partnerships and regional hosting decisions, application traffic ...

Login Get full Access

4.2.5 Optimize Cloud Identity and Access Management

Heavy cloud adoption has disrupted enterprise identity architectures, bringing a rebirth of the “yet another directory” (YETA) with many services ...

Login Get full Access

4.3 Discover Cloud Services, Needs and Risks

Cloud usage (aka shadow IT) and needs discovery can begin before, or in parallel to, developing a comprehensive IT cloud strategy. KuppingerCole recom ...

Login Get full Access

4.4 Embrace Automation and Agility – With Assurance

Developing software and deploying it in IaaS environments – for all the promised agility and scalability in modern clouds – is not a trivial matte ...

Login Get full Access

5 Conclusion

Rapid cloud adoption continues, but should be governed through a collaborative process at the enterprise level. Engage IT and business units to make t ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.