We are in the midst of an exciting Digital Transformation era wherein the enterprises across all sectors are at speed adopting new disruptive technologies mainly targeted towards consumerism of their services and to stay competitive not only from their traditional competitors but from new emerging players who are born digital. The overall digital transformation market is expected to grow to $2 trillion by 2020 as per IDC. Of this the cloud deployment is estimated to be the fastest growing at 29.4% CAGR. While most organizations start with migration of their infrastructure to cloud the real success will come only when their applications harness the power and elasticity of the cloud by adopting a cloud-native approach for their application development.
Capgemini recently published a research report on Cloud Native Comes of Age in which it indicates that the shift to cloud native is underway – today 15% of the new applications are cloud native and it is set to increase to 32% by 2020. The key driver for this shift is the desire to improve agility and scalability and increase velocity, thereby reducing time-to-market.
The same sentiment is echoed in the famous Mary Meeker report on Internet Trends of 2017 which states that the use of cloud-enabled apps in enterprise is rising rapidly, averaging around 1000+ cloud services used per enterprises. But it also cautions that most of these apps have serious security and compliance implications. It refers the Netskope research which indicates a staggering 94% of the cloud apps are not “enterprise-ready”.
While most organizations have started enabling applications on cloud by either creating, exposing or consuming Microservices & APIs, the success wholly depends on how secure is their application and the data. The mitigation of the security risks involves
- understanding the possible security threats to the app in a cloud environment
- figuring out the suitable approaches to address each of these threats
- identifying the right security services and technologies provided by the cloud platforms on which the app is being built, and
- incorporating a security-driven design for developing the cloud-native app.
The Cloud Security Alliance (CSA), an industry body that promotes the best practices for providing security assurance within cloud computing has identified 12 threats called The Treacherous Twelve, which is a good list of possible security threats and vulnerabilities that need to be managed. Also, the CSA Security Guidance gives pointers on the security considerations to be adopted in the design & development, deployment and operations of the cloud applications. Finally, it comes down to knowing the security capabilities that the cloud platform providers and making the best use of it.