When companies move to cloud, Security responsibility cannot be outsourced

The increased adoption of cloud computing comes with security issues, which organisations need to address.

In a panel discussion titled ‘Cloud Migration Security Challenges & Mitigation Strategies’, which was a part of W.Media’s ‘South Asia Cloud Security Market Insights’, the panel was moderated by Mubin Shaikh, Partner & Leader, Cyber Security, BDO in India touched upon many such issues.

The panellists included Mansi Thapar, Global Head- Information Security, DPO, Jaquar Group. Tirthankar Dutta, VP & CISO- Star & Disney India, The Walt Disney Company. Shaik J Ahmed, GM & Head- Information Security, Renault Nissan, Technology Business Center India and Parag Deodhar, Director- Information Security- APAC, VF Corporation.

“In the last 12 to 14 months, the COVID19 pandemic has accelerated the process of digital transformation by 2 to 3 years and cloud computing is an important aspect of this journey,” said Mubin Shaikh, Partner & Leader, Cyber Security, BDO in India.

Cloud is going to expand and get better with each passing day. But it is important to focus upon the building aspects of it. For instance, dealing with challenges and working on security-related issues.

He further added that the balance sheet of major companies like AWS, IBM, Microsoft, and others in the cloud business is growing 30 to 40 percent from year to year, which means that there is an increase in the number of organisations migrating to cloud.

Key Challenges of migrating to cloud

It is important to develop an awareness first, panellists felt. There are different types of cloud models, it could be public, private or hybrid. It is important to have an understanding of all three. There are different kinds of services that a cloud provider offers IaaS, PaaS and SaaS and all of them have a different responsibility matrix.

“People have a perception that if their organisation is moving to cloud, the responsibility of security is gone and the cloud provider will handle everything which is not the case,” said Mansi Thapar, Global Head, Information Security, DPO, Jaquar Group.

She further added that it is important to first decide the kind of cloud service that the organisation needs. In the case of IaaS it is important to know what the organisation will manage as there is a misconception that everything will be done by the cloud provider which is not true.

The organisation has to look into it, it is like a colocation. Only in SaaS, the responsibility of the organisation is data and the rest of everything is taken care of by the cloud provider.

It is also important to analyse the kind of compliance that the organisation falls into and if the cloud provider is able to fulfill that.

The next important step to keep in mind is what kind of data will be migrated. It is important that an organisation starts the process of migration with the least critical data. The API systems in cloud are totally different and while migrating to cloud it is important to make sure that the data is encrypted.

Automobile sectors & Cloud

Connected tech gives the users mobility, navigations and other features. For new-age features of the vehicle, it is important to adopt cloud computing. It is a mandatory requirement that every automotive company has come across.

“Organisations have moved to streamline these operations of migrating to cloud and making use of the process of digitisation and taking a step ahead of reaching out to the customers,” said Shaik J Ahmed, GM & Head- Information Security, Renault Nissan Technology Business Center India.

He further added that there are a few challenges that one could face while adopting cloud in the automotive area, especially in the mobility tech area.

The first one is having access reviewed on a streamlined basis, the second one is securing the digital identity which moves from on-premise to cloud. This is like having the proactive monitoring of each and every area hosted in the public or private cloud.