Why on-premises data security is increasing your business risk

So you want to ensure your organisation has robust data security. 

After all, the media is full of horror stories – and there are stark financial and reputational ramifications of being the next headline. In 2019, over 4 billion data records were compromised. Coronavirus is magnifying this risk – there’s been a 400%+ uplift in attacks since the start of the pandemic, in part driven by the effects of remote working.

There are dozens of hundred-item long checklists you can go through to evaluate and reinforce your organisation’s data security status, with elements ranging from crypto-security keys to mobile device policies. But if your strategy is based on principles and on-premises technology that fall short of your current risk profile, those checklists are like trying to put out a house fire while Rome is burning. 

To reduce the risk of data breaches and make meaningful, future-proof improvements to your organisation’s security, you need to start by re-evaluating your on-premises foundation. Here’s why.

It’s progressively harder and more expensive to keep on-premises security up to date with current risks…

Yes, it’s possible to configure your on-premises environment to provide high security levels. But there’s cost and risk associated with that need to configure. Physical security, anti-virus, firewalls, role-based access, data at rest vs data in transit – there are myriad variables to control and opportunities for human error. 

As your data estate expands and the organisation needs to access data in new ways to generate value, those variables and human error opportunities multiply. And that introduces risk.

…whereas the cloud gives you an ever-strengthening foundation.

With a cloud environment, you have a robust, established baseline of data security out of the box – with built-in controls and continuous monitoring. 

Hyperscalers direct vast investment globally to ensure customers benefit from constantly improving features, protocols and policies. For example, Microsoft Azure has invested more than $1 billion in security R&D. AWS has more than 500 features and services focused on security and compliance. That’s no match for what you can achieve as a single organisation.

It’s therefore easy to deploy and maintain a uniform and robust data security approach with the cloud. The security surface area your teams need to manage is smaller – they can focus on protecting content, applications, systems and networks. The data resiliency is taken care of for you, reducing the need for ongoing resource and hardware investment just to keep your head above water (never mind ensuring the organisation is on the front foot).

On-premises security isn’t agile when responding to inevitable threats and managing changing risk exposure…

Traditional security principles – executed through on-premises technology – are perimeter-based, rule-driven and rely on increasing customisation. This means scaling and pivoting involve manual processes to provision and configure servers and associated access. 

If your risk profile changes or you detect a security threat, you therefore add time into the equation. Having to take time is expensive, and putting the organisation in that position introduces risk. 

…whereas the cloud enables a principle-based, flexible and scalable approach.

With the cloud, it’s easy to take a strategic approach to data security. Instead of choosing between thousands of potential rules to implement from the bottom up, you can home in on:

  • Where your risk is
  • What your exposure is
  • What principles you want to use for managing risk and exposure
  • How you want to define your risk controls

With your cloud foundation, it’s then easy to implement that top-line thinking quickly, systematically and uniformly across your environments and solutions. APIs and automation give you both economies of scale and flexibility – making it easier to manage identities, control access, detect threats early and ensure compliance with the latest standards. 

If you’re going to invest in data security – it’s time to direct that investment in the lowest-risk, highest-value way.

The nature of current data threats means traditional, perimeter-based thinking and security checklists must give way to more modern, automated and principle-based risk approaches.

The cloud gives you the resilience, agility and scalability you need to make that essential shift.

So why not take a more targeted and robust approach to protecting your data – and your reputation? 

Book in your free cloud security session.

Get in Touch.

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

    8 Cloud Migration Pitfalls You Must Avoid

    Rising blood pressure and exasperated colleagues. Delayed value and mounting costs. Even when you start with the best intentions, the wrong cloud migration approach can lead to situations when you want to bang your head against the desk in frustration.

    As you plan and steer your organisation’s cloud migration, beware of these 8 scenarios that cause unnecessary aggravation.

    1: Getting mired in analysis paralysis

    Yes, you need to plan for your cloud journey and understand what your destination looks like. But that doesn’t need to take months. The longer you drag out the planning – and the more you pay for consultancy – the longer it takes to start getting value from your investment.

    You don’t need to pre-determine everything for the entire migration lifecycle. In any case, things change as you start untangling dependencies and experimenting with cloud. Make agility your watch-word, so you maintain focus on your destination but can adapt as you learn.

    2: Discovering your partner doesn’t really do automation

    Automation is critical to achieving agility and cost savings with the cloud. But most traditional system integrators have little to no established automation capability (and can take months to get it in place). This is because they generally have less than 10% public cloud workload penetration, meaning their processes are optimised for manual, legacy data centre-type delivery.

    Make sure automation capabilities are part of your procurement process. Make sure your partner has established, automation-driven tools and processes to speed up cloud migration, host operations and managed services. We’re talking everything from automated landing zones to patch and back-up automation. 

    3: Falling for the cloud capex myth

    Cloud involves capex, and stakeholders need to realise that quickly. Yes, you’re moving to a consumption-based model and you ultimately won’t have such high hardware costs. But there’s still capex involved in the migration itself. 

    The question is: do you want to pay that capex upfront or do you want to amortise it?

    Maybe your migration aligns with hardware refresh cycles, and it’s easy to reallocate that budget for an upfront payment. But you may be better off spreading that capex out as opex over your monthly managed services commitment (as with Managed Cloud Migration), so you eliminate that financial risk by aligning investment with value.

    4: Realising you haven’t accurately accounted for the cost of cloud vs on-premises

    We’ve just debunked the myth that there’s no capex with cloud. The other myth we must address is that cloud is automatically cheaper than on-prem.

    Cloud gives you agility, scalability and innovation velocity that can ultimately help the business boost revenue and profitability. But it doesn’t spontaneously reduce your IT bills. To get the savings, you need managed services – for continuous capacity and landscape optimisation. 

    Then, when you have that ongoing optimisation, you also have to remember (and remind stakeholders) that it’s about aggregated savings. Some apps and workloads may be more expensive in the cloud, but overall you’re in a stronger financial and competitive position.

    5: Forcing cultural adoption

    Making the most of cloud requires cultural change, no question. But don’t make agile/DevOps adoption a pre-condition to getting on with migration. The reality is that some people won’t want to adapt. Others will dive straight into cloud training. And others will want to see how the initial proofs-of-concept go. 

    Think of upskilling and cultural change as a series of POCs, not a major transformation. That way, you can empower people as you progress – and ensure blockers don’t hold up value delivery.

    6: Starting with the wrong workloads/applications

    They’re common scenarios. Migration stalls because people are stuck unravelling a complex, monolithic application. Legacy ways of working mean apps aren’t realising their TCO/value potential in the cloud. People losing faith because of teething problems with newly migrated workloads.

    There’s a lot riding on how you prioritise workloads and applications for migration. So don’t rely on factors like age and cost. Instead, choose a pilot that delivers maximum business value with minimum cost and risk. (Get more tips on choosing your POC in this migration planning guide.)

    7: Getting stuck in Hybrid Hell

    In an ideal world, you’d be able to flip a switch to move from on-prem to cloud. But you can’t.  With a standard migration approach, there’s a hybrid period where you’re partially in the cloud and partially in your data centre. This has many operational and financial challenges – from dual running costs to growing backlogs.

    Don’t sleepwalk into this situation. If you’re going to have a hybrid period, plan for it with your partner. If you want to circumvent it, take a Managed Cloud Migration approach, where you have a managed landing zone and workloads/applications are cloud-ready in days.

    8: Incurring high real and opportunity costs by doing it fully in-house

    The assumption is that managing applications/workloads yourself is the cheapest approach, especially if you’ve invested in training and recruitment. 9 times out of 10, it’s a false assumption – and having an external partner ends up cheaper.

    Why? On the one hand, if you manage yourself, you need to overhaul your operating model to ensure you’re achieving your value potential from cloud. That is time-consuming and expensive at the best of times. It’s even worse if you’re stuck in Hybrid Hell and need one team to manage cloud and another to manage on-prem. 

    On the other hand, you’re introducing major opportunity costs. Devoting IT resource to management means you’re taking resource away from development and innovation. You’re bogging people down with tasks that can be automated when you work with experienced partners who have the right tooling. 

    To avoid these 8 migration pitfalls, you need the right migration approach

    That approach needs to balance quick wins, immediate cost savings and long-term value. It needs to facilitate cloud-enabled ways of working. And it needs to minimise risk.

    Learn more about avoiding cloud migration headaches – and achieving an operationally and financially smooth transition.

    Get in Touch.

    Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

      The Business Case for Multisourcing

      The top IT leader challenge is managing with budget constraints, according to a latest Gartner survey. While dealing with that challenge, they also have to help build the business strategy (53%) and drive innovation (40%). 

      Outsourcing has been the obvious way to square this circle – offloading low-value tasks so the business can focus on high-value opportunities. But traditional outsourcing models haven’t been meeting business needs. One study found that 60% of IT outsourcing projects fail to meet their pre-defined targets. That’s why multisourcing is increasingly popular. Instead of outsourcing to a single service provider, companies are using best-in-breed vendors for different elements of their IT landscape. 

      Here’s why IT multisourcing is the future – both for cost savings and value delivery.

      Single provider outsourcing models are no longer cost-effective

      The business case for outsourcing to a single provider was based on economies of scale and convenience (which delivers cost benefits through improved operational efficiency). 

      The reality, however, is that the single provider model hasn’t lived up to the savings expectations – and, in many cases, has created unnecessary cost.

      Inflexible consumption models, contract lock-in, low agility and increased technical debt all lead to real costs within the business – which easily outweigh the savings from economies of scale and convenience.

      Businesses need more agility and flexibility to meet market needs

      With rapid changes to the technology landscape and customer expectations, IT has become intrinsic to value delivery. But it only delivers that value when you can flex consumption and services based on market needs. Traditional single provider processes aren’t designed to deliver this flexibility. 

      When you multisource, you get a team of best-in-breed providers who use their domain expertise and tooling to fine-tune each service area. You can tweak your team at any time as required, ensuring your IT backbone is always working agilely to maximise your competitive advantage.

      You then reap the following business benefits:

      • You’re on the front foot because IT auto-scales – you can bolt capacity/capabilities in and out as required, so your organisation is on the front foot (whether you’re launching new products/services or reacting to factors outside your control)
      • You only pay for what you use – you don’t need to lock in your system design or service requirements upfront. Instead, you pay based on your footprint on a monthly basis
      • You can react quickly to capitalise on opportunities – because you’re not tied into rigid SLAs and don’t have to waste time renegotiating changes

      A leading cloud specialist I know summed it up nicely:

      “What the business wanted was to say, ‘I need a new VM tomorrow.’ But because of how the multi-layer contract was set up, it would routinely take 3 weeks to get it online. This was because SLAs were based on static metrics like number of VMs. We therefore had to renegotiate the support side each time we needed more capacity. We then had a time-consuming discussion of which VMs would get the support coverage, which required impact assessments and risk analysis. This drastically reduced efficiency and evolution velocity, which had real and opportunity costs.”

      Sourcing models need to deliver short-term savings and long-term value

      Yes, it’s conceptually easier to offload everything on to a single provider, And yes, having an ecosystem of best-in-breed providers takes time to set up initially. But, when set up in the right way, multisourcing helps you maximise both short-term savings and long-term value. The best way to save money on an IT support arrangement is to introduce healthy co-opetition between a partner network rather than locking yourself into a multi-year, multi-layer contract with a monopoly provider. That way:

      • Partners are continually incentivised to keep costs down – so you maximise ROI and minimise TCO 
      • Your cost model is based on actual consumption at any given point – so you’re never paying for unused capacity in preparation for a future peak
      • You can easily extricate yourself if requirements change – without managing layers of unaligned disconnect clauses and minimum payment notice periods 

      The agility and expertise you get from working with domain specialists also helps you maximise value ongoing:

      • You’re hiring the right people into your IT team instead of hiring someone else’s IT department to work for your business – which means you’re building exactly the right team for delivering value in your context
      • Your staff have more time to focus on areas that drive value to the business – because you have experts managing each stream and time isn’t wasted negotiating complex changes 
      • The business can leverage opportunities more easily and quickly – because experts help you drive innovation and optimise/scale each element of your tech stack

      The right multisourcing operating model delivers greater, more sustainable value

      The key to success with multisourcing is to establish the right operating model, not just for now, but for your desired state. 

      With the right governance, tools and methodologies, your ecosystem operates as a slick, API-driven machine. You have partners, not vendors – who are aligned to a common purpose. You essentially have a bespoke, expert IT team adhering to the same standards, supporting each other and solving issues collaboratively. What does this best-practice operating model look like – and how do you implement it so you maximise the benefits of multisourcing?

      In order to define this Nordcloud can help you through its advisory practice. How can this work for your business?

      Click here to book in a session with our cloud advisors.

      Get in Touch.

      Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

        How can you secure real savings on cloud in this COVID moment?

        Reducing cost has suddenly become top of mind for all IT decision makers. In the space of a short few weeks their priorities have changed dramatically. Their business as usual tools and techniques have made them ill-prepared for this very moment. The days of squeezing on price points to reduce IT cost have largely gone when most of the cloud hyperscalers operate already at competitive prices between each other, with regular systematic reductions.

        The focus then moves towards the professional and managed services for cloud cost management 

        Here significant cloud cost saving can be made for sure. The single biggest drive for unit cost economics improvement is the level of genuine software and automation within the migration to and setup of a cloud environment. Typically we find, the more native the service provider, the more they have embraced the “born in the cloud” tooling within both the hyperscaler stack and on the market. 

        The more traditional providers (an example is the category of system integrators), the more that they typically approach the problem with legacy approaches and tooling. This is also re-enforced that may of these traditional legacy organizations still operate between 90 – 95% of their estate on premise.

        The cloud native approach.

        At Nordcloud we are truly obsessed with methods and tools that automate, and enable clients to optimise cloud and reduce IT infrastructure cost.

        The result?

        Lower unit migration cost and managed service cost economics. Do it with software, don’t do it with people. One of those areas we like to help clients start is by reviewing their current spend, identifying and implementing savings within days (not weeks or months). 

        How could this work for your business?

        Come speak to us and we will walk you through exactly how it works.

        Get in Touch.

        Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.