- Published: Tuesday, September 22, 2020 07:00
By Naidu Annamaneni
We often hear clients and colleagues say things like, “We’d love to move our IT to the cloud, but for security reasons we’re keeping everything on prem.”
Or “Sure, the benefits of being a cloud-first organization sound great…but what about security? With all of the data leaks and hacking going on, our Board just won’t consider making the move.”
Sound familiar? When I first started looking at moving eSilicon’s High-Performance Computing chip design workloads to the cloud, I faced similar objections. At the time I was eSilicon’s CIO and Vice President of Global IT, and our Board’s two major concerns were cost and security.
As I explained in my last blog, “High Performance Computing in the Cloud Can Be Cost Effective,” taking advantage of the cloud’s autoscaling and auto provisioning capabilities actually reduced eSilicon’s total cost of ownership by 20%.
Moving to the cloud also provided more security for our intellectual property (IP) and that of our customers—not less. Here are some of the reasons why your IP is more secure in the cloud than in your own data centers…
Your current layers of security can move with you to the cloud
What is in your current security stack? All of the layers of your on-prem security—identity, network, end point, application, data, etc.—can simply move with you to the cloud. You don’t have to lose any of this! There is no reason for any of your current security layers to go away.
Think about the situation I faced at eSilicon. eSilicon designs bleeding-edge technology node chips for Fortune 500 OEMs; ensuring the security of clients’ and vendors’ IP is vitally important. Consequently, our on-prem design center and security posture was one of the best in the industry. In fact, other semiconductor CIOs and CISOs consulted with me regarding our security measures and the stringent policies and procedures we had in place to create world-class information security. When we moved our High-Performance Computing to the cloud we took all of these security measures and policies with us.
The cloud provides additional layers of security
What level of encryption do you have in place in your data center? Is data encrypted when it is at rest? When it is in use? How about when it’s in transit from one application or system to another? When eSilicon was processing chip design workloads in a data center, even with our world-class information security the IP was not encrypted when it was at rest. The cloud providers provide this encryption. Google encrypts data that is at rest by default, giving you custom security keys to control the encryption. AWS and Azure provide this service by request.
All of the major cloud providers encrypt data while it is in transit. They also ensure that cloud network traffic is encrypted. Only those applications or users that are authorized to access a specific network can do so. While the cloud providers manage these encryption keys by default, upon request you can implement your own managed keys instead.
“Confidential Computing,” which encrypts data while it is in use, is also being deployed by the major cloud providers. Confidential Computing is a way to ensure that virtual machines are secure and encrypted even while they are operating.
Speaking of virtual machines, most of the cloud vendors also provide chip-level verification while a virtual machine is booting up, to ensure that this is indeed an authorized machine. This is not something that you get with your on-prem setup.
The cloud gives you a world-class cybersecurity team
The cloud providers have thousands of security professionals working 24/7 to ensure the security of their platforms. But they’re not just doing this for you and your company’s applications, such as eSilicon’s chip design workloads. They’re also doing this to protect their own applications and the customers that are using them. Their motivation to get this right is significant.
For example, Google’s Gmail, with its 1.5 billion active users, depends on the Google Cloud Platform (GCP). Microsoft’s Office 365, with its 200 million monthly active users, depends on Azure. The cloud vendors must ensure that their platforms are secure in order to protect their own assets.
As a cloud user you reap the benefits of this. The cloud gives you a much bigger team, with a depth of skillsets that you could never match on your own.
The cloud gives you centralized control of your data
When you keep your IT on-prem you often end up with islands of data spread across lots of places. Employees hoard data on their laptops, desktops and other devices, creating situations where your data is hard to control. Not surprisingly, most data leaks are caused by this type of decentralization.
As part of your cloud journey, you should consolidate and control your data management platform. When data is centralized in this way it must go through authorized channels to be released. This in itself makes the data more secure.
Moving to the cloud gives you more security, not less. In the end you still have all of the layers of security that you had when you were operating out of a data center. In addition you also have the cloud provider’s security processes and teams of the world’s leading experts in information, application and network security working round-the-clock to protect your cloud infrastructure.
Considering a cloud transformation and worried about the security (or any other aspect of the process)? Give us a call. This is one of our areas of expertise.
About Naidu Annamaneni
Naidu Annamaneni, Associate, CIO Professional Services, is a thought leader and expert in digital transformation, cloud, SaaS, AI/ML, security and agile development methodologies with over 25 years of experience. Most recently, he was CIO and vice president of global IT at eSilicon Corporation. As CIO, Naidu was responsible for overall IT strategy, security, including high performance computing infrastructure, all business and design software. Naidu holds a B.Tech in Electronics and Communications Engineering from Sri Venkateswara University and a Master’s Degree in Computer Science from Florida Atlantic University. He also holds two US patents in supply chain automation.
About CIO Professional Services
Based in the San Francisco Bay area, CIO Professional Services LLC is a top-rated Information Technology (IT) consulting firm focused on integrating Business and Information Technology. Our consultants are all hands-on executives who are veteran CIOs and former Partners of Big 4 consulting firms. Companies come to us seeking assistance with their information technology strategy as well as for interim or fractional CIO / CTOs, cyber security, and program management/project rescue assistance.