There is still some wariness, especially with SMEs, towards the cloud over issues such as costs, security risks and the skills or knowledge required to do so.
iTNews Asia speaks to Sunil Mahale, Vice President & General Manager, ASEAN, HKG, Taiwan and Korea at CommVault to find out the key considerations when moving to the cloud and how organisations can ensure the efficacy and security of their cloud data .
iTNews Asia: Despite the benefits of the cloud and remote working, some organisations have yet to move to the cloud. What is stopping them from doing so?
The cloud is a powerful tool that allows organisations to enhance cost efficiency and flexibility, as well as gain scalability. However, there are perceptions of cost, effort and risk that can impede an organisation’s cloud strategy.
Organisations may think that it is complex and a struggle to procure the IT expertise and resources needed to move large volume of data to the cloud. Moreover, they are wary of unexpected costs with new cloud models. The cloud can also seem risky to them with new data governance and security issues.
However, many fail to recognise that cloud-based data is not only cost-effective but can be safe and protected across on-prem to cloud locations easily.
iTNews Asia: What are the considerations that organisations should take note of before moving to the cloud?
As organisations accelerate their move to the cloud and adopt Software-as-a-Service (SaaS) solutions to accommodate a distributed workforce, IT leaders must be particularly mindful of organisational data risks and strengthen their approach to data management and protection.
Today, data is the lifeblood of business. Data and workloads are generated and moved from on-premise to the cloud and back again, creating a multi-generational data sprawl across the company. Multiple data silos across the environment introduce risks to the entire operation and can compromise business functionality and growth.
It is therefore essential for organisations to practise good data management from the get-go. Having a holistic view on your data is essential for IT leaders to know where all organisational data sits, whether structured or unstructured.
This includes confidential and sensitive data, where handling and processes must adhere to data protection and sovereignty policies. A hawkeyed view of their data is key for organisations to build in necessary security measures and manage data risks.
This will then enable an organisation to manage their cloud data with confidence as they move, manage, and use data more easily no matter where it is stored. Knowing their data also enables them to scale.
iTNews Asia: What advice can you share for the smaller organisations who might be facing some challenges moving to cloud due to lack of talent and knowledge?
As SMEs embrace digitalisation, planning for the unexpected can make a difference in how their organisations mitigate uncertainties. Forward looking SMEs must understand the importance of having a contingency plan when they set out their cloud migration strategy. This is especially critical as smaller organisations tend to be more vulnerable due to their lean operations and usually tighter budgets.
Data and workloads are generated and moved from on-premise to the cloud and back again, creating a multi-generational data sprawl across the company. Multiple data silos across the environment introduce risks to the entire operation and can compromise business functionality and growth.
It is therefore essential for organisations to practise good data management from the get-go.
- Sunil Mahale, Vice President & General Manager, ASEAN, HKG, Taiwan and Koea at CommVault
With the ongoing tech talent crunch, organisations no matter large or small are encountering challenges in recruiting the necessary IT expertise. Smaller organisations may want to consider tapping on cloud and managed service providers for technical support to alleviate the need for dedicated manpower in this area.
SaaS is another viable option and is growing in adoption – there are many SaaS providers that offer a usage-based subscription that are available on a monthly or yearly basis. SaaS can provide notable savings for SMEs without having to incur infrastructure or hardware costs.
It can be advantageous for small businesses as it is flexible and scalable - applications can be easily downloaded and maintained with access to technical support and they can change or upgrade plans easily.
iTNews Asia: Security is a concern for organisations moving to the cloud. What can be done to ensure the security of their data?
Keeping data safe and secure has been an increasingly challenging task, compounded by the proliferation of decentralised work and the necessity for cross-border data sharing as well as increasingly sophisticated cyber attacks.
With the tactics and techniques that cybercriminals use to steal data constantly evolving, strengthening defences and having a recovery plan are key to minimising losses and maintaining operations.
What is even more worrying is that ad-hoc recovery efforts offer no guarantee for reliable data recovery. Also, with the ongoing ransomware epidemic, businesses cannot ensure the safety of their data even if the ransom was paid.
It is therefore essential for organisations to have a “when, not if” mentality when it comes to protecting data against cyberattacks. Steps that organisations can take to ensure the robust security of their data include:
- Educate end-users such as employees on how to avoid ransomware and to detect phishing campaigns, suspicious websites, and other scams
- Harden and secure the infrastructure, including systems and networks
- Isolate and segment backup copies from public networks to limit and secure access
- Keep software, firmware, and applications up to date
- Use anti-virus software with active and centralised monitoring specifically designed to thwart advanced malware attacks
iTNews Asia: How can organisations ensure the effectiveness of their cloud strategies yet safeguard their data?
There is a lot riding on an organisation’s cloud strategy. Applications, databases, files, and hypervisors are the resources that run your organisation. As they are moved into and across environments from on-premises to the cloud, data resources must be available, searchable, and quickly recoverable when they are of need.
It is therefore important for organisations to consider an intelligent, cloud data protection solution as part of its overall cloud strategies. A solution that can integrate and automate security controls, with minimal complexities or governance risks would maximise the effectiveness of the cloud migration while stemming data protection concerns.
Other considerations include incorporating role-based access and encrypted controls to secure data while it is at rest and in transit. Data profiling and analytics also can identify personal data and related risks, with full audit trails for all data management functions.
iTNews Asia: How can the CIO ensure enterprise-wide data management good practices are adhered by?
Data management involves people, process, and technology. Aside from putting in place all the necessary processes and technologies, the onus is also on CIOs to establish the right protocols to protect critical data. Taking stock of data quality and accuracy (having the right customer details) and good data hygiene (de-duplicating customer data) will streamline data management and security enforcement.
Equally important, CIOs must inculcate a culture of risk awareness throughout all layers of the enterprise. This can only be achieved with adequate education about data risks and providing training on data handling and security. Educating employees can go a long way in keeping the frontline defences of a business strong.
Beyond protecting data stored on devices, employees also need to be aware of the protocols when transferring data between devices, or between data centre or cloud storage and devices, as well as between data centre and cloud.
CIOs need to anticipate tomorrow’s business and technology needs and ensure that infrastructure is in place, to provide a single, unified view across all data workloads. CIOs must also have a plan ready for when disaster strikes. When data is compromised, such as through ransomware, disaster recovery is essential to reducing breach impact and resuming normal business operations.
