The public cloud is one of the drivers of digital transformation, and according to Gartner, the trend is not to slow down investment in this area. The major hyperscalers* Microsoft® (Azure), Google® (GCP) and Amazon® (AWS) are all experiencing strong growth. By 2023, global public cloud revenues are expected to reach $525 billion, a growth rate of over 26%. A figure that makes any entrepreneur dream 😉
Some initiatives have certainly been slowed down by speeches about the sovereignty of European data. However, they have only slightly affected the massive migration of companies to this famous public cloud.
In France, it is impossible not to mention the ultra-famous French group OVH, which aspires to the role of European alternative to the American and Chinese Internet giants. Our European star has earned the title of "major player" in the 2022 benchmark of the International Data Corporation (IDC), leaving behind its rank of "participant", awarded in 2020... Cock-a-doodle-doo 🐔
In this context of massive data migration, it has become essential to ensure that cybersecurity and privacy issues are under control if you want to use the public cloud. It is not enough to trust by "default". And don't forget that the proliferation of laws with extraterritorial scope weakens the guarantee of confidentiality of your data. Just one figure: 70% of European data is stored and processed outside the continent, mainly by American "hyperscalers". Without wishing to play the drama queen, the threat of data being held hostage to international tensions is very real.
While one might think that cloud platforms would help protect against the risk of cyberattacks, the ANSSI report "Panorama of the IT threat 2021" is much less categorical. Attackers find it attractive, especially in the computing power of the Cloud, which they divert to their own advantage (for cryptocurrency mining, for example). The Cloud also attracts because it offers ways to propagate without using malicious code and without being detected.
Let's not forget that the Cloud can sometimes be a source of constraints and difficulties when you don't control the infrastructure and you depend entirely on a service provider. Opaque terms of responsibility sharing, difficulties of intervention, investigation, detection and remediation of problems... the consequences can be heavy.
So, one word of advice: take the time to plan your strategy before using cloud services. And when you're not an expert, the best thing to do is to be accompanied by a specialized consulting firm like on-x group 😉
Because a good strategy takes into account all the challenges of the Cloud. Once you are committed to a cloud environment for your data, applications, various platforms and infrastructure, the next task is to create a cloud security policy for your organization. What does that entail? Understanding and considering, for example, how your employees can interact with this Cloud, listing the types of data that can be sent and stored there, defining access controls...
A solid strategy must mitigate risks (security controls), defend against threats (secure coding and deployment), and overcome challenges (implementing cultural and technical solutions) so that your business can grow securely with its head in the clouds but its feet firmly on the ground 😊
*Hyperscaler definition: hyperscale is the process of pooling server resources (cloud computing). A hyperscaler is an entity that offers this service.