The future of IT security: All roads lead to the cloud

More and more applications – and with them workflows and entire business processes – are finding their way into the cloud. Analysts predict that IT security will follow suit, and this raises a few questions.

Particularly in times of crisis, it becomes clear that companies must be capable of empowering their employees to work from anywhere (currently from home). Otherwise, there is a risk that business operations will come to a halt – not only in case of a lockdown, but also due to a fire, flood, or some major event that happens to take place in the vicinity of the company’s headquarters.

For a long time, resilience wasn’t a priority when it came to remote work: companies enabled employees to work remotely because it speeds up workflows and boosts productivity while better accommodating employees’ work/life balance. This is why even before the crisis, an increasing number of users had been accessing corporate resources remotely – from their home offices, hotels, airports, or trains.

More and more of these resources and digital workspaces are located in the cloud. This is not just true in the private but also the public sector, as shown by our recent survey looking into the state of cloud adoption among UK police forces. Data from late 2020 shows that the number of UK police forces using hybrid cloud environments have doubled since 2019 – with nearly half of all forces (47%) now adopting such a model.

Gartner: Security will be cloud-based

Gartner expects IT security to move into the cloud as well. Gartner refers to this as SASE (Secure Access Service Edge). This means that functions for securing distributed resource usage will merge with functions for accelerating remote access to create a unified cloud service. By 2024, 40 percent of large enterprises will have a SASE strategy, according to Gartner analysts.

But the Gartner forecasts cannot be directly transferred to every region as some are more prone to what one might either call excessive caution or well-considered prudence. Furthermore, Gartner’s clientele is the enterprise market, not mid-sized companies – and because some have already taken a long time to shift to the cloud, it is safe to say that the broad acceptance of cloud-based security services will also require a similar amount of time. After all, initial concerns regarding data security and data sovereignty slowed the acceptance of cloud offerings in the first place.

According to Gartner, cloud-based security via SASE includes features such as securing cloud access and the continuous monitoring of end devices for security-related anomalies – tasks that directly affect the business. The path to the cloud is clearly mapped out here, because Gartner’s forecast is compelling in its logic: if more and more business applications are located in the cloud, it is simply reasonable to also govern the security infrastructure via the cloud, by virtue of the familiar cloud advantages of agility, scalability, and high service availability.

Therefore, the cloud will inevitably gain traction here, too: digitization ultimately means cloud-based, location-independent work with cloud-based protection of this work – not only for reasons of resilience, but also for the sake of higher productivity. That’s why it makes sense to design a remote work strategy early on that is geared towards a cloud future and includes all the necessary security functions.

It is important that both remote workplaces and the security building blocks are able to move to the cloud, in the way and at the pace envisaged by a company’s individual digitization strategy – this calls for the slider, not the toggle switch.

While in ancient times, it was said that “all roads lead to Rome”, today all roads lead to the cloud, and so does the path of security infrastructure. Yet these roads are no longer bumpy Roman roads, but multi-lane data highways. As a result, every company can approach its digitization goals on its own lane, at the desired speed – as long as it has planned the route carefully: with a well-thought-out concept of distributed work and a matching security strategy.