Making the most of the Cloud

Discussing cloud technology and the opportunities on offer still raises important questions, especially since it implies considerable disruption to the way we manage IT resources and keep data and data access secure. “Depending on the model being considered, cloud helps to overcome many of the challenges facing IT managers,” notes Yann Laborda, Client Solution Team Leader within EBRC. “These challenges include facilitating business transformation and accelerating go-to-market strategies, and even enhancing user autonomy when it comes to IT resource requirements. In addition to this, cloud platforms open up access to a whole host of opportunities and services. Cloud technology also offers options for cost optimisation and scalability of IT resources.”

Cloud Vs Clouds

The general term “cloud” encompasses several models and approaches linked to the use of a number of platforms. For example, a multi-cloud approach means seeking out various solutions and services from a range of cloud suppliers. The term “hybrid cloud” is used when an application relies on several platforms, with some data stored on site and processing solutions established on one or more platforms. “The key takeaway is that cloud adoption is first and foremost a complex transformation project, and it doesn’t just affect IT,” continues Yann Laborda. “It has to involve the business, taking into account both its requirements and the risks inherent in such a transformation. The IT department and the business lines need to plan out migration projects on a strategic level.”

A new approach to security

When it comes to cloud confidence, questions are often raised regarding the protection and location of data. “The cloud lets us access data anywhere and, by the same token, find data anywhere,” notes Laurent Miltgen, Elgon COO. “The mechanisms implemented to protect data are very different from those we used when the whole system could only be accessed on site. Rather than building defences, like a fortress, around data and systems, we now need to acquire the resources to monitor them better.”

Protecting data

Before protecting data, we need to make sure that data users’ credentials are fully secure. These login details are then used in conjunction with strong authentication and conditional access policies. After this, as the COO of Elgon reminds us, protecting your data in the cloud involves fully understanding it. Above all, the data needs to be classified and labelled to enable more effective monitoring. “Once the data has been classified, various mechanisms can be put in place to protect it, for example by encrypting data hosted in the cloud. The protection is then embedded in the data itself,” explains Laurent Miltgen. “We can establish data access policies with authorisations granted to specific profiles or even introduce multi-factor authentication or conditional access solutions. For example, users might only be able to access the information or the system if they connect from a secure terminal or from a specific location.”

With the cloud, the key issues of data sovereignty shouldn’t concern where data is physically located. Instead, we need to address access to the digital assets of a given organisation and how they are managed, and increasingly look at the legislative framework governing access to data and control of who accesses what data and from where. This issue is in no way unique to Luxembourg.

Integrating compliance issues

Users must define access policies that incorporate any rules to which the organisation is subject, such as GDPR or the requirements defined by the Commission de Surveillance du Secteur Financier or by the Commissariat aux Assurances. “Although the platforms are now aligned with these regulatory issues, users are responsible for how data is used,” comments Laurent Miltgen. “We must therefore be able to assess the risks associated with the adoption of one or more cloud platforms and put in place the measures to respond to them.”

Taking control

In view of all these factors, players can have confidence in the cloud, provided that they adopt a range of measures to guarantee good system governance, ensure information security, protect IT resilience and even control costs. “Users must be able to retain control of all IT resources the business uses,” adds Yann Laborda. “They can then access the resources or services offered by the cloud to strengthen their backup strategy, for example. Taking control of the entire environment, using a hybrid or multi-cloud approach, also requires the use of a centralised management platform, offering visibility of all resources, security and cost evolution.”

It is only by ensuring complete control of this more open environment that each organisation will be able to take full advantage of the cloud and all the resilience it offers.