Reflecting on the Journey of Cloud Adoption and Security Thus Far

Written by Raghvendra Singh, Head, Cloud Security CoE, TCS.

The latter half of 2023 is here, and the cloud trend shows no signs of reversal. Few might have predicted the power of cloud computing a decade ago, when there were obvious questions about its security, sustainability, cost, and overall maturity. Let us look at the gradual progression of cloud adoption worldwide, and how the security on/for the cloud has transformed to support this progression.

Early adoption (before & around 2010)

While the launch of Amazon AWS EC2 in 2006 can be seen as a milestone in the history of cloud computing, Google and Microsoft followed suit quickly, releasing cloud computing offerings in 2007/08 and 2010 respectively. Initially, cloud adoption was to get non sensitive data on rented assets outside data centers. However, this aimed to move towards an OPEX-based model to expedite processes and reduce procurement cycle time. It was a period of testing, patience, exploration, and curiosity. Securing the cloud depended on existing protection controls and leverage them by extending critical tenets to the cloud. The hyperscalers focused on providing secure access and connectivity, while other security offerings were still evolving. In short, infrastructure and adoption of apps were being explored, while the security was dependent on existing controls and practices.

The next stage (before & around 2015)

This marked the onset of an interesting phase, with increased trust, acceptance, and planning. This is when the evolution and adoption of several SaaS-based enterprise apps kicked in. Coming back to hyper scaler-based IaaS and PaaS offerings, this period played a pivotal role in building a foundation for interpreting, educating, and penetrating enterprise cloud demands. Hyperscaler-based offerings were evolving, keeping customer demand in mind. At the same time, security of services as well as security offerings for customers' consumption started taking shape. This is where several in-built native security solutions started playing a key role. While a single cloud, lift-and-shift strategy with hybrid security adoption was still evident for most organizations, this phase helped organizations plan better to start thinking towards building a digital core for the organizations. Furthermore, there was an increase in adoption of SaaS along with security focus for SaaS.

Present stage (before, during & post-Covid)

This is the stage where we have unlocked the true potential of the cloud. There has been a huge evolution of hyperscaler offerings, a push towards multi-cloud adoption, movement towards cloud-native architecture, and most importantly hyperscalers emerging as full-fledged security players (or at least trying to). Enterprises started adopting the cloud more from a business perspective to utilize the full potential of an offered ecosystem with innovative business models. This kicked in a wave of modernization through previous lifts and shifts. Cybersecurity has taken a center stage in terms of focus on hyperscalers, acquisition, investment as well as customer demand and adoption. During this time, we have witnessed the development of several new types of offerings, such as distributed, sovereign, and industrial cloud offerings. Enterprises began diversifying their cloud adoption strategies based on business and regulatory needs, prompting hyperscalers to introduce newer versions of their cloud offerings.

The way ahead

Additional cloud offerings can be anticipated encompassing sovereign, industrial, distributed models, etc. Hyperscalers will further strengthen their position as cybersecurity influencers. Multi-cloud adoption coupled with agnostic security will continue to gain momentum. SaaS security has undergone significant technical developments in the preceding phase. More comprehensive security solutions and viewpoints will continue to evolve for end-to-end SaaS security, given that enterprise SaaS adoption is not expected to slow down anytime soon. Exciting times lie ahead in terms of AI adoption for real-world use cases, increased investment in application and data modernization across business lines, and the overarching influence of cybersecurity as the greatest enabler.

Conclusion

We have moved from perception to actual adoption of the cloud, from seeing the cloud as just another data center to making a cloud center of transformation for enterprises. As an industry, we have been able to traverse quite a length, yet there remains an enormous potential waiting to be fully realized. Enterprises, while discussing next-gen cloud/cloud 2.0, understand the value of cloud and its role in business transformation. Security of the cloud and security for the cloud will continue to grow and strengthen, as we come across more sophisticated, targeted threats. Nevertheless, exciting times lie ahead.

About the Author

Raghvendra has 15 years of experience in enterprise security. In his present role, his focus as G&T leader is to define secure cloud adoption strategy for enterprises across the globe, defining GTM, competency development, and partner strategy for TCS in cybersecurity. He holds a bachelor's degree in engineering in Electronics and Communication and is also certified in CISSP, CCSK, CCAK, and CEH.