Utilizing Cloud for a Trusted Business Ecosystem

Roland Cloutier, SVP CSO, ADP [NASDAQ: ADP]
279
497
89

Roland Cloutier, SVP CSO, ADP [NASDAQ: ADP]

As the chief security officer of a large multinational corporation in the diversified services and cloud technology sector, I realized a long time ago the incredible power and opportunities that the cloud would have on businesses around the globe. Some of the most innovative businesses in multiple sectors have changed the way we develop products, take them to market, utilize our sales forces, manage our back offices, and allow us to focus on our core competencies and customers. Gartner reported that the new digital economy demands and expects participants to have 10X multiple gains in our technology density and four basis points of improvement in our productivity, thus necessitating bold and revolutionary changes to our business processes to improve time-to-market, speed of services, and access to consumers. Further, there is a deep truism in the fact that it is nearly impossible for businesses to develop net new or redevelop business architectures autonomously, and many are turning to the cloud as a force multiplier and significant resource lever to adapt, enhance, and recreate their business of the future.

In order to accomplish this, many companies are turning to the cloud to drive business transformation in this age of integrated partnerships and supply chain. The reality is that most businesses that focus on one specific area can often do it better than you can, and partnering with them allows you to focus on what you do best while leveraging an external asset as an integrated component of your business process. Think of these cloud services as "micro apps” for your business. They are highly focused, task-based functional services that let users or processes get in, interact, get value, and get out with maximum efficiency and reduced costs. This type of cloud integrated partner ecosystem works well across many industries and solves many business problems. From the core infrastructure and technology delivery capabilities that we know the cloud for today, through automated exchanges for data access and movement, supply chain fulfillment and automation, and even more, we see cloud-based portfolio services as integrated components of businesses core go-to-market services.

So then, why is there not yet mass migration to cloud as integrated parts of our business ecosystem? Some say security, lack of maturity, and interoperability. There are many reasons why integration with cloud services may not be viable, but often the decision is blinded by the support elements that rely on historical policies, processes, and technical infrastructure that should be resolved first.

 As leaders and future businesses that enable dynamic ecosystem capabilities, it is our responsibility to create meaningful changes within our technical environments 

Some of the most important enablers to utilizing external services are your own vendor and procurement management programs. At a time of continuing focus on regulatory considerations in multiple industries, the third party hot button has created a multitude of strict guidelines and measures that were not intended for micro services use as integrated components of your business go-to-market or back-office. In the traditional sense, you don't enforce the same contract on your facilities services partner as you do your critical telecommunications infrastructure services partner. In the same way, we must adapt contracting, vendor management, and compliance requirements that can distinguish between a vendor providing a wholly outsourced data center to a cloud application company providing a micro service. Asking both for unlimited liability and like contract requirements inhibits moving fast and creating trusted partnerships. Focusing on how we develop contracts with the right inclusions and flexible requirements-verbiage can enable your businesses to quickly understand the guidelines necessary to partner, create trust, and quicken your time to value.

Another critical area for business leaders to consider with cloud services has nothing to do with the external services at all, rather how we internally understand our own business processes. The fact is, in most businesses, the documentation and internal formalization of business process mapping and management is sorely lacking. From what business process supports, to upstream and downstream application dependencies, to end-to-end dataflow mapping of how information moves and is accessed through your business platforms, most businesses simply are not there yet. One of the best ways to get ahead of understanding the use of cloud within your business, decisions that need to be made in the area of diversity of supply chain, or even where the intellectual property ownership lies, is through proper Business Process Management (BPM). Once you have documented how and where your business operates, where data moves and is accessed, and what technologies support each part of your business, you will have a clarity that enables you to make targeted strategic changes in your processes, and engineer new capabilities while maintaining the right level of due care and accountability to your legal, regulatory, and customer commitments.

The final area of your business that can help you create an environment ripe for participation in a cloud business ecosystem is your technical operating platform. We all deal with legacy technology issues, broad infrastructure management considerations, and the choices of those who've gone before us. As leaders and future businesses that enable dynamic ecosystem capabilities, it is our responsibility to create meaningful changes within our technical environments that facilitate these partnerships and protect the commitments we’ve made. Some of these include application level protection and access technologies used to manage application level interaction by third parties or consumers. These technologies often support the creation of a service-buss for core services interaction while maintaining the strict levels of security and assurance necessary for the confidentiality, integrity, and availability of your platform. Other technologies, commonly referred to as Cloud Access Security Brokers (CASB), enable and facilitate secure user and bidirectional platform access to cloud infrastructures utilizing existing investments in authentication, access, and audit services. Further, many of the services extend levels of security functionality such as data leakage prevention, encryption, and like services as add-ons to their cloud products. And finally, through creating a well thought-out advanced strategic logging platform that creates a capability to ingest, normalize, and facilitate the use of logs from disparate sources inside your own operations, this ensures you understand what is happening within the ecosystem while utilizing your existing investments and business knowledge.

Integrating into an ecosystem of cloud services that you can trust does not mean that you have to reduce your security, risk, or privacy posture. In fact, if done well you often increase your level of protection and resiliency through the use of diversified operating environments, services, and advanced technologies not available in your own environment.

Read Also

The Data Breach Counterattack: 3 Ways to Change the Game and Have a Shot at Winning

Dr. Christopher Pierson, CSO & General Counsel, Viewpost

Protecting Enterprise Data with User and Entity Behavior Analytics

Mike Lipinski, VP, Chief Security Strategist, Securonix