By: Dibya Ranjan Nath, Practice Leader - Cloud Security and Data Security, LTIMindtree

The COVID-19 pandemic has compelled enterprises to adopt  new ways of working with a tectonic shift in consumer behavior and hybrid-workforce requirement. Enterprises are now embracing Digital Transformation by leveraging the scale and reach of thecloud at an unprecedented pace across industries ( IT, Medical and Health Care, Telecommunication, Banking, BFSI, and Manufacturing).

Rapid digital adoption has created a new wave of cloud transformation and almost every enterprise across the world is leveraging the scale and power of the cloud to sustain their business and be relevant to the customer. However, in the journey to digital transformation and cloudification, enterprises should ensure that cloud security does not go to the back burner.

An enterprise must interweave security as the strategy to adopt cloud and digital  to fuel innovation-led business growth. However, this journey is not as seamless as it seems. The major factors affecting the enterprise to implement a robust security framework are architectural complexities, emerging threats and growing attacks, new technologies, operating models, and of course, the scarcity of skill.

We are witnessing a rapid increase of attacks and data breaches in the cloud,  impacting the brand image and costing millions of dollars to an enterprise. And the trend of attacks is only on the rise in the post-pandemic era. So, the real concern of enterprises is to have a robust roadmap to secure their cloud and digital journey, protecting data, application, users, infrastructure, and scale, as they grow.

In our view, enterprises should be active in their Cloud Security Resiliency strategy and embrace cyber innovation. They must build capabilities to have effective and enterprise-grade cloud security. A few essentials are listed  below:

• Enterprise level of cloud security resiliency framework and blueprint to gain complete visibility and control over cloud estate.
• Defense in depth layer protection to protect cloud workloads, security posture, container, Kubernetes, andregistry.
• Zero-trust network architecture and access to protect network, infrastructure, and data.
• Defining the principle of least privilege access to protect identity and entitlement.
• Active cloud security incident monitoring and operations to protect against emerging threats, vulnerability, risk, shadow IT, and SaaS application.

Having these measures incorporated in cloud estate, would help enterprises to prepare and thwart next-gen cyber-attacks in multi/hybrid cloud environment and upgrade the security posture.