author photo
By Bruce Sussman
Tue | Dec 31, 2019 | 5:30 AM PST

On-prem versus in the cloud.

As we hear at SecureWorld conferences, this battle or transition between the two computing environments continues at most organizations.

The Cloud Security Alliance recently reported that 69 percent of organizations are migrating data for popular ERP applications to the cloud, moving to major cloud infrastructure-as-a-service providers, with the overwhelming majority, almost 90 percent, stating that these applications are business-critical.

Let's take a look at some of the advantages of moving to the cloud.

Why are so many organizations moving to the cloud?

From the smallest non-profit to the United States Department of Defense (DOD), it seems as if "everyone" is moving to the cloud or contemplating such a move.

And SecureWorld recently looked at the cloud business case assessment used by the DOD as it looks to move 80% of its data there.

We think the business objectives the U.S. military is trying to achieve in a move to the cloud offers insight into why organizations are making the move.

8 Reasons U.S. Military is moving to the cloud

It started with a problem statement by the DoD. That is, the problem of handling most data on-prem.

The Department of Defense found the following:

"Operations are hampered by fragmented, outdated computing and storage infrastructure; tedious, manual management processes; and lack of interoperability, seamless systems, standardization, and automation. “In short, DoD’s current computing and storage infrastructure critically fails DoD’s mission and business needs.”

Against this backdrop, the military discovered that cloud computing could achieve 8 business and war-fighting objectives. See how many of these could apply to your organization:

  1. Objective: available and resilient services
  2. Objective: global accessibility
  3. Objective: centralized management and distributed control
  4. Objective: ease of use
  5. Objective: commercial parity
  6. Objective: modern and elastic computing and storage
  7. Objective: storage and network infrastructure with fortified security
  8. Objective: advanced data analytics.

For more on the data and analytics in the U.S. JEDI cloud, read What is the JEDI cloud and how it will help America fight wars.

Security in the cloud: whose job is it, anyway?

After a cloud migration, questions are still popping up. Who is responsible for security in the cloud?

The Cloud Security Alliance (CSA) and Onapsis did research which revealed some concerning misconceptions:

"While 60 percent of survey respondents claim that they feel the cloud service provider is responsible for a breach, 77 percent believe that it is the responsibility of the organization itself actually to secure their ERP applications. Third-parties are held least accountable and responsible. This perception gap shows that organizations need to take more ownership of their business-critical applications while migrating them to the cloud."

Thankfully, the research also found that companies are taking added measures to protect their ERP applications in the cloud, including identity and access controls (68%), firewalls (63%), and vulnerability assessments (62%).

[Resource: Visibility in the AWS Cloud: Myths vs. Reality]