Just a few short years ago pundits were predicting that “the cloud” would never survive. After all, who would want to outsource their critical business applications and host their critical data on systems that weren’t their own?
I was one of those cloud adoption nay-sayers in the mid-2000s. I’d like to say it was because cloud technology had not yet matured and lacked the necessary security mechanisms to ensure confidence in the “-as-a-service” model, especially for those with high security concerns. (For the record, the Telos perspective in 2011 was that economics would drive business demand for the cloud, and as a result industry would have to figure out how to make the cloud adequately secure.) But at the time, as is the tendency of many cyber security professionals regarding unproven or new technology – I was being a tad stubborn.
It wasn’t until a few years ago when my colleagues at one of the most security conscious organizations in the world began moving workloads to the cloud that I started to take serious notice.
Organizations like Amazon Web Services (AWS) have caused a phase shift in how people and the entire technology industry can resource systems. There are countless use cases and success stories of organizations moving their previous on-premises data and applications to the cloud.
What has surprised me most during this evolution is that a normally fractured IT industry has coalesced around an entirely new universe of possibility, with the words “look what we can do” almost floating in mid-air the way revelations tend to do. AWS has added a single word to the script: “look what we can do,” became, “look what we can do, securely.”
Despite the rampant cloud adoption over the past five years, security and compliance remain obstacles to greater adoption. There are many companies working to address these issues for organizations that want to migrate to the cloud. (More to come in future posts about the importance of accelerating security controls validation via inheritance of security evidence, automated testing, and targeted attestation.)
Telos has spent nearly 20 years building and continuously improving Xacta, our risk management and cyber security solution. We have found a cloud partner who believes fundamentally in what we have believed in, that beats the same cyber security drum we have beaten for so long. The deep level of integration between AWS infrastructure and our Xacta risk management solution is allowing customers to do more than ever before.
My perspective on the cloud has shifted. I have admiration and respect for organizations like AWS that have defined a market by making the incredible achievable – not by selling a solution, but by promoting the idea that individuals can invent incredible things, and giving them the platform to do so.