With so many organisations migrating to the Cloud, I previously shared McKinsey's article "$1 trillion in business value", discussing the reality and our stance on the specific challenges related to identity management. As enough organisations have now completed or progressed sufficiently in their cloud migration to draw conclusions, McKinsey have published a new article on cloud opportunities and missteps, containing new data points, that also merits sharing and commentary.
With the prediction that over $100 billion of spend will be wasted due to inefficient cloud migration over the next three years, the question that leaders should be asking is: how can I take lessons learnt from pioneers to mitigate the risks in a highly complex transformation? Indeed, the net outcome should be a significant cost-saving and business value.
Referencing Intragen's cloud migration principles, we have seen real-world success adopting them, confirmed in McKinsey's article:
Diving deeper into identity-related cloud migration, with the removal of the perimeter, the unique challenges for security need to be discussed, analysed, and designed at the start. We believe it is a unique opportunity to ensure your cloud-based environment is secure by design, leaving poor security practices in the legacy world - these included development practices focused on user experience, rather than security. Historically, they relied on compensating physical access controls. Hence, in addition to technical changes, we require cultural changes from end-users, developers and support teams. With ever-improving seamless identity solutions and maturing native cloud provider capabilities, user experience will become much improved over the next 12-24 months.
Over the next 2-3 years, as much more of an organisation's data is in cloud platforms, with a plethora of accounts - human and non-human - it will be impossible to manage through the traditional lifecycle processes and attestations. The maturing nature of analytics (which we believe is immature today) will allow automatic highlighting of exceptions without flooding recipients with false positives. This will lead to much more of a focus on vendors providing high quality rules engines and ensuring capabilities to validate those rules, e.g. attestation of analysis rules.
In conclusion, cloud migration is a necessity for every organisation. Trivialising it as a simple "lift and shift" is a high-risk strategy. It is a business transformation and opportunity to manage your applications in a secure and efficient manner.
If you have any comments, we would appreciate your feedback - both agreements and challenges. Feel free to contact us.