Cloud. Once it was only a fancy buzzword. Now it is already on the spotlight for most companies. Replacing “traditional” infrastructure. Even more – becoming the new traditional infrastructure. With several advantages and exciting possibilities. Increased flexibility, faster innovation adoption, elasticity of provisioning, better cost management… you name it.
Therefore, the promises of cloud have attracted great interest in all enterprise sectors - including financial services. They are reshaping how business has been done for years and transforming it into agile and flexible service offerings based on cloud adoption. And all this of course in a highly regulated environment where new regulations are consistently being applied.
From a process perspective, many activities need to be planned and set up so that the transformation would be successful and compliant. Outlining the strategy, identifying/assessing what to move and preparing migration plans are only some of those activities. However, at every migration there is one central entity – data. Let's look into three foundational guardrails/practices needed for going towards cloud in a data-aware manner.
Attack surface is even more dynamic in a distributed environment. It is no longer enough to build “secure perimeter” as a fence around your data. Security must be built into each component with zero-trust strategy applied. This mandates to protect all data, services, applications or even devices regardless of their location. Always have automated checkpoints ensuring that. Set up proper identity & entitlements management, data protection strategy and data residency tracking.
You can understand what has happened or predict what will happen if you have proper data backing it. In a cloud context, data governance is even more crucial. Always know where it is, who is responsible for it and how your data sets are linked to each other – populate your data catalogue. Classify data in motion, use cloud built-in data loss prevention techniques (or build your own). Pro-actively autodetect & alert what is not catalogued but already present in cloud. There should be no shadow data in migration to cloud from day one.
Data practices foundation
There are several data practices that are company and even domain agnostic. For example, crucial practices are related to data lifecycle management, metadata management. Automation of each is mandatory – they should be “invisible” practices applied by default. Additionally, in order to speed up adoption prepare “golden paths” for your teams – known ways how to move and process data in a compliant way. If data portability is important for your case – include that too. For a majority of cases, this will bootstrap the cloud journey while exceptions can find their own way. And of course - measure, measure and once more measure. Each step, each automation point must be tracked and measured. Start collecting information already at the beginning so that you could show different viewpoints of where your data is in the cloud. Which location, which jurisdiction, quantitative/qualitative metrics or even autodetecting if all data is known and governed according to data governance policies.
This is a short intro blog post into the guardrails. More details for each of them will be provided in the next blog posts.