When starting a cloud journey, many CIOs rightfully look to a set of IT principles in guiding their implementation. One commonly used IT principle is avoiding technology lock-in. There are many reasons why this is a good principle to uphold. Relying too much on one single vendor, for example, is very risky because you typically don't have control over the vendor's product direction and company health. However, committing to a single technology or vendor is not always heresy, depending on where you are in your cloud journey.
According to the 2018 Cloud Computing Survey by IDC, nine out of ten companies will have some parts of their application or infrastructure in the cloud by 2019. Migration to the cloud is very much the norm in IT today and cloud budget continues to increase year after year. The IDC survey points out that the top two reasons for going to the cloud are “improving the speed of IT service delivery” and “greater flexibility to react to changing market conditions.” In other words, business agility is the top reason for cloud transformation.
At the same time, speed and agility are often at odds with IT security policies. The same IDC survey highlights that “security concerns” is the second leading barrier for cloud adoption. Moreover, cybersecurity is usually at the top of CIO’s agenda and investment priorities in 2019.How do we reconcile agility and cybersecurity protection in the cloud?