I have been a remote worker for approximately five years. The transition was not an easy one. However, in the past two years I have come to a very “Zen” place in my work-from-home routine…or lack thereof. Yes, it took me three years to acclimate to the change in work pace, peer socialization and, of course, the technology that enables it. Most of the difficulty in acclimation was due to a psychological shift on my part. The need to push my square-shaped idea of what a job was into the round hole of remote work tested my mental flexibility. But this is an understandable lack of fluidity. I have had a job, at least on a part-time basis, since I was 14 years old and, once I started my full-time career, the 40-hour minimum, 9-to-5, Monday-through-Friday ideology was firmly ingrained in my psyche. Change takes time—unless you do not have the luxury of time.
With the recent global pandemic, many organizations and their employees were faced with the difficult task of transitioning to remote work, where possible, and I have to say I am incredibly impressed with the speed and agility with which this has happened as far as the technology goes. Seemingly overnight, meetings were shifted to digital video conferencing platforms, collaborative cloud platforms were being truly utilized, and, for some, productivity did not skip a beat and perhaps even increased. The truly amazing thing is that this was not just a quick shift in our collective way of work but also our way of personal life and socialization. Perhaps you have been to at least one social event hosted on Zoom. So, let’s look at one of the technologies that allowed this change to happen so quickly. To find the answer, all you have to do is look to the skies.
No Computer Is an Island Unto Itself
If you looked up and saw a cloud, you found the answer. Also, how great that you are outside reading the ISACA® Journal. Enjoy!
It can be argued that the cloud is not an emerging technology. Some argue that it has been here all along or at least since the conception of ARPANET in the 1960s,1 while others say that “true” cloud computing was first introduced in 2006 by Google’s chief executive officer (CEO) at the time, Eric Schmidt. The cloud as we know it today is an immense collection of interconnected systems with hundreds of petabytes of data being stored, processed and transferred. We have also seen massive adoption of this technology within the last decade. Nearly 90 percent of enterprises have already adopted cloud technologies in some form according to Flexera’s 2019 State of Cloud Computing.2 However, the capabilities and technologies that host the cloud are in a constant state of discovery and implementation and, in that sense, I would postulate that the cloud will remain an emerging technology until it is replaced or is rolled into the next “big thing.” Also, considering this technology was/is a big player in saving a great number of jobs and providing computing power and data infrastructure to researchers investigating possible drugs and vaccines for COVID-19 treatment and prevention, it deserves a second look.
ONE OF THE MORE CHALLENGING ASPECTS CAN BE THAT A LOT OF THE SECURITY RESPONSIBILITIES FALL ON THE END USERS.
The pre-existing elasticity and capabilities of cloud collaboration tools offered the perfect virtual environment to meet the sudden growth in need for remote productivity. Google initially reported a 60 percent increase in use of its Meet platform at the start of the COVID-19 pandemic.3 In March, Microsoft saw a 775 percent increase in use of its Teams meetings solution in Italy after the Italian government’s social distancing and shelter in place guidelines were established.4 These are staggering numbers, and it is perhaps even more impressive that the service providers were able to handle that kind of influx. Other service providers, such as Amazon Web Services (AWS), have not published usage statistics as of the date of this writing. You do not have to be a futurist to predict that this trend will continue for the foreseeable future as more organizations discover the benefits of remote work.
The cloud has been an enabler for other emerging technologies as well. The Internet of Things (IoT) and artificial intelligence (AI) utilize cloud services on the back end. Serverless functionality is an up-and-coming player in a plethora of applications. Even some blockchain implementations utilize the cloud. If you read my column in the ISACA Journal vol. 3, 2020,5 you would know that I have a particular passion for the interoperability of emerging tech for which the cloud is a paramount player. And, although this technology is such a big player in our day-to-day lives, we still have issues with security, management and governance of the cloud.
Wrangling a Cloud
One of my favorite quotes about the cloud is, “There is no cloud, it’s just someone else’s computer.” While I know this is not 100 percent accurate, it does help my mind wrap around the immensity and complexity of cloud computing and makes the task of securing and governing such systems a little less daunting. Following this train of thought, let’s look at what “someone else’s computer” looks like.
Numerous sources proclaim that Linux makes up the majority of the cloud (up to 90 percent). For some reason, this skill set still eludes some IT and cybersecurity professionals. Possibly because a large number of enterprises utilized Microsoft products. But Microsoft is changing its once negative tone on Linux and even embracing it with Windows Subsystem for Linux and utilizing Android for its upcoming smartphone. Microsoft also admits that almost half of its Azure instances are running Linux distributions.6 Depending on your cloud service type (i.e., Software as a Service [SaaS], Platform as a Service [PaaS], Infrastructure as a Service [IaaS]), you may not need to worry about security and governance at this granular level, but understanding the underlying operating system (OS) can still be key to understanding mitigation and compliance. As an added bonus, it can also aid in understanding some IoT security issues.
On a higher level, we can turn to frameworks. Current cloud-specific guidance can be found via the US National Institute for Standards and Technology (NIST) Special Publication (SP) SP 500 series as well as International Organization for Standardization (ISO) ISO 27017, but guidance is not limited to cloud-specific documents. Recently, I collaborated on specific guidance for governing and securing remote working already present in COBIT® 2019, which can be applied to certain aspects of cloud usage.7 The NIST Cybersecurity Framework (CSF)8 is also a good place to start with any information technology system. However, frameworks are just a set of guidelines and best practices. It is up to the professional to be flexible with her or his use of these tools and the enterprise’s specific use cases, especially when it comes to emerging technologies.
One of the more challenging aspects can be that a lot of the security responsibilities fall on the end users. Education and culture play a large role in security incident prevention and continual compliance for cloud implementations. This is where we, as professionals in the IT field, can really step up and lead by example. Most of our cloud services are available from anywhere and that is, basically, the point. We tend to let our guards down in the comfort of our own homes, however, it should be emphasized that while accessing enterprise services, the same precautions used in the office should be taken anywhere.
Out of the Clouds
While the cloud and its enabling technologies have played a major role in business continuity during this global crisis, there have been some pitfalls. Security and privacy continue to be an issue and, in some cases, so does stability. As professionals mostly concerned about security, privacy and stability, these can seem like big problems, and they can be, depending on the severity and breadth. But if we can take a step back and look holistically at the evolution of the cloud, it is hard not to be impressed with the virtual world that we have built. It provided and is still providing a haven where we can continue to work (and play) even in some of the worst circumstances. The cloud allows us to continue to engage, socialize and produce, keeping our spirits up and demonstrating that, even in the darkest of times, there may yet be blue skies ahead.
Endnotes
1 Regalado, A.; “Who Coined ‘Cloud Computing’?”
MIT Technology Review, 31 October 2011, https://www.technologyreview.com/2011/10/31/257406/who-coined-cloud-computing/
2 Flexera, “Cloud Computing Trends: 2019 State
of the Cloud Survey,” 27 February 2019,
https://www.flexera.com/blog/cloud/2019/02/cloud-computing-trends-2019-state-of-the-cloud-survey/
3 Kurian, T.; “How Google Cloud Is Helping During
COVID-19,” Inside Google Cloud, 31 March
2020, https://cloud.google.com/blog/topics/inside-google-cloud/how-google-cloud-is-helping-during-covid-19
4 Microsoft Azure, Update #2 on Microsoft Cloud
Services Continuity, 28 March 2020,
https://azure.microsoft.com/en-us/blog/update-2-on-microsoft-cloud-services-continuity/
5 Brewer, D.; “The Patter of Emerging
Technologies,” ISACA® Journal, vol. 3, 2020, https://www.isaca.org/archives
6 Vaughan-Nichols, S. J.; “Microsoft Developer
Reveals Linux Is Now More Used on Azure
Than Windows Server,” ZDNet, 1 July 2019, https://www.zdnet.com/article/microsoft-developer-reveals-linux-is-now-more-used-on-azure-than-windows-server/
7 Villanueva, L.; D. Brewer; “Managing Remote
Work Environments With COBIT 2019,” COBIT
Focus, 30 March 2020, https://www.isaca.org/resources/news-and-trends/industry-news/2020/managing-remote-work-environments-with-cobit-2019
8 National Institute for Standards and
Technology, Cybersecurity Framework, USA,
2014, https://www.nist.gov/cyberframework
Dustin Brewer, CISM, CSX-P, CDPSE, CCSP, CEH
Is ISACA’s principal futurist, a role in which he explores and produces content for the ISACA® community on the utilization benefits and possible threats to current infrastructure posed by emerging technologies. He has 17 years of experience in the IT field, beginning with networks, programming and hardware specialization. He excelled in cybersecurity while serving in the US military and, later, as an independent contractor and lead developer for defense contract agencies, he specialized in computer networking security, penetration testing, and training for various US Department of Defense (DoD) and commercial entities. Brewer can be reached at futures@isaca.org.