Assessment results‌‍‍‍‌‍‌‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍‍‍‍‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‍‍‍‍‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‍‍‍‌‍‍‌‌‌‌‌‌‍‍‍‍‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‍‌‍‌‍‍‌‍‌‌‍‌‌‍‌‌‍‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‌‌‍‌‍‍‌‍‍‌‌‌‌‍‌‌‌‍‌‌‌‌‌‌‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‌‌‌‌‍‌‌‌‌‌‌‍‌‌‌‌‌‌‍‌‌‌‍‌‌‍‍‌‌‍‌‍‍‌‌‌‍‌‍‌‍‌‍‌‍‌‌‌‌‍‌‌‌‍‌‍‍‌‌‌‌‍‌‌‌‍‌‌‍‌‌‌‍‌‌‌‌‍‌‌‍‌‌‌‌‍‍‌‌‍‌‌‍‌‍‌‌‌‌‌‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‌‍‌‍‌‍‌‍‍‌‌‍‌‌‌‍‌‍‌‌‌‌‍‌‌‌‌‍‍‌‌‍‌‍‌‍‍‌‌‌‍‌‌‌‍‍‌‌‍‍‌‍‍‌‍‌‌‍‌‍‌‌‌‌‌‍‌‍‌‌‍‌‌‌‍‌‌‌‍‌‌‍‌‌‌‍‍‌‍‌‍‌‌‍‍‌‌‌‍‌‌‌‍‌‌‍‍‌‌

You’re currently in Stage 1: Adopting

Based on your answers, you’re currently Adopting — the foundational phase of building a successful corporate cloud program. During this initial process, cloud use is typically defined by individual teams working with cloud providers in silos to deliver applications and services.‌‍‍‍‌‍‌‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍‍‍‍‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‍‍‍‍‌‍‍‌‍‌‍‌‌‌‍‌‍‍‍‍‍‍‍‌‍‍‌‌‌‌‌‌‍‍‍‍‌‍‍‌‍‌‌‌‍‍‌‍‍‌‌‍‌‍‌‍‌‍‍‌‍‌‌‍‌‌‍‌‌‍‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‌‌‍‍‌‍‌‍‌‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‌‌‍‌‍‍‌‍‍‌‌‌‌‍‌‌‌‍‌‌‌‌‌‌‍‌‌‌‍‌‌‌‍‌‌‍‌‍‍‌‌‌‌‍‌‌‌‌‌‌‍‌‌‌‌‌‌‍‌‌‌‍‌‌‍‍‌‌‍‌‍‍‌‌‌‍‌‍‌‍‌‍‌‍‌‌‌‌‍‌‌‌‍‌‍‍‌‌‌‌‍‌‌‌‍‌‌‍‌‌‌‍‌‌‌‌‍‌‌‍‌‌‌‌‍‍‌‌‍‌‌‍‌‍‌‌‌‌‌‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍‌‍‌‍‌‌‌‍‌‌‍‍‌‌‌‍‌‍‌‍‌‍‍‌‌‍‌‌‌‍‌‍‌‌‌‌‍‌‌‌‌‍‍‌‌‍‌‍‌‍‍‌‌‌‍‌‌‌‍‍‌‌‍‍‍‍‌‍‌‌‍‌‌‌‌‍‌‍‌‍‍‌‌‌‌‌‍‍‌‌‍‌‍‍‍‍‌‌

The path to cloud maturity

Common practices in this phase

Organizations in the Adopting phase are typically focused on Day 1 activities and are not yet thinking through the full lifecycle management of their infrastructure and security resources. Instead, they’re often focused on:

Infrastructure

Creating a centralized system of record
Usinginfrastructure as code to provision cloud resources
Facilitating collaboration with aversion control system andCI/CD pipeline
Establishing role-based access to manage permissionsfor teams and workspaces

Security

Identifying secrets that exist outside of a formal management process (e.g. hardcoded or in code repositories) and getting them under control
Creating a central point of control to generate and update secrets, including changes synchronized to external secrets managers to be used by your cloud-hosted applications
Applying the right policy to enforce regular rotation of secrets and limit potential access
Minimizing the blast radius if a breach occurs

»Benefits and challenges in this phase

Typical Adopting practices bring specific rewards and drawbacks.

Short term cost reductionAbility to spin up new infrastructure without capital expenditures for new hardware
Plus

Working in silosIndividual teams tend to create standalone workflows for similar activities, with minimal cross-team collaboration
minus
Lack of policy enforcementDifficulty enforcing cost controls and policies for security and governance
minus
Lack of standardizationWithout a common platform, many processes are done manually
minus
Increased security riskMultiple implementations with lack of oversight leading to greater threat exposure
Minus

Getting to the next phase

How to move to Stage 2: Standardizing

Cloud use increases quickly as organizations move to the Standardizing phase. This is usually when platform teams start working with operations, security, and networking teams to build a common approach for infrastructure and security.

To reach this next stage, you need to start addressing Day 2 concerns by adopting the right practices for Infrastructure and Security Lifecycle Management. Read on to learn how to start standardizing your cloud program.

Infrastructure Lifecycle Management

Infrastructure Lifecycle Management (ILM) uses infrastructure as code (IaC) to build, deploy, and manage the infrastructure that underpins cloud applications. Organizations in the Adopting stage typically use IaC to provision cloud resources, establish a source of truth to manage those resources, and ease collaboration.

Those practices are accelerated in the Standardizing phase. For many teams, this involves publishing tested and validated IaC for the rest of the organization to discover and use. This is also the stage where you should start thinking about policy enforcement.

»ILM practices to help you start standardizing

Create centralized repositories
Make it easy for developers to find reusable code in the form of infrastructure modules and machine images.
Learn more
Automate policy enforcement
Use policy as code to consistently apply security, governance, and cost policies before all infrastructure deployments.
Learn more
Automate auditing and compliance
Simplify audit management with change logs, privileged session recording, and advanced data protection.
Learn more
Streamline image creation
Use golden images to automate image management across downstream builds and provisioning pipelines.
Learn more
Integrate with Ops tools
Create native integrations and run tasks to add third-party partner integrations and custom services.
Learn more
Start using Day 2 monitoring
Use drift detection to continuously check for changes in actual infrastructure against the expected state.
Learn more

Security Lifecycle Management

Security Lifecycle Management (SLM) uses identity-based access controls to manage the security lifecycle of your secrets, users, and services. This typically starts in the Adopting stage, with generating and managing static secrets to authenticate users, assigning policies to govern access, and establishing least-privileged security principles.

You should start maturing these practices during the Standardizing phase by creating dynamic, on-demand credentials. This is also the time to plan for how to contain secret sprawl and manage user access based on the identity of the requesting machine, service, or person.

»SLM practices to help you start standardizing

Automate secret rotation
Stop using long-lived certificates and start using workflows to automate database credential rotation.
Learn more
Discover leaked secrets
Detect unmanaged and leaked secrets so DevOps or security teams can take appropriate actions to remediate exposed secrets.
Learn more
Move to short-lived dynamic credentials
Replace risky long-lived credentials with dynamic secrets that can be generated on demand.
Learn more
Enhance availability and resilience
Put disaster recovery systems in place to protect against catastrophic failure in regional on-premises and cloud systems — and support extreme performance use cases with performance replication.
Learn more
Use credential injection for passwordless access
Automatically inject single-use, dynamic credentials into remote hosts to authenticate users without exposing sensitive data.
Learn more
Improve compliance and governance
Use audit logs and session recording to improve visibility into comprehensive configuration changes, session metrics, events, logs, and traces to better meet compliance and deter malicious behavior.
Learn more

»Resources to help you start standardizing

Managing a golden image factory across all major cloud platforms at ExperiaLearn how Experian manages machine image governance and standards across AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud.
Case study
Securing your infrastructure with TerraformIn this webinar, experts share how to utilize policy-as-code to integrate security and automate provisioning workflows with Terraform to ensure secure, compliant, and cost-effective infrastructure across your multi-cloud environment.
Webinar
12 things a modern secrets management solution must doLearn how a platform-agnostic secrets manager like HashiCorp Vault gives more precise control over how secrets are stored, tracked, transmitted, accessed, rotated, and revoked.
White paper
Dynamic secrets management with HashiCorp Vault and BoundaryLearn how to improve security lifecycle management by finding unsecure secrets, enabling more secure dynamic secrets, and how to provide more advanced credential workflows and reduce risk by connecting authorized users to machines in a more secure and streamlined manner.
Webinar