A successful cloud transformation requires adequate infrastructure security to navigate potential pitfalls and exploits as the technology continues to develop. CME Group Inc. has been on its Google Cloud adoption journey for over a year, with Deloitte Touche Tohmatsu Ltd. assisting with cloud security enablement.

“We are seeing a lot of migration and modernization in the cloud, and that is driving the focus on cloud security because ultimately you want to make sure your workloads are secure in the cloud,” said Pradeep Sandhu (pictured, right), cloud security leader at Deloitte. “You have data protection, security login, network security and so forth. It’s crucial for any enterprise to identify and address those risks upfront before you start with that journey.”

Sandhu and Dan Manley (pictured), managing director and chief information security officer of CME, spoke with theCUBE industry analysts  Lisa Martin and Dustin Kirkland at the Google Cloud Next event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how CME chose Deloitte for its cloud journey, the security challenges the companies have faced and what advice they’d give to CISOs looking to start a cloud journey. (* Disclosure below.)

Navigating cloud transformation

When choosing a security partner, one of the biggest components CME was looking for was agility and the ability to be responsive and make near-immediate changes.

“As we move fast, we need to make sure that we continue to be secure and indefensible,” Manley said. “Our ability to understand how we’re going to roll out new technologies of the cloud, migrate our legacy apps into that new environment but still maintain that vigilance against the threat actors coming against us is something that’s very important.”

Cloud security can be tough, but there are ways to make it much easier to maintain. The first, Sandhu said, is making sure security teams understand both security off the cloud and in the cloud. The second piece of advice he gave was to start journeys with smaller steps rather than treat the transformation as a marathon.

“Include security on day one if you’re building your transformation plans. Because if they are not on the seat every day, every hour would multiply by a couple of days and could derail the transformation journey,” he said “Include them on day one and learn what is in the cloud and more importantly start with the foundational step and build upon the continuous improvement.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Google Cloud Next event:

(* Disclosure: Deloitte Touche Tohmatsu Ltd. sponsored this segment of theCUBE. Neither Deloitte nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE