In response to the COVID-19 pandemic businesses the world over are accelerating their cloud migration to meet demand. As we move out of our corporate buildings and work from home offices, the need for online meetings and remote access to corporate resources takes on new meaning.
When Cloud computing first smashed the corporate perimeter wall, we began to understand how powerful the technology was; but security issues followed as the technology uptake expanded. Now, as we escalate our use of cloud apps and collaboration portals, staying secure is ever-more important.
Here we give you five areas to consider when looking at options in cloud security migration.
The Flexera 2019 State of the Cloud survey, found that 94% of respondents use cloud infrastructures, with 91% using a public cloud offering. This is not a surprising statistic as solutions from Microsoft and AWS have made cloud computing easy, cost-effective, and highly scalable and reliable. However, as the enterprise expands its network reach, adding in more endpoints to access cloud repositories and apps, the surface area available for cyber-attacks increases; this opens security opportunities through vulnerability gaps.
In 2019, the world experienced the worst year ever for data breaches. Cloud security issues including misconfiguration of web servers and databases, privileged credential exposure, and poor encryption practices, have been behind many of those breaches.
When choosing to accelerate your cloud migration, you need to understand the risk areas and close off those security gaps.
Here are our five key things to consider when accelerating your migration to a cloud infrastructure.
Data is the lifeblood of any modern digital enterprise. But the fact is, cloud infrastructures create many places where data can hide. Do you truly know where your data is? Do you know what Personally Identifiable Information (PII) you hold, where it is stored, and how it is shared?
Data is fluid, it moves through phases; it is stored, shared, used. A survey identified 95% of data center traffic as having emanated from the cloud. The cloud infrastructure, by definition, is diffuse. Public cloud apps and repositories are often hosted in disparate locations.
This lack of data knowledge creates security gaps. A recent survey from Thales/Gemalto found half of all data is stored in the cloud and 47 % of companies have experienced a data breach or failed a compliance audit.
Having a process to identify data using deep discovery across disparate cloud repositories and endpoints, is vital in knowing where your data is. This should be augmented by using a data classification system to identify what types of data you have. Data classification, in turn, allows you to ‘Know Your Data’ and assign risk levels to these data. This forms part of your overall risk management procedure.
Cloud computing has created a somewhat fuzzy situation when it comes to responsibility for security. Cloud-based data flows across a complex system that has touchpoints with both the cloud service provider and the enterprise.
A concept known as the “Shared Responsibility Model” sets out two key areas to resolve this conflict:
It should be noted, however, that these areas do have overlap and work in synchronicity. Often, sophisticated cyber-threats happen at the junction of ‘in and of’. Therefore, whilst you can separate the two areas of data ownership, you must also tackle system security, holistically. This has implications not only for security but for privacy and compliance too.
The adage “never trust, always verify”, was coined by analyst firm Forrester to describe a principle whereby you always verify a person's access to data no matter where it flows or from what device it is being accessed from. A survey demonstrated that, on average, an organization uses 1,427 distinct cloud services. Therefore, controlling access to data across such a disparate ecosystem must be done in a controlled and measured way. Using principles based on a Zero Trust security model you can add more finely grained control at the point of access.
Just because you are using cloud computing does not mean that you suddenly do not need to consider the security of endpoint devices. Endpoints, such as laptops, mobile devices, and even digital assistants, all have the potential to be compromised and leak data. When looking at cloud migration, include endpoint security as cloud security is about covering your entire extended network.
Closing off security gaps across a cloud infrastructure and beyond needs the application of the right technology at the right juncture. The areas detailed in our 4 earlier points will give you the know-how to make the right technology choices. The following technologies are just part of the tech-stack you should engage across your extended cloud infrastructures and out to endpoint devices:
Cloud computing gives businesses the flexibility to cope with crises, including the COVID-19 pandemic. Without cloud computing, this whole episode in human history may have had a much more negative impact on business. However, the flexible and distributed nature of cloud computing that allows us all to work remotely, has also allowed malicious actors to take advantage of our systems. This is why when accelerating your cloud migration, you also need to consider security as an important aspect of your cloud strategy.
