Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

How to accelerate Cloud Migration from a Cybersecurity Perspective
You are here: Home \ Cloud Security \ How to accelerate Cloud Migration from a Cybersecurity Perspective
Posted on Friday, May 1st, 2020 by

In response to the COVID-19 pandemic businesses the world over are accelerating their cloud migration to meet demand. As we move out of our corporate buildings and work from home offices, the need for online meetings and remote access to corporate resources takes on new meaning.

When Cloud computing first smashed the corporate perimeter wall, we began to understand how powerful the technology was; but security issues followed as the technology uptake expanded. Now, as we escalate our use of cloud apps and collaboration portals, staying secure is ever-more important.

Here we give you five areas to consider when looking at options in cloud security migration.

Why Robust Cloud Security is Vital

The Flexera 2019 State of the Cloud survey, found that 94% of respondents use cloud infrastructures, with 91% using a public cloud offering. This is not a surprising statistic as solutions from Microsoft and AWS have made cloud computing easy, cost-effective, and highly scalable and reliable. However, as the enterprise expands its network reach, adding in more endpoints to access cloud repositories and apps, the surface area available for cyber-attacks increases; this opens security opportunities through vulnerability gaps.

In 2019, the world experienced the worst year ever for data breaches. Cloud security issues including misconfiguration of web servers and databases, privileged credential exposure, and poor encryption practices, have been behind many of those breaches.

When choosing to accelerate your cloud migration, you need to understand the risk areas and close off those security gaps.

Here are our five key things to consider when accelerating your migration to a cloud infrastructure.

5 Important Cloud Security Considerations

1-   Know your data

Data is the lifeblood of any modern digital enterprise. But the fact is, cloud infrastructures create many places where data can hide. Do you truly know where your data is? Do you know what Personally Identifiable Information (PII) you hold, where it is stored, and how it is shared?

Data is fluid, it moves through phases; it is stored, shared, used. A survey identified 95% of data center traffic as having emanated from the cloud. The cloud infrastructure, by definition, is diffuse. Public cloud apps and repositories are often hosted in disparate locations.

This lack of data knowledge creates security gaps. A recent survey from Thales/Gemalto found half of all data is stored in the cloud and 47 % of companies have experienced a data breach or failed a compliance audit.

Having a process to identify data using deep discovery across disparate cloud repositories and endpoints, is vital in knowing where your data is. This should be augmented by using a data classification system to identify what types of data you have. Data classification, in turn, allows you to ‘Know Your Data’ and assign risk levels to these data. This forms part of your overall risk management procedure.

2-   Compliance matters

Cloud computing has created a somewhat fuzzy situation when it comes to responsibility for security. Cloud-based data flows across a complex system that has touchpoints with both the cloud service provider and the enterprise.

A concept known as the “Shared Responsibility Model” sets out two key areas to resolve this conflict:

  • of the cloud – for example, storage, network service layers, etc.
  • in the cloud – the data and the apps that run in the cloud

It should be noted, however, that these areas do have overlap and work in synchronicity. Often, sophisticated cyber-threats happen at the junction of ‘in and of’. Therefore, whilst you can separate the two areas of data ownership, you must also tackle system security, holistically. This has implications not only for security but for privacy and compliance too.

3-   Put a Zero Trust approach in place

The adage “never trust, always verify”, was coined by analyst firm Forrester to describe a principle whereby you always verify a person’s access to data no matter where it flows or from what device it is being accessed from. A survey demonstrated that, on average, an organization uses 1,427 distinct cloud services. Therefore, controlling access to data across such a disparate ecosystem must be done in a controlled and measured way. Using principles based on a Zero Trust security model you can add more finely grained control at the point of access.

4-   Protect endpoints

Just because you are using cloud computing does not mean that you suddenly do not need to consider the security of endpoint devices. Endpoints, such as laptops, mobile devices, and even digital assistants, all have the potential to be compromised and leak data. When looking at cloud migration, include endpoint security as cloud security is about covering your entire extended network.

5-   Use the right technology to protect data

Closing off security gaps across a cloud infrastructure and beyond needs the application of the right technology at the right juncture. The areas detailed in our 4 earlier points will give you the know-how to make the right technology choices. The following technologies are just part of the tech-stack you should engage across your extended cloud infrastructures and out to endpoint devices:

  1. Encryption should be applied to both data at rest (stored) and data in transit (shared). In the earlier mentioned Thales/Gemalto study 100 % of companies admitted that at least some of the sensitive data they store in the cloud is not encrypted.
  2. Authentication should be used to manage and control access to resources and to drive authorization requests during transactions. Look to use multiple factor authentication (MFA and 2FA) where needed. Apply rules to enhance authentication, such as risk-based authentication, as appropriate.
  3. Smart monitoring of behavior can help to prevent data leaks. Increasingly, machine learning-based technologies are being applied to prevent theft by malicious insiders as well as external cybercriminals.
  4. Endpoint security can take many forms, typical technologies include Endpoint Detection and Response tools (EDR). These tools are installed onto endpoint devices and continuously look for signs of a cyber-attack. If an attack pattern is found, administrators and end users are alerted.

Conclusion

Cloud computing gives businesses the flexibility to cope with crises, including the COVID-19 pandemic. Without cloud computing, this whole episode in human history may have had a much more negative impact on business. However, the flexible and distributed nature of cloud computing that allows us all to work remotely, has also allowed malicious actors to take advantage of our systems. This is why when accelerating your cloud migration, you also need to consider security as an important aspect of your cloud strategy.

 

New call-to-action

Avatar
About author:

Latest Webinars | Watch Now

Cybersecurity, Cyber Crime and Your Business — How to Strengthen Your Cybersecurity Posture – In collaboration with Cytelligence

Watch Now

Cybersecurity 101 for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now

Introduction to Technical Security Testing for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now