What is Good Cloud Migration Security?
Cloud adoption continues to be important for many organisations as they transform how they do business in today’s digital world. While there are many benefits associated with cloud adoption, the security implications of moving to the cloud cannot be ignored if organisations are to fully embrace it, writes Jonathan Nguyen-Duy, Vice President, Global Field CISO at Fortinet
Cloud migration is the process of transferring an organisation’s data and apps from on-premises servers to a cloud infrastructure. A cloud infrastructure enables organisations to access data storage requirements and computing capabilities when they are needed.
Rather than creating on-premises IT infrastructures or leasing data-centre space, organisations can rent cloud infrastructure and their required computing capabilities via third-party providers. This can mean cost savings to an organisation’s operating budget due to lower spending on energy bills, IT personnel, hardware, servers, and software that are needed for a physical data center.
Other key benefits of cloud migration are agility and flexibility. Cloud infrastructures are highly agile and flexible because they are self-managed and allow users to spin up new services and make changes in a matter of minutes. This permits organisations to be more focused on business and bottom-line issues rather than being bogged down in IT matters.
Cloud platform and infrastructure works through an abstraction process, such as virtualization. The goal is to separate resources from the physical hardware they are typically installed on and put them into the cloud. These virtual resources are provisioned into cloud environments using tools like automation and management software, enabling users to access the resources when they need them from wherever they are working.
When we talk about cloud infrastructure, we’re referring to the tools that are used to build a cloud environment. When we talk about cloud architecture, we’re referring to the design or blueprint of specifically how the various technologies for creating a cloud computing environment will be connected. There are three types of cloud architecture:
Public cloud architecture uses third-party cloud providers to make cloud resources available to multiple customers via the internet. These providers operate multi-tenant environments that lower the cost of data storage and computing power for customers. Public clouds can have a drawback: privacy issues for organisations that handle sensitive data or personally identifiable information (PII).
In a private cloud architecture approach, cloud infrastructure is only accessed by the organisation. The private cloud architecture can be built, developed, and maintained by a company’s own IT teams or delivered by external providers. Private clouds as their name implies address the drawback of the public cloud issue with privacy.
A hybrid cloud model is considered the best of both public and private architectures. The hybrid approach allows private and public cloud infrastructures to interact within a connected but separate system. This is ideal for organisations that handle sensitive information and PII, allowing them to store their critical data in private clouds and while keeping less sensitive data in public clouds. With a hybrid cloud architecture, organisations can maintain their private environments while accessing all the benefits of public cloud services for other computing tasks and storage.
There are three main types of cloud migration:
- On-premises to the cloud
- Cloud-to-cloud migration
- Reverse cloud migration.
When moving data that is being hosted by on-premises servers to the cloud, you will be typically using a technique that’s called “lift and shift.” This is the transfer (or “rehosting”) of an exact copy of your current environment without making extensive changes.
This is the fastest and simplest way for an organisation to start taking advantage of the cloud. As for moving data between clouds, say public and private ones, it will be done mostly likely because you want to keep it more secure. On the rare occasion where data becomes no longer important or obsolete, a reverse cloud migration may be employed to free up space and archive it on a local storage device.
To save time and expenses, cloud migration experts recommend some procedural tasks be performed before migrating data. The tasks include doing an audit and deciding what data and applications to retire and what ones to retain and migrate to the cloud.
There are several security-related challenges that organisations must overcome in the process, including compliance breaches and malware. Because the cloud is ever-evolving, some vendors will handle the changes well and some won’t. If a cloud provider goes out of business or has a dramatic overhaul, any enterprise using their services might be exposed to risk because of the upheaval.
Another cloud migration risk involves its reliance on the internet, meaning “any cloud solution is only as solid or reliable as the network connection it is built on.” It’s difficult for an enterprise and its users to accept downtime when apps and services aren’t accessible. Cloud infrastructures must have dependable connections and networks that are supported by service level agreements (SLAs).
A cloud migration security strategy must also consider that data controls are transferred from the organisation to a cloud service provider. For the strategy to be effective, there must get buy-in from enterprise leaders. They need to accept the trade-off of getting cloud computing benefits while having less or limited control over access to applications, data, and any server-based tools.
Recently, a cloud survey showed some of the concerns about cloud migration from IT leaders mentioning a lack of visibility, high cost, lack of control, and lack of security as the biggest unforeseen factors that slow or stop cloud adoption.
The key components of a strong cloud migration security strategy, should include:
- Enabling access control
- Cloud migration security solutions need to offer access control across the cloud infrastructures, enabling them to secure applications and provide access management and connectivity between data centres and the cloud.
- Applying automation to avoid misconfigurations
- A viable strategy for cloud migration has to incorporate security with continuous evaluation of configurations across regions and public cloud types while dynamically analysing activity in the public cloud infrastructure to identify potentially malicious activities. Organisations should look for highly accurate and automatic solutions powered by on-device machine learning capabilities, as well as the flexibility of form factors from containers to virtual machines to SaaS.
- Prioritising visibility across the cloud environment
- Organisations need a single-pane-of-glass to gain visibility and enforce consistent security policies throughout the entire cloud infrastructure to effectively manage risk. Cloud migration security solutions need to provide visibility across the cloud infrastructures, allowing administrators to see both inline security, as well as cloud configuration security to build a comprehensive view of risk.
- Establishing who is responsible for what
- Assigning responsibility to the cloud migration tasks is a necessary for keeping the procedure secure.
- Protecting connectivity
- Cloud strategies are only as successful as the networking and security that connect and protect the cloud compute – whether private, public or hybrid. As organisations deploy cloud infrastructures and shift toward multi-cloud, secure connectivity across these various environments is critical to delivering better user experience and business outcomes.
- Networking, security and computing all have to work together, so consider how to optimise access and security from the outset, and not as an afterthought to cloud adoption.