Migrating to and using cloud environments – public, hybrid or multi – is a source of real investment and positive change for companies. The cloud is the powerhouse that drives digital organizations.
Related: Cloud security frameworks are needed
Gartner predicted that spending on public cloud alone is expected to exceed $500 billion in 2022, a 20% growth over last year. But the importance of a company’s built-in security measures is often overlooked in the migration process.
For cloud migration programs to be successful in the short and long term, organizations must have an established cloud security policy to guide cloud operations, identify and mitigate vulnerabilities, and defend against cyberattacks – before only one byte is migrated.
• Design with safety first. While moving to the cloud should follow a standardized approach, the order of operations is often prioritized in favor of quick results, not security. When security becomes an afterthought, best practices are ignored, mistakes are made, and vulnerabilities are introduced, which can lead to significant risks, costs, and downtime down the road.
By considering security first (not a detail to add later) and fully understanding cloud technology and risk exposure, your organization can ensure the cloud architecture is secure before data is migrated Offsite. It can slow you down, but designing with safety first can save you a lot of trouble down the road. For example, companies must plan to secure the perimeter with access protocols and controls, which is very difficult to do once the systems are in use.
• Avoid using the same security measures as on site. Security controls will be a major aspect of your cloud security policy. While it’s essential to consider the security measures you use on-premises, don’t just replicate them in the cloud. Instead, assess your cloud provider’s security controls, especially its identity and access management offerings — which increase security and convenience, if done right.
• Take a layered approach. A multi-layered defense is an essential part of any winning cloud cybersecurity posture. From the simplest protections like antivirus, multi-factor authentication, patch management software and employee security awareness training to the most advanced features like SIEM and conditional access, adding layers provides a vital safety net should anything fall through the cracks.
As the business grows and new threats emerge, you can scale and add additional controls as needed. The trick is not to go crazy for tools. Visibility into your cloud security posture is essential, but if it takes an army to sift through dashboards and alerts, things can quickly get out of hand. Layer, but ensure proper integration of security information into your controls for full stack observability.
• Know where your data resides and what is most critical. Knowing where your cloud data (especially your most sensitive data) is stored can help inform your security policies and meet compliance obligations, such as keeping data within national borders. When developing your cloud security policy, ask your provider where your data is located geographically and if it might be moved between different data centers to increase latency, meet SLAs, or mitigate data loss.
What controls are in place to protect data as it moves? Also, prioritize the most important data types. By identifying the “crown jewels” in your data, you will be able to make better decisions about the tools, time, and talent for your security program. After all, if you don’t know what or where your most sensitive data is stored, you can’t protect it.
• Review your policy often. At a minimum, plan to review your cloud security policy annually. However, if you plan multiple digital transformation projects or work in an agile environment where applications are developed or updated quickly, such as two-week sprints, consider tying your policy review to your pace of change. It will also likely be a compliance-related need as regulations, such as the new rules proposed by the SEC, take shape.
•Make it sustainable. A cloud security policy can help protect cloud data and improve your ability to quickly respond to threats. But these measures must also be sustainable. You can’t enjoy the benefits of the cloud if you don’t make security a priority from the start. And for that, you need to cultivate a security-focused mindset in the face of migrations and future digital transformation.
About the essayist: Steve Schoener is Chief Technology Officer, at ECI. Prior to ECI, he was IT Manager for DW Investment Management in New York; he was also previously at UBS Investment Bank as an associate director. Schoener holds a degree in computer science from the State University of New York at Albany.
*** This is a syndicated blog from the Security Bloggers Network of The Last Watchdog written by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-the-key-to-a-successful-cloud-migration-embrace-a-security-first-strategy/