The cloud is ready for you—but is your security strategy ready for the cloud?


With the great power of the cloud comes great responsibility—to secure your data and infrastructure. Yet, security can often be sidelined in the race to migrating to the cloud.

It’s common for organizations to jump head-first into the cloud without a full-fledged, comprehensive security strategy. And, inevitably, vulnerabilities will be exposed once the applications and data are live in production. Even seasoned IT professionals sometimes make assumptions about the cloud that can put the enterprise at risk. 

For example, you may be moving one or more apps into a multi-tenant environment, in which your applications share resources with those of other customers. With the data of different tenants stored on the same server, it’s possible that one tenant could impact  access to another tenant’s data. Or, automated deployment scripts in an external repository could inadvertently compromise data stored on the cloud, exposing your organization to credential loss.

When you’re focused on the potential benefits of cloud migration, it’s all too easy to overlook the risks. The good news is that you can take decisive steps to bring your organization the best of both worlds—the cloud and a strong security posture.

Five questions to ask before you migrate

The following are key questions to ask as you work to safeguard your organization’s cloud ambitions:

1.  Did you configure your cloud migration with security front and center? Public cloud options like Azure, AWS, and Google Cloud have their own robust security systems—but your data is only as secure as the configuration you create. Make sure you include key safeguards like multi-factor authentication, automated password policies, multiple logins with appropriate access controls, and separate development and production environments. Upfront, build governance and monitoring into your migration planning. And, you may need extra measures to ensure secure transmissions and compliance with HIPAA, PCI, SOX, and other data privacy regulations.

2.  What is your plan for storing data in the cloud? Managing storage in a cloud bucket requires more than a set-it-and-forget-it approach. It’s best to document what is stored and where, and ensure that each repository is protected adequately. Many cloud storage services are configured by default to provide little or no security for data that is shared or used for application workloads.

3.  How secure are the enterprise resources deployed in the cloud? Any application, even with the most robust implementation, can be vulnerable, so it’s wise to isolate apps and, ideally, to invest in network segmentation and zero trust models even inside cloud accounts. These common sense tactics are standard in local deployments, but often skipped over in the haste of cloud migration.

4.  Are your current backup and recovery capabilities up to par? You might assume that the cloud is immune to failure. That’s a bad assumption because cloud servers can malfunction or fail just as on-premise servers do. Never underestimate the possibilities of human error—an inadvertent command from a valid administrator can bring down an entire database or application no matter where it is located. Moreover, you need an effective backup and disaster recovery strategy no matter where your data and applications reside. 

5.  Are you using a consistent, repeatable process to deploy assets to the cloud? Using automation tools to deploy assets to the cloud is one of the best ways to ensure security. A repeatable, reliable approach ensures consistency and provides a configuration record that you can review. And, you can use change control to manage future changes. Smooth implementation will require a concerted effort between development, security, and operations teams—a topic we’ll explore in greater detail in an upcoming post.  

If you’re wondering how to create a cloud strategy that combines governance and security, we can help. Contact one of our consultants today, and we’ll be happy to help you navigate the path ahead.


September 30, 2018