As increasing numbers of organizations take the leap toward cloud-based computing resources and databases, a growing epidemic of mishandled migration has seen larger and larger shotgun blast radii of malicious attacks. Lack of enterprise-wide visibility into the data migration process can actively harm the security stance of forward-facing firms, thanks to a widespread overreliance on the ‘lift and shift’ method.
The Pros of Cloud Migration
Moving the weight of an organization’s digital assets, database, IT resources, and services into the cloud is no small feat. This can be a major demand on day-to-day operations even if the organization is simply switching from one cloud provider to another.
Despite the operational challenges, there is no doubt around the real benefits that arise from always-on access to the cloud. Thanks to the scalable pricing structure for cloud computing, for instance, organizations only need to pay for the resources actively in use. IT assets that are only occasionally required can be paid for on an as-needed basis. The more efficient resource management offered by cloud-based models allows for run operation savings of up to 50%.
Scalability applies not just to the financial realities of cloud-based operations, but also to resource provisionment. When demand spikes, cloud-based compute resources are better adapted to rapidly meet current requirements. The ability to alter resources on-demand provides a flexibility that is nowadays expected of always-on services. After all, nothing damages user experience like outages.
Alongside allowing an organization’s product or service to better fit user demands, the geographically broad variety of cloud providers further allows for the implementation of edge-based computing. By making use of servers and platforms that are geographically closer to the end-user, latency can be cut significantly, improving performance throughout global minded organizations.
Finally, the flexibility is extended even to the cloud’s own implementation within the organization itself. In order to preserve the value within current IT investments, many organizations choose a hybrid cloud model. This sees the migration of some workloads onto the cloud, while some higher-security or more legacy environments can remain on-premise. The sheer flexibility offered by cloud providers filters down to the customer, as organizations are better equipped to rapidly respond to changing consumer and market demands.
Finally, cloud resources and data centers alike can be monitored from a single screen, if the cloud provider offers a central management tool. This streamlined visibility offers one final benefit into the inner workings of even complex tech stacks.
The Price of Mismanaged Cloud Migration
The hypothetical benefits presented by cloud-based computing are numerous; actually achieving each organization’s full computing and security potential is proving to be a whole other matter. Cloud implementation can present unexpected demands on the underlying architecture propping up mature organizations. This is evident in the number of organizations that experience difficulties and delays in the migration process. For instance, 43% of organizations surveyed in the Jefferson Frank Career and Hiring Guide stated that the delays around their AWS go-live date exceeded a month.
On-prem to cloud is far from the only form of migration being utilized today. Since cloud computing is now so common, many organizations are reliant upon multi-cloud setups. This can be the result of mergers and acquisitions, or one cloud platforms’ better suitability to certain mainframes and datacenters. When an organization finds a provider that better provides a certain product, certain data will need to be migrated into its own.
While customers and employees can find frustration in a mismanaged or incomplete migration, the security repercussions of mishandled migration can expand far beyond end-user dissatisfaction. After migration is complete, 20% of CISOs claim that they don’t know what database the organization’s sensitive data is stored on. This sensitive data includes personally identifiable information such as health, password, payment, and contact info. The final piece of the data made up some of the most common sensitive data held in cloud storage.
A lack of visibility into the location and handling of this data implies a widespread reliance upon a tactic named ‘lift and shift’. This migration strategy simply moves from on-prem to cloud with no change toward cloud-specific data security controls.
How to Prevent Gaps in Cloud Migration
Organizations cannot protect what they can’t see. Keeping an up-to-date inventory of sensitive data that exists across cloud and on-premises can present an extraordinarily difficult task. The spread-out nature of cloud environments further makes the identification of policy-violating events harder. Ultimately, data security in the cloud has grown out of the grasp of compliance monitoring. Data controls are a vital component to a secure cloud environment, and the vast majority of on-premises data visibility tools require complete replacement when data is moved over to the cloud.
While actively protecting against a myriad of attack vectors, and outright preventing DDoS attacks, are inherently fantastic for responsible PII management, they are also requirements for industry certification. For example, Payment Card Industry (PCI) DSS certification requires the organization to implement a number of best practices. Firewall installation, encryption of all in-transmit data, and rigorous anti-virus software are all the bare minimum of PCI DSS.
The answer to this is a single solution that provides complete cloud visibility across multiple cloud infrastructures. With no disruption to user workflows, cloud protection should adapt to self-managed systems or fully outsourced databases. With a higher degree of data visibility than ever before, web applications and API attacks can be monitored for data exfiltration attempts and malicious abuse. By tracking who’s accessing what – and observing the data activity of every active employee and application – split-second decisions can be made around potentially malicious activity.
