Cloud Migration – Security Risks and How to Mitigate ThemChandrashekar Kodiguti
Listen on the go!
Cloud computing is an innovation that has witnessed more tremendous growth than any other emerging technology in the last century in a very short period of time due to the numerous benefits that it offers that every sector and business can take advantage of.
The benefits are: scalability, which balances the fluctuating workloads as per organization demands; efficiency, which otherwise organizations have to pay attention to in terms of frequent health checks and maintenance; the third one, cost savings, because organizations have clear visibility of choosing and controlling the services as per their business requirements; and the other one, security, for which most of the due diligence is taken care of by the cloud providers and makes organizations only focus on their actual business needs.
In the present situation, undoubtedly, 2020/21 witnessed the world adapting to the global pandemic and put more focus on shifting the entire organization’s resources to the cloud rather than utilizing some of the services which are expected to be scalable as per customer demands.
As per Gartner, there is expected to be massive growth in cloud adoption and by 2022 it will be around $482 billion, up from $313 billion in 2020.
It can’t be limited to a specific sector or specific industry, but the entire next generation of organizations will focus their shift to cloud adoption on ranging sectors from manufacturing to health care, to entertainment, and the Internet of things.
Although the multitude of benefits that cloud computing platforms offer, there are inherent challenges and risks that may arise due to known or unknown factors like lack of the right strategy, not utilizing the cloud services properly, and most importantly, not applying the secure controls as per the organization’s business needs and goals.
The cloud applications and data pose the same level of threats or risks when compared with traditional data center applications and data. The root cause of challenges specific to cloud migration differs due to various factors.
The most prevalent security risks that every organization should consider and plan for appropriate remediation while moving resources to the cloud are as follows.
Customers have less visibility when compared with traditional data center models
In the traditional data center model, customers have clear visibility over the various resources that are there at each location and have the proper segregation of roles and access controls to these resources as per the organizational business policies.
While in cloud environments, customers lose some visibility of the resources due to a lack of a migration strategy and subsequent assignment of access controls for each resource and application.
Even though resources are onboard and offboard frequently, assigning and managing controls to these resources is a difficult task for the IT department.
Data is always available over the public network
In contrast to traditional data center access controls where sensitive data is stored, enforcing various types of controls ranging from locked physical locations, deploying offline servers, and isolating data networks to deploying best-in-class firewalls and taking advantage of various cryptographic methods available in organizations to protect the data.
In cloud environments, data is stored in several locations as per the application needs, size, and archiving needs of data.
Also, regardless of the sensitivity of the data, it is always available over the public network, increasing the attack surface.
Even though data is the only resource that should be always protected by customers in any of the available cloud models, most of the customers fail to understand this important diligence.
On-demand provision of resources
The key benefit in cloud environments is the provision of resources and applications as per customer demand, which eases the business operations seamlessly, but it also increases the risk associated with those new resources and applications.
For example, it may spin up resources that are not actually needed by the organizations, resources which are not authorized by organization security policies, not applying proper access controls for each and every resource as per organization security policies, and also the risk of users using specific software which they are not supposed to use.
In large enterprise environments where resources and applications are most frequently spined-up and down, thus increasing the risks of applying proper access controls for all these resources.
Too many user roles and privileges
Cloud providers have created a massive number of user roles and permissions to make customers benefit from varying organization needs and policies and have granular control over each resource, but failing to understand and assign these roles by the organization’s IT department in-line with the organization policies puts most of the applications and data at risk.
In traditional data centres, the IT department is clearly aware of the users, roles, and access control matrix created by the department personnel itself, which is not the case in the cloud provider’s environment.
Fail to understand shared responsibility model
Customers have flexibility in choosing specific cloud models (IAAS, PAAS, SAAS,) among various cloud providers, but most customers are not aware of responsibilities that vary depending on the chosen models.
Customers have more flexibility in choosing platforms, servers, and software specific to their business needs in the IAAS (Infrastructure-as-a-Service) model, but customer responsibilities around security are greater in this model when compared to other models; in other words, except at the physical layer, cloud customers have responsibilities at every other layer.
In the PAAS (Platform-as-a-Service) model, customers can mostly focus on organization roles and access controls and share application level security with the cloud provider. All the physical and infrastructure layer security is taken care of by cloud providers.
In the SAAS (Software-as-a-Service) model, except for customer data, the cloud provider takes full responsibility at each layer and shares some of the application level access controls with customers.
If we closely notice, in any chosen cloud model, cloud customers should always have the responsibility of securing data, so organizations should not ignore the important fact that migrating their resources to the cloud doesn’t imply the responsibilities are completely handed over to cloud providers and customers have their responsibilities as per the chosen cloud model.
Tips to mitigate the cloud migration security risks
Organizations should, with proper due diligence, be able to avoid these risks by incorporating the below.
- Prepare and implement a proper migration strategy while moving resources to the cloud.
- Apply secure configuration settings for all the resources.
- Define and implement a proper access control matrix based on user roles and permissions.
- Identify and clearly segregate all cloud resources as per business criticality and apply relevant access controls.
- Apply strong data security access controls regardless of the chosen cloud model.
- Implementing standard cryptographic measures for data in rest and transit.
- Frequent rotation of cryptographic keys.
- Clearly understand and thus take up responsibilities as per the chosen cloud models.
- Do not use untrusted IAC templates for creating cloud resources.
- Run cloud configuration audit scans on a regular basis and prioritize remediation.
The quick assurance of data center and cloud applications and infrastructure is facilitated by a typical cloud assurance platform.
The Cloud Assurance Platform helps companies improve their strategy, test execution visibility, coverage, and compliance while assuring quality during cloud migration, data center transformation, and modernization initiatives.
A good cloud assurance platform will also enable you to use a catalogue-based testing approach, enable cost predictability, accelerate time-to-market, and execute infrastructure test automation with efficiency.
Cigniti has a strong body of technical and business differentiators which can help it achieve a niche in the cloud migration assurance space.
The business differentiators include independent testing services, early warning signals, and vertical specific expertise in understanding of business processes and requirements across verticals to be able to deliver value-added solutions.
Get maximum value from your cloud transformation journey with Cigniti’s Cloud Migration Assurance services. Schedule a discussion with us to consult with our experienced team of cloud migration assurance experts.