With business operations shifting to a distributed, decentralized way of working, the need for organizations to migrate to the Cloud has become acute in recent years. In fact, research and advisory firm Gartner predict that by 2023, as much as 40 percent of enterprise workloads will be migrated to the Cloud.
The big question is, “Should your organization migrate to the Cloud? What are the security risks to keep in mind when you decide to take the plunge?” Here’s our take on what you need to know as cloud migration becomes the next step to scale your business.
Why should you migrate to the cloud?
Cloud migration almost works like moving your data from one physical data center to another in order to reap the benefits of a cloud environment. The main difference is that when migrating to the cloud, you don’t need to physically haul and secure any hardware, like what you have to do when moving to a new (physical) location.
Organizations of all sizes and industries can benefit from cloud migration. For small and medium-sized organizations (SMBs), cloud migration allows them to be nimble and adaptive to the vast changes within a short amount of time. For larger enterprises, offloading at least part of their infrastructure to the cloud enables them to focus on innovating and growing the business without worrying too much about the overhead costs.
There are numerous benefits of migrating to the cloud for organizations of all sizes. Some of these include:
1. Reduced Costs
Migrating to the Cloud (either fully or partially) reduces the cost associated with maintaining the physical equipment since the Cloud Service Provider (CSP) does this for you. For instance, consider the scenario of five-year price comparison.
Let’s assume that you refresh your infrastructure every five years. You’ll buy your new server in the first year and you’ll replace it in the fifth year (as the technology becomes obsolete or there is wear-and-tear of hardware with use). With a cloud infrastructure, you can potentially save up to an average of 79% in your IT budget by opting for a cloud solution. This leaves more budget for things that bring your organization more business value and room to innovate.
2. Greater Agility and Scalability
Cloud infrastructure allows you to only use what you need and adapt to your business’s changing needs. You neither waste extra hardware capacity nor be constrained with them in case of the demand changes, providing you scalability at its best.
3. Access to the Latest Technologies
A major drawback of on-premise applications is that most of their contracts require either a long lock-in period or end up obsolete after a few years. Making use of cloud infrastructure allows you to take advantage of the latest technologies without worrying about negotiating contract terms or becoming obsolete in the long run.
4. Greater Productivity and Growth Opportunities
In a business environment where more companies have a distributed workforce located in several locations, migrating to the cloud enables your staff to access workloads from anywhere with Internet access. A global organization unlocks more potential opportunities and markets, therefore adding more to your growth pipeline.
5. Improved Security
Cloud computing, unlike on-premise infrastructure, operates on the principle of shared responsibility. Cloud solution providers (CSP), who are responsible for the security of the cloud, ensure that their data and operations centers remain secure and compliant with the relevant standards. This takes away some security woes off your hands and leaves you some time and mental bandwidth to focus on other tasks.
Cloud Migration Security Risks
That said, under the shared responsibility model, you are still responsible for security in the cloud. This means it is still on you to make sure your workloads are safe and protected when you migrate from on-premise to the cloud.
The top security risk when migrating to the Cloud continues to be misconfigurations. A misconfigured Web Application Firewall (WAF) was the gateway to the Capital One attack, one of the biggest cloud security breaches in recent history.
In fact, Gartner states that “through 2025, 99% percent of cloud security failures will be the customer’s fault.” Without a means to proactively monitor your cloud environment, your total attack surface continues to be in jeopardy.
Here are some risks to watch out for when undergoing cloud migration:
1. Architectural Concerns
Cloud migration typically requires a re-architecture (either fully or partially) of the organization’s systems to not only take advantage of the cloud but also to ensure that existing applications work properly. This slows down the migration process, especially when there’s a need to hire more people with the right skills and expertise.
Tip: Fortunately, with the right amount of planning and adoption of best practices you can mitigate interoperability issues and get up to speed quickly. This is especially important if you plan for a hybrid cloud setup that combines both cloud and on-premise workloads.
2. Cloud Sprawl
Yes, there’s such a thing as migrating to the cloud too fast and too soon. One effect of rushing through migration is cloud sprawl or the uncontrolled creation of new workloads without proper communication and monitoring. In a report by Gartner, they found out that less than 30 percent of organizations have a documented cloud computing strategy, causing uncontrolled cloud sprawls and are potentially overspending as much as 42%, according to recent data compiled by Densify. Not just this, on average a SMB, subscribes to 32 software-as-a-service (SaaS) vendors, each running their own version of data storage, having access to sensitive information in your infrastructure and thereby further exposing your attack surface.
Tip: Cherry-pick what you want to migrate first (preferably workloads that are not too business-critical) and assess its impact before continuing on with the rest.
3. Legal/Compliance Issues
You should understand security compliance and data privacy regulations before migrating to cloud services. This measure is especially essential if you operate in a highly regulated environment, such as healthcare or finance. Your security teams should determine how your organization can meet requirements for storage, encryption, backup, and transfer. Virtually all major cloud Services Providers have compliance certifications for popular regulations, such as PCI-DSS, GDPR, MAS TRM, APRA, etc. However, even with these accreditations, enterprises should encrypt or exclude personally identifiable information before migrating to the cloud. If not, this can potentially land you in a pool of legal and compliance issues.
Tip: Monitoring for compliance need not be a complicated process. A cloud security posture management (CSPM) application geared towards cloud compliance scanning can help you ensure that migrating to the cloud need not compromise your credibility in your next audit.
4. Giving Too Much User Privileges
In January 2021, Internet of Things (IoT) vendor Ubiquiti Inc alerted its customers of a customer data breach due to unauthorized access to its cloud database. They could not confirm, nor deny if any of the customers’ personal information was exposed. Many cloud providers set their workloads to use a wide net of privileges to make it easier for users to set up and get going. While this makes it convenient for people to set things up, it also makes it easy for unauthorized users to access your data.
Tip: When migrating to the Cloud, make sure your Identity and Access Management (IAM) controls follow the principle of least privilegeIdentity and Access Management (IAM) controls follow the principle of least privilege so that your users only have the minimum amount of access needed to complete their jobs, without restricting the speed to innovate.
5. Data Loss
When handing over control of storing data to another party, there’s always a chance that important data gets lost. This could be unintentional (a staff member accidentally deleting something), unavoidable (natural disasters like floods or earthquakes), or malicious (an attacker gaining access to your organization’s storage and deletes everything).
Tip: In order to mitigate the risk of losing data, have a good understanding of your chosen CSP’s storage model and figure out the responsibility line. Also, don’t forget to consider the possibility of the service offering being changed or even the possibility of bankruptcy or acquisition.
In a nutshell, cloud migration brings in a lot of benefits that can help your organization in the long term but is not something you just jump into and call it a day. It requires an assessment of your current landscape and a solid strategy on how to migrate your workloads while mitigating the security risks associated with it.
We know this sounds like a lot to do and with too little help. But to help you take the plunge, Horangi Warden can streamline the process of assessing your security posture and even help you remediate some of its findings with just one click. Get a free risk assessment to understand your cloud security posture with a Horangi specialist. Contact us today!