The events of 2020 accelerated organizations’ cloud migration journeys. In the words of the International Data Corporation (IDC), “the abrupt and wide-ranging disruptions caused by the pandemic have forced enterprises to aggressively adopt technologies that improve their agility, responsiveness, and resilience. Cloud is one of these technologies.”
The Benefits of Cloud Migration
Microsoft identified five benefits that explain why organizations are migrating to the cloud. These are as follows:
- Save time and money in terms of resource, maintenance, and real estate. It also empowers organizations to optimize their cloud workloads in a way that requires fewer resources to run. This saves them even more in the long run.
- The flexibility to only pay for cloud resources that they use. As their requirements change, they can then instantly scale or draw back their cloud requirements in a way that complements their business needs.
- Built-in back-up and recovery capabilities that organizations can use to ensure their business continuity. Additionally, many cloud platforms come with the ability to store backups in different geographic regions.
- If their cloud service provider (CSP) provides a central management tool, organizations can easily manage and monitor their cloud-based resources (and possibly even their on-premises assets) using a single pane of glass.
- Specific offerings designed to help businesses to fulfill their compliance requirements. Some platforms also come with built-in security features and automatic platform patches that help to keep customers’ resources safe.
The Risks in Cloud Migration
Contextualizing the Challenge of Cloud Security
The last benefit included above is interesting. That’s because security is oftentimes cited as one of the chief obstacles to cloud migration for many organizations. In March 2021, for instance, BetaNews covered a report where 81% of respondents cited cloud security as the main challenge for adopting a cloud strategy. Cloud spending and governance weren’t too far behind, at 79% and 75%, respectively. Those findings help to explain why 57% of participants in a Ponemon survey we sponsored indicated that security was their number one priority as they migrate to the cloud.
To understand why cloud security is such a challenge to organizations, we turn once again to Microsoft. The Redmond-based tech giant put it this way: “Although cloud providers offer a variety of security and compliance offerings, migration customers are responsible for implementing the right solutions for their needs.”
The shared responsibility model testifies to this reality. Microsoft and other CSPs might be responsible for protecting the cloud platform’s underlying infrastructure, but customers are still responsible for controlling access to the data and applying other controls that facilitate security “in” the cloud. The issue is that organizations don’t always know they have responsibilities for cloud security, leading them to leave themselves exposed to a host of security threats.
As an example, organizations might not protect their administrative credentials used for accessing their cloud deployments. A malicious actor could compromise those details, use them to span new cloud instances, and connect to other instances for the purpose of stealing their data, noted InformationWeek. There’s also the possibility of an attacker exploiting API vulnerabilities or weaknesses affecting shared cloud services to access organizations’ information.
That’s just security, keep in mind. It’s the only con of cloud migration. Per Microsoft, sufficient planning doesn’t always go into a large-scale cloud migration. Without a detailed plan, organizations might underestimate the time, money, and resources that are initially required to complete the migration, thus affecting other projects. They might also suffer unexpected downtime that could further undermine their business objectives.
Mitigate Risk with a Migration Strategy
Organizations can mitigate some of the cloud migration risks discussed above by defining a cloud migration strategy. This strategy should include the participation of business, technical, and leadership stakeholders. It should also stage the migration in batches rather than all at once to minimize downtime and save costs.
As for security, organizations need to make sure they have visibility into the cloud. This is oftentimes lacking. In our study, just 13% of respondents told Ponemon Research that they have more than 75% visibility across all their security tools regardless of where they’re located. A far greater proportion (69%) said that they had less than 50% visibility. What’s more, only 36% of survey participants said that they were even measuring visibility across their on-premises and cloud deployments. This helps to explain why just 11% of respondents rated their cloud security confidence as between 9 and 10 out of 10. The most common rating was 1 and 2 at 36%.
Cloud visibility doesn’t need to be lacking. ReliaQuest’s security operations platform comes with the ability to integrate disparate tools across the security stack—including the cloud—to build a single, complete view of the threats confronting customers. This contextual visibility enables organizations to visualize and subsequently eliminate attacks in their entirety.
For more information, visit: Cloud Security Best Practices.