While many executives acknowledge the financial and operational benefits of migrating their company’s data and applications to the cloud, questions remain about cloud security. In our latest webinar, we asked HOSTING CISO Johan Hybinette and Alert Logic’s Solution Architect Cliff Turner to share their insights regarding potential security challenges in migrating to the cloud. Missed it? You can access the on-demand webinar here. Read on for highlights of their conversation.
IT’s “cultural mindset” a factor when planning a cloud migration
According to Cliff, many companies rely on fragmented in-house IT teams that don’t work together on a regular basis. In some cases, they don’t have the necessary experience in order to migrate their technology assets or manage their cloud environment. Engaging with an experienced cloud service provider (CSP) gives them a team of experts that they turn to for additional support.
“The cloud changes the cultural mindset of IT,” says Cliff. “They realize, ‘I have a partner whom I can lean on for additional expertise.”
Johan notes that some of the reluctance that companies have regarding the cloud stems from the fact that they don’t have a disaster recovery plan in place that includes a secure data backup. Requiring that the CSP provide a detailed service level agreement (SLA) that clearly outlines its disaster recovery process can alleviate this issue.
“Customers need to make sure they have SLAs in place,” Johan recommends. “This will help them to understand their responsibilities as well as those of the cloud provider.”
Security questions to ask before embarking on a cloud migration
While engaging with a CSP allows IT organizations to do more with less, they need to thoroughly research the CSP’s capabilities. Both Cliff and Johan emphasize the need for companies to ask detailed questions of their potential CSP including:
- Do you have an in-house security team?
- Do you have a compliance team?
- What are your security policies?
- Do you have a disaster recovery plan in place?
Cliff also recommends that organizations evaluate their existing “security toolset” before migrating to the cloud. For example, when implementing the Alert Logic Intrusion Detection System, Cliff’s team needs to have access to network data. This can be a stumbling block for some companies who utilize a public cloud and can’t readily access that type of data.
“Think through your security toolset and ask if it will work in the cloud,” Cliff recommends, “Know that you can’t forklift everything (i.e. your IT assets) over and expect it to work.”
Why agility matters when adapting IT security strategies to the cloud
Cliff emphasizes that “the cloud changes agility.” In a race between cloud solutions and security, cloud beats security every time. Why? While companies can spin up a server instantly via the cloud, putting security measures into place can take months. Organizations planning a cloud migration need to collaborate closely with their CSPs to ensure that their cloud and security solutions are in alignment.
“When your cloud server comes live, so does your security,” Cliff points out. Johan recommends that companies invest in a comprehensive security assessment to ensure their security posture can keep pace with their cloud environment.
The benefits of investing in Compliance-as-a-Service (CaaS)
“Companies are struggling with compliance and are looking for guidance,” states Johan, “They need to select a compliant cloud hosting provider who can help bridge the gap between the cloud infrastructure and their applications.”
Some CSPs such as HOSTING offer Compliance-as-a-Service which guides organizations through the necessary steps in order to be compliant. Many companies scramble to prepare for their yearly compliance audits, interrupting normal business operations and impacting productivity. CaaS enables companies to continuously track their required compliance activities so that they can identify and address any gaps immediately.
As with compliance, Cliff advocates that companies invest in intrusion detection systems that allow them to create a proactive stance against threats. These solutions can align with CaaS, ensuring that organizations are covered in both areas.
Security challenges hampering your cloud migration plans? The HOSTING team can help resolve them. Contact HOSTING anytime with your questions. In the meantime, you can download the following resources for more info.
HOSTING White Paper – Avoiding the Breach: What You Need to Know About Online Security
Alert Logic 2014 Cloud Security Report: https://www.alertlogic.com/resources/cloud-security-report/