Global spending on public cloud services is projected to grow to over $332B in 2021, according to Gartner. While this growth can largely be attributed to the pandemic’s upheaval, it also shows a larger movement towards expanding digital operations.
However, recent events like the SolarWinds breach are stark reminders that organizations need to be acutely mindful of how to configure and manage cloud settings, applications and most importantly, security posture. These are extremely intricate environments, further complicated if there’s an on-premises to cloud switch.
To safely migrate operations to the cloud, organizations need to have a thorough plan ahead of time that is centrally focused on governance and security. Security teams need to prioritize steps below following recent high-profile breaches:
Creating a team & planning process
Last year, 68% of global CIOs stated that “migrating to the public cloud and/or expanding private cloud” is a top driver of IT spending, a 20% increase from the previous year. As more organizations shift operations to the cloud, it’s critical that they allocate the necessary resources, including staffing and tools investments, to ensure cloud environment configurations are continually monitored and governed.
Once a decision is made to transfer on-premises data or applications to the cloud, the first step any enterprise should take is to create a dedicated cloud migration team to handle the transition process. This will likely be overseen by a CIO or Cloud Architect but needs to include a full team of cloud architects, engineers, security managers, system administrators and a compliance expert. Having a team that can distinctly handle each of these individual operations creates a smoother transition and makes sure the most critical infrastructure components are properly addressed without any miscommunication.
Next, it’s time to make the very important decision of selecting between a multi- or single cloud environment. Organizations that decide to leverage a single cloud environment are likely utilizing it for a specific application or service, which is a more appropriate option for a smaller company or startup that would benefit from hosting data offsite. Multicloud is a more ideal option for enterprises with an abundance of data that require more workload assistance to remain competitively balanced in the marketplace. This is becoming a widely adopted option as 81% of organizations now work with two or more cloud providers already.
Mapping out the cloud framework
Once there’s a clear pathway for the cloud environment, mapping out key performance indicators (KPIs) and defining the scope of the project will lay the building blocks for an infrastructure that meets specific corporate needs. Think of it as a digital construction project of sorts—the goal is to accurately lay out the new home’s floor plan, ensure it doesn’t have any glaring structural issues and put an estimate on the project costs, factoring in possible curveballs.
Another element that needs to be addressed before configuring what the cloud platform will look like is to assess and analyze the information and data inventory that will be transferred. Much like assessing how much furniture will properly fit into the areas of a house or apartment, and how much leftover storage there is afterwards, this process needs to be handled with great care to make sure information is safely, securely and accurately in place post-migration.
Switching over to production & building the cloud environment
After creating a dedicated team and laying the groundwork for the cloud environment, it’s time to carefully begin transitioning information to the cloud. This is a very intricate process that sounds trivial but is an extremely important part of the entire process, especially when factoring in security.
To do so, organizations should first conduct discovery. It’s imperative for customers to understand their environments so that they can accurately plan and decide on migration candidates, bringing the cloud blueprint to live. Being mindful of dependencies and requirements that would dictate workload placement and configuration settings post-migration. Ideally, this is conducted in a quick and comprehensive manner to avoid delays to the overall project time.
Another requirement is to understand what resources and instances belong to each application or business service so that priorities and appropriate decisions can be made on workload placement, security policies, network configurations and compliance, whilst being cognizant of the application requirements and its purpose within the business.
Once completed, migration options need to be selected based on the discovery research. This can either involve a bi-directional syncing mechanism between on-premises and cloud databases, one-way synchronization or a third-party data-migration service. The cloud architect will play a strategic role in overseeing this transfer process and ensuring that data is mapped to accurate locations to ensure application and data services are unimpacted.
The migration process should by no means be rushed as it can lead to unwanted data loss, increased vulnerabilities and can require network reconfigurations that balloon costs and create additional problems. After production is switched over to the cloud, the data migration process may technically be complete, but the defense aspect is just beginning.
Securing applications and data post-migration
Safety first, literally. This should be the first thing to address once all apps, services and information have been transitioned to the cloud.
The goal for security teams is to minimize the new cloud attack surface as much as possible, either cloud-native security tools or third-party solutions. This is a key area during the planning phase and post-migration, as nearly 1/3 of organizations experience unauthorized access on their cloud platforms.
Establishing clear governance controls that provide enhanced visibility across the entire environment will also bolster defense in cloud environments. Organizations must invest in determining proper permissions to improve decision-making capabilities and operational insight. Creating and enforcing identity and access governance policies help keep sensitive data protected and secure. By strictly designing and limiting cloud access to a highly selective number of users and machines, controls are only granted to those who absolutely need it, eliminating unintentional access.
As a last step and final measure, enact performance, security and disaster testing to ensure the network is prepared should any incident occur. This can be the difference between thwarting an attack and a disastrous breach. Ensuring that these platforms are continuously monitoring security posture is a concluding defense for securing the newly established cloud environment.
By 2022, over 90% of enterprises worldwide will be relying on a mix of on-premises/dedicated private clouds, multiple public clouds and legacy platforms to meet their infrastructure needs. As more organizations move into the cloud and look to move more critical workloads, it’s categorically important that they outline a migration plan that is strategically designed around network defense. Rising cybercrime and damaging data breaches are making security a critical priority for any cloud-based organization, and companies need to take the proper steps to ensure applications, data and network operations are safeguarded.