web analytics

GUEST ESSAY: The key to a successful cloud migration – embrace a security-first strategy

Rate this post

Migrating to and utilizing cloud environments – public, hybrid, or multi – is a source of real investment and positive change for businesses. Cloud is the powerhouse that drives digital organizations.

Related: Cloud security frameworks take hold

Gartner predicts that spending on public cloud alone is set to top $500 billion in 2022 – a 20% growth over last year. But often overlooked in the migration process is the significance of a company’s embedded security measures.

For cloud migration programs to succeed in both the short and long-term, organizations must have an established cloud security policy to guide operations in the cloud, identify and mitigate vulnerabilities, and defend against cyberattacks – before a single byte is migrated.

But where should you begin? Following these steps will help you lay the foundation for a secure and sustainable cloud strategy.

•Design with security first. Although moving to the cloud should follow a standardized approach, the order of operations is often prioritized in favor of rapid results, not security. When security becomes an afterthought, best practices are overlooked, mistakes are made, and vulnerabilities are introduced that can result in significant risk, cost and breaks later.

By considering security first (not a detail to be added on later) and fully grasping cloud technology and risk exposure, your organization can ensure that the cloud architecture is secure before any data is migrated off-premises. It may slow the start but designing with security-first in mind can save you a lot of trouble down the road. For example, companies must plan to secure the perimeter with access protocols and controls – something that is very hard to do once systems are in use.

•Avoid using the same security measures as you do on-premises. Security controls will be a major aspect of your cloud security policy. While it’s essential to consider the security measures you use on-premises – don’t simply replicate them in the cloud. Instead, assess the security controls of your cloud vendor, specifically their identity and access management offerings – both of which increase security and convenience, if done right.

•Adopt a layered approach. A multi-layered defense is an essential component of any winning cloud cybersecurity posture. From the simplest protections like anti-virus, multi-factor authentication, patch management software, and employee security awareness training to the most advanced features like SIEM and conditional access, adding layers provides a vital safety net should something fall through the cracks.

As the business grows and new threats emerge, you can evolve and layer in additional controls as needed. The trick is not to go tool-crazy. Visibility into your cloud security posture is critical, but if it takes an army to sift through dashboards and alerts, things can quickly become unmanageable. Layer, but ensure good integrations of security information across your controls for full-stack observability.

•Know where your data resides – and what’s most critical. Knowing where your cloud data is stored (especially your most sensitive data) can help inform your security policies and meet compliance obligations, such as keeping data within domestic borders. As you craft your cloud security policy, ask your provider where your data is located geographically and if it is likely to be moved around different data centers to increase latency, meet SLAs, or mitigate data loss.


What controls are in place to protect data as it moves? Also, prioritize what kinds of data is most important. By identifying the “crown jewels” in your data, you’ll be able to make better decisions on tools, time and talent regarding your security program. After all, if you don’t know what or where your most sensitive is stored, you can’t protect it.

•Revisit your policy often. At a minimum, plan to review your cloud security policy annually. However, if you plan several digital transformation projects or operate in an agile environment where applications are developed or updated rapidly, such as two-week sprints, consider tying your policy review to your rate of change. This will also likely be a compliance related need as regulations – such as the new proposed SEC rules – take shape.

•Make it sustainable. A cloud security policy can help keep cloud data protected and improve your ability to respond to threats quickly. But these measures must also be sustainable. You can’t reap the benefits of the cloud if you don’t make security a priority from the start. And for that you must cultivate a security-first mindset to migrations and future digital transformation.

About the essayist: Steve Schoener is Chief Technology Officer,  at ECI. Prior to ECI, he was head of IT for DW Investment Management in New York; he also previously was at UBS Investment Bank as an associate director. Schoener holds a computer science degree from State University of New York at Albany.

Leer másThe Last Watchdog


advisor pick´S post

More Latest Published Posts