Juan Perez-Etchegoyen, CTO at Onapsis, imparts his years of experience working with the cloud in order to provide a blueprint for corporate cloud migration.
Conducting businesses in the digital age means that companies are responsible for processing vast volumes of data. Storing and processing this data comes with added risks as regulators across the globe have come to expect high standards of data protection and can enforce these standards with large fines.
In order to comply with increasingly high levels of regulation and high volumes of data to process, businesses are beginning to turn to the cloud and software as a service in an attempt to streamline business processes.
Migrating to the cloud means that companies are undergoing a digital transformation, often incorporating multiple cloud services into their ecosystem. While there are countless cloud providers, there are several issues that broadly affect users at various stages of cloud migration.
In my experience I am often asked several questions about migrating business-critical applications to the cloud, so to answer them, I have drawn on my experience to outline some key principles of cloud migration in order to guide businesses on their journey to cloud migration.
The biggest challenge that companies face when migrating to the cloud is a lack of visibility, a loss of control. Migration means moving some of the most business-critical data and application away from your premises, to a third-party with different hardware, equipment and processes.
Many businesses will have different cloud migration paths and strategies, with the hybrid cloud model often being favoured. This sees portions of business applications remaining on premise while simultaneously creating strategic partnerships with providers such as Amazon Azure, Google and Oracle SAP cloud, depending on the specific needs of the business.
From an organisational perspective, as you grow in size and complexity, superseding geographical locations, acquiring international suppliers and customers, there are different expectations of what security means. This complicates efforts to unify compliance and security posture around business applications.
This is more pertinent when considering international regulatory expectations and how they differ globally from GDPR in Europe, to CCPA in California to name but a few.
Migrating to the cloud has several key benefits: Increased efficiency, accessibility and greater storage and processing potential are all positive factors. However, one of the most significant benefits of cloud migration, from a security standpoint, is the fact that you don’t have to patch.
Historically, companies have done a bad job of maintaining security patches on critical business applications because they are so important that any down time would be catastrophic. This means that before patches are applied, regardless of how critical they are, security teams conduct extensive and expensive research into the effects of downtime.
Having a provider deal with patches as standard is a serious benefit, particularly as configuring business applications is one of the most complex processes for security teams.
While cloud computing has numerous benefits, there are some vulnerabilities that are inherent to the complexity of business-critical applications that must be managed. Relying on multiple cloud providers can complicate the issue of identity and access management.
This is because it is essential that specific privileges are assigned to the right people. Failure to do so can result in serious security problems across several platforms regardless of what technology is running underneath. This may lead to problems such as insider threat and even insider trading if controls aren’t widely in place.
A further concern is that 64% of the corporations that rely on Oracle or SAP for their critical ERP applications have reported an ERP-related breach in the past 24 months. This is because the data that is stored in cloud-based systems is incredibly valuable to criminals for a multitude of reasons. Personally identifiable information, bank account numbers and credit card details can be resold on the dark web with little or no technical savvy.
Furthermore, valuable information such as IP addresses, vendor and customer information and even insight about how the company operates can be invaluable to competitors. A wide variety of precious information is stored on cloud premises and if they are not properly secured or maintained then there are serious risks.
This risk isn’t just exclusive to businesses either. It can affect the companies in your supply chain, stakeholders or people that work closely with the company. In my experience, companies have been compromised because one of their business partners suffered a breach.
Therefore, it is essential to remember that even if your data isn’t on premises, it is still your data and should never be neglected.
Establishing a pathway for cloud migration
In my experience, the sooner security and compliance are incorporated into the migration process, the better results you’ll have. Cloud security is much more than just adding a blocker in the last hour.
Holistic security measures can accelerate the migration process because the sooner you integrate security and compliance as standard, the better and less expensive it becomes to actually fix initial security problems.
Deploying heavily compliant systems means that there is a low tolerance of risk for the data being stored. The critical nature of information means that not just from a business persecute, but also a client perspective and legislative means that it’s the kind of data that GDPR and CCPA are interested in.
Financial data, PCI DSS, Credit card information, all of these different regulations that mandate the right processes and controls in place from a security perspective are not an option. They are something that you must do to ensure a seamless cloud migration pathway.