How to Take a Security-First Approach to Cloud Migration
Cloud adoption was on the rise well before 2020, and it’s only accelerated as organizations seek greater agility and resiliency. Gartner now predicts that “enterprise IT spending on public cloud computing…will overtake spending on traditional IT in 2025.” By 2025, over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021.
The cloud offers great promise…and new risks. Organizations find promise in having better protection over a greater portion of their security surface and dynamic intelligence that enhances threat detection and response. But, as organizations plan their move to the cloud, they face a stark problem: the security practices built for their on-premises environments are no match for a software-based, tightly integrated cloud environment. The challenge for organizations is to evolve their people, processes and technology stacks and take a security-first approach as they shift to cloud computing.
5 Tips for a Secure Cloud Migration
- Assemble the right team
Make sure that anyone impacted by a migration—decision makers, IT specialists, security managers, legal advisors, etc.— has a place at the table. If the IT team lacks the needed skills, consult external security experts for help.
- Build a migration plan
Migrations are notoriously complex, making careful planning essential. A solid plan addresses the migration strategy, cloud type, which apps and data will be moved and how, who will be involved when, and how risks will be managed. It should also include provisions for:
- Adapting existing on-premises security policies to the cloud and adopting industry best practices.
- Evaluating which regulatory requirements apply to your data so you can avoid penalties later.
- Performing an application rationalization to determine which applications should be kept, replaced, re-platformed, retired or consolidated.
- Inventorying all licensing, maintenance and support contracts to determine migration timeline and priority.
- Discovering and mapping application dependencies to determine the best migration approach.
Assessing the value of legacy apps and equipment is crucial to this process. Some apps may not be easily migrated to the cloud and may run better on upgraded on-premises infrastructure. Some on-prem infrastructure may be more “friendly” to the cloud. Often, leaving legacy systems behind and starting fresh can help standardize and simplify your infrastructure and accelerate the migration— providing greater business agility. Assessing the value of upgrading (or not) is critical to migration planning.
- Understand the shared responsibility model
Make sure to go over the agreement thoroughly with your CSP to understand your shared responsibilities.
- Encrypt all data
Encrypt data both at rest and in transit using secure protocols, such as HTTPS, to ensure security on-premises and in the cloud. Using a Zero Trust framework from the start, for example, ensures that security is built in, not tacked on later. With Zero Trust, data is encrypted at rest and in transit and access to that data is also protected through authentication and authorization.
- Keep communication flowing
Clearly discuss goals, requirements and issues throughout the process with migration team members to minimize downstream risks and maximize success.
If you are interested in providing content for LevelUp, please contact Aimee Chouinard, Manager of Copy and Content for the TD SYNNEX Creative Group at firstname.lastname@example.org.