According to Cisco, 93% of workloads will be in the cloud by 2020. This is easy to believe when you consider the number of businesses migrating to the cloud each day. Unfortunately, these migrations do not always go smoothly. There’s an increased risk of data loss during migration, as well as a risk of misconfiguration, both of which could result in a data breach.
To minimize these risks, it’s important to take security precautions through all phases of your migration. In this article, you’ll learn what your options are for migrating to the cloud and some tips for secure cloud migration.
Cloud Migration Options
Before you can begin making a plan for a secure migration, you should decide what kind of cloud you wish to migrate to. You should also decide how you will migrate to the cloud you choose.
While evaluating options, there are three varieties of cloud environments to choose from:
- Public—resources are owned and managed by a third-party cloud service provider. Hardware, storage, and network devices are shared with other customers and all data is accessed through an Internet connection.
- Private—resources are either owned and maintained by you or by a third-party. Resources are not shared with other cloud customers and may be stored on-premises or off-site. Connectivity depends on location.
- Hybrid—combination of public and private cloud resources.
When migrating data, there are three main cloud migration strategies you can use. Often, businesses choose to use a combination of methods based on the data and workloads they need to move. Here’s a review of three popular migration strategies:
- Rehosting (aka Lift and Shift)—the simplest and fastest way to move to the cloud. Data and applications are moved “as is” to cloud environment. Rehosting is often used as an initial step towards replatforming.
- Replatforming—requires modifying parts of applications or entire applications to fit cloud infrastructure. Replatforming enables you to optimize applications for the cloud but requires the expertise of app architecture and source code.
- Refactoring—involves redesigning applications to be cloud-native. Refactoring grants full cloud benefits of flexibility and scalability but requires significant programming expertise and time.
It is also possible for businesses to use third-party services as part of their cloud migration strategy. These services can be fully managed, with the third-party service handling refactoring or replatforming.
Third-party services can also simplify configuration, data transfer, or data recovery aspects. Often, these services involve an appliance that is connected to both on-premise data centers and the cloud.
5 Tips For a Secure Migration
The following tips should help you ensure that your cloud and your data are secure throughout your migration.
1. Understand the Shared Responsibility Model
Cloud providers operate under a shared responsibility model. In order to ensure that your migration is secure, you need to understand the aspects you are responsible for in this model.
Your responsibilities depend on the type of cloud services you choose to use: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). The following chart highlights how this responsibility splits between the three models:
|Cloud User||Endpoints, data||Endpoints, data, applications||Endpoints, data, applications, operating system, middleware|
|Cloud Provider||Hardware, storage, network, virtualization, operating system, middleware, applications||Hardware, storage, network, virtualization, operating system, middleware||Hardware, storage, network, virtualization|
Thankfully, most providers offer resources and services for securing the aspects of your cloud that you are responsible for. These services are cloud-native and often include more robust security measures and expertise than you can provide on your own.
The commonality among each of these options is data. With that in mind, it is imperative that proper visibility is architected into the overall solution since that responsibility cannot be transferred to the cloud provider.
Ensuring proper visibility can be more complex in the cloud since unique risks exist over an on-premise solution. However, if broken down into requisite components like access management, secure data storage/transit, API access controls, and data flow monitoring, you can find an approach that meets or exceeds your organization’s security needs.
2. Consider a Phased Migration
Transferring your data in a phased migration can benefit security by allowing your team to develop familiarity with cloud systems. By starting with low priority data, you are able to unload some of your storage resources with controlled risk. You can test your configuration and identify any bugs or gaps in security before transferring higher priority or confidential data.
A phased migration often involves less time pressure and a slower onboarding of users. A more relaxed pace means that you are less likely to accidentally leave storage buckets unsecured or grant unnecessary privileges.
3. Understand Compliance Requirements
When migrating to the cloud, you need to know what regulatory requirements, if any, apply to your data. This is especially important if you are part of a highly regulated industry, like healthcare or commerce. You should determine how to meet requirements for storage, encryption, and backup, as well as transfer.
Many providers have compliance certifications for the most common regulations, such as HIPAA, PCI-DSS, and GDPR. Even with these certifications, you might need to remove personally identifiable information before you migrate.
Some regulations may require that you keep data on-site only. While cloud providers have tools to help you meet compliance, you are the one who will be fined if compliance is not met.
4. Encrypt Your Data
When migrating to the cloud, your data needs to be encrypted both at-rest and in-transit. Data is most vulnerable when exposed to the Internet, so make sure to use secure transport protocols (like HTTPS) during any data transfers.
You may also consider transferring data via an appliance, either available through your provider or a third party. If you select this option make sure that data is encrypted before it leaves your facility. In general, when transferring data, you should encrypt your storage device before transferring data onto it.
5. Centralize Your Monitoring
Cloud-connectivity can mean an increase in opportunity for attacks as well as an increase in speed and number. You will need to account for these threats, as well as continue to protect your existing systems.
As you migrate, and often after, you will have security tools operating both on-premises and in the cloud. Centralizing the management and use of these tools will make it significantly easier for your security team. It can help them identify and respond to threats and vulnerabilities more quickly and consistently.
To maximize the effectiveness of your security team, consider adopting a Security Information and Event Management (SIEM) solution. SIEMs enable you to centralize alerts and logging and often incorporate analytics, machine learning, and automation. The combination of these features enables you to automate detection and response and aids in analyzing attacks.
The security of your migration will depend on the type of cloud you choose, the provider, and the specific steps you take. Build security into your migration strategy. After migrating, actively monitor your systems to assure that your data is kept safe. You can also take advantage of the security tools and resources available to you.
The best practices that providers establish are based on their own expertise and the experiences of other customers. Taking a little extra time beforehand to consider security can save you time, effort, and ensure customer trust down the line.