5 Qs Security Professionals Should ask for Cloud Migration

6 years ago

Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it. But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.

Several flavors of Cloud Offerings

As the Cloud matured, several different models and deployment strategies emerged. Each model offers varying levels of control, flexibility, or management. Along with differing deployment models to suit almost any need. Each of these models also comes with different data security considerations. Two of the more common and early models are Enterprise File Sync and Share (EFSS) and Infrastructure as a Service (IaaS).

In the EFSS space, there are more than 140 cloud providers in the market, all with different business models, features and benefits. The hesitancy to adapt these technologies for many enterprises is a result of the loss of control over security of their data.

When it comes to IaaS, there are many players in this market, but it is primarily dominated by the “Leaders” in the Gartner Magic Quadrant: Amazon Web Services and Microsoft Azure. Cloud Services Providers like Amazon Web Services have a Shared Responsibility Model, leaving the customer ultimately responsible for the security of their data within the cloud.

Key Questions for the Security Pro

As you strategize on your move to the Cloud, what should you be asking yourself? What are the things that you need on your radar so that you can walk the Cloud walk with confidence?

Question 1: What’s driving your migration to the cloud?

Reflect for a moment on the factors that led to the decision your organization came to before moving to the cloud. Was it strictly a technology one? Is it related to Cost, or to Speed, or to Collaboration, or all 3?

While this question seems almost immaterial, it bears more weight to your success than you may imagine. If you don’t understand your drivers, you may struggle to properly determine priority or needs when it comes to your security strategy.

Question 2: What should you be considering when building your security strategy?

Or a better way to frame the question is: have you considered and completed the Cloud Security Checklist? Take time to do some self-reflecting on the following before you take the plunge:

Data Classification
Identity & Access Controls
Regulations and Compliance
Data Security Model
Executive Buy-in

Question 3: How have new Data Security Regulations shaped the Cloud?

If you are looking to move data to the cloud – data that must be protected to meet compliance regulations – you’ll face some additional pressure in your migration. But it doesn’t have to be hard. Many of the larger regulatory agencies and standards boards are amending documentation to assist CSPs and customers on specific cloud needs.

Question 4: What considerations are in a Shared Responsibility Model?

For enterprises moving to the cloud, a shared security responsibility model where the responsibility for data security is split between the Cloud Service Provider and the client presents a large shift from the traditional models that they may be accustomed to. Adjusting to this model requires careful consideration for how security should be addressed.

Who is responsible for which components of security depends on the cloud service model you use, but ultimately it will be a shared paradigm.

Question 5: What are the Best Practices for Reducing Data Security Risks in the Cloud?

Get Executive Buy-in
Identify the regulations and compliances that affect your business
Identify your Encryption and Key Management solution
Establish and apply Identity & Access Control Policies
Establish Auditing & Reporting procedures
Train all users on policies

And last, but certainly not least, there is one thing that is absolutely required. We call it the Golden Rule for Data Protection in the Cloud. To find out what the golden rule is, and more on the 5 questions, watch our on-demand webinar.

Aaron McIntosh

Full Disk Encryption, UEFI, Secure Boot and Device Guard

Coaching: The Key Tool for Successful Support Teams

MFA and Zero-Trust Misconceptions Prevent Effective Solutions

The WinMagic team believes we can revolutionize the cybersecurity of the world. Our latest authentication solution, MagicEndpoint, is ready to…

May 16, 2023

Thi Nguyen-Huu

Device-Level Signals: Framework of Zero Trust Security

The U.S. government is tightening the reins, requiring agencies to comply with Zero Trust architecture (ZTA) by the end of…

April 13, 2023

Garry McCracken

Passkey vs. MagicEndpoint

There are three types of people in the corporate world: Those who think their laptop is just an average computing…

March 27, 2023

WinMagic

A more secure “client” for passwordless authentication

In this article, I’ll introduce a new passwordless authentication thought process: an entirely new “entity” that advanced passwordless solutions should…

March 8, 2023

Thi Nguyen-Huu

What passwordless means for the healthcare sector

This month, we had an enlightening conversation with healthcare specialist, Joy Poletti, who’s worked as the VP of access and…

January 10, 2023

Ryder Gaston