5 Qs Security Professionals Should ask for Cloud Migration

Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it.  But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.

Several flavors of Cloud Offerings

As the Cloud matured, several different models and deployment strategies emerged. Each model offers varying levels of control, flexibility, or management.  Along with differing deployment models to suit almost any need.  Each of these models also comes with different data security considerations. Two of the more common and early models are Enterprise File Sync and Share (EFSS) and Infrastructure as a Service (IaaS).

In the EFSS space, there are more than 140 cloud providers in the market, all with different business models, features and benefits. The hesitancy to adapt these technologies for many enterprises is a result of the loss of control over security of their data.

When it comes to IaaS, there are many players in this market, but it is primarily dominated by the “Leaders” in the Gartner Magic Quadrant: Amazon Web Services and Microsoft Azure. Cloud Services Providers like Amazon Web Services have a Shared Responsibility Model, leaving the customer ultimately responsible for the security of their data within the cloud.

Key Questions for the Security Pro 

As you strategize on your move to the Cloud, what should you be asking yourself? What are the things that you need on your radar so that you can walk the Cloud walk with confidence?

Question 1: What’s driving your migration to the cloud?

Reflect for a moment on the factors that led to the decision your organization came to before moving to the cloud. Was it strictly a technology one? Is it related to Cost, or to Speed, or to Collaboration, or all 3?

While this question seems almost immaterial, it bears more weight to your success than you may imagine.  If you don’t understand your drivers, you may struggle to properly determine priority or needs when it comes to your security strategy.

Question 2: What should you be considering when building your security strategy?

Or a better way to frame the question is: have you considered and completed the Cloud Security Checklist? Take time to do some self-reflecting on the following before you take the plunge:

  • Data Classification
  • Identity & Access Controls
  • Regulations and Compliance
  • Data Security Model
  • Executive Buy-in

Question 3: How have new Data Security Regulations shaped the Cloud?

If you are looking to move data to the cloud – data that must be protected to meet compliance regulations – you’ll face some additional pressure in your migration. But it doesn’t have to be hard.  Many of the larger regulatory agencies and standards boards are amending documentation to assist CSPs and customers on specific cloud needs.

Question 4: What considerations are in a Shared Responsibility Model?

For enterprises moving to the cloud, a shared security responsibility model where the responsibility for data security is split between the Cloud Service Provider and the client presents a large shift from the traditional models that they may be accustomed to.  Adjusting to this model requires careful consideration for how security should be addressed.

Who is responsible for which components of security depends on the cloud service model you use, but ultimately it will be a shared paradigm.

Question 5: What are the Best Practices for Reducing Data Security Risks in the Cloud?

  • Get Executive Buy-in
  • Identify the regulations and compliances that affect your business
  • Identify your Encryption and Key Management solution
  • Establish and apply Identity & Access Control Policies
  • Establish Auditing & Reporting procedures
  • Train all users on policies

And last, but certainly not least, there is one thing that is absolutely required. We call it the Golden Rule for Data Protection in the Cloud. To find out what the golden rule is, and more on the 5 questions, watch our on-demand webinar.