By Hila Meller, Managing Director Global Security Sales, BT Group
With unprecedented need for scale, flexibility, and access to data and applications, organizations are turning toward cloud to remain competitive in a rapidly changing business environment. According to IT company Flexera’s annual “State of the Cloud” report, 59 percent of enterprises expect their usage of the cloud to exceed their prior plans from before the COVID-19 outbreak in the United States.
As organizations migrate to the cloud, they also expose themselves to a myriad of ever-evolving risks. Without a clear cloud migration strategy, they risk major issues like overspending, unwanted latency, data loss, and—of particular concern—security threats.
The good news is that putting a proper plan in place can mitigate looming security concerns that come with a move to the cloud. Here are three critical measures for IT leaders to take when preparing for the move.
Assess the risk landscape
As organizations deploy cloud-first approach, they not only need to protect data and applications in the cloud, but also those remaining on-premise. The fact is that as an organization rolls out cloud-based solutions – often across multiple clouds – everything becomes more complicated.
One key reason: Private, public, and hybrid environments are limited in their ability to communicate with each other or with older systems and software. Businesses that do not approach security in this hybrid environment in an integrated manner are in danger exposing their operations to a number of risks, including cyber-attacks, compliance issues, and shadow IT.
To assess risk, organizations must first identify sensitive data and assets. This requires an end-to-end view of the IT infrastructure to identify, catalog, and prioritize all digital assets, and comprehending how the assets relate to one another. It’s also important to know which workloads are moving to the cloud and how those workloads are being shared and used across the organization.
Asset management changes in the cloud, extending it beyond your physical devices or information. This change makes it more important than ever to understand where data resides. An enhanced focus on critical cyber hygiene, such as asset management, inventory management, vulnerability, and configuration management, allows you to understand where valuable information is stored, where vulnerabilities exist, and how to properly secure everything.
Although it’s a big undertaking, a complete view across all apps, data, and the entire network is critical for making more informed, calculated decisions that will help eliminate security threats associated with migration.
Invest in employee training
Although cloud-based platforms are generally more secure than traditional on-premise solutions, employees remain the biggest single security risk. Humans just don’t always make good decisions or understand the consequences of their actions.
To ensure proper security, organizations must ensure employees are trained on necessary security protocols that come with migrating to the cloud—from secure access controls to data protection to continuous monitoring tools.
Also, it’s not uncommon during a cloud transformation for shadow IT to raise its head. Shadow IT is the unsanctioned use of software, hardware, or other systems without the IT department knowing about it. This typically occurs in one of two ways: Either an employee stores corporate data using an unapproved tool or uses an approved tool in an unauthorized way (for example, logging in to Google using a personal account). Shadow IT increases the risk of data breaches and creates major headaches for IT.
Employees must be educated on the consequences of not following the right protocol. This is particularly important during the move to the cloud. While
Find a solution that fits your business model
Given that the cloud is software defined—whereas an old data center probably isn’t—some in-house IT departments lack the essential skills and understanding to properly construct digital foundations. Keeping digital architecture up to date, especially with the evolution of hyperscalers and the ability of an architecture to scale can be a challenge.
Cloud products and services change on a regular basis, and it’s not unusual for hyperscalers to issue updates daily. This can quickly become overwhelming. Finding the right IT personnel to manage this task can be daunting. Outsourcing or scaling in house can be expensive, too. In fact, choosing the wrong team is the top mistake organization make that leads to skyrocketing costs during cloud migration, according to Gartner. Having the right people with the right skillsets and knowledge onboard from the start makes for a smoother, more efficient cloud transformation. Strong in-house teams are important, but they also often require additional technical support. Fortunately, solutions are available to help the people in your organization analyze end-to-end IT infrastructure as they identify, migrate, and manage cloud workloads. Insights across applications, data, and network and cloud monitoring tools help you make better decisions and eliminate many of the security risks that can arise during cloud migration.
While migration to the cloud can be challenging and messy—and potentially expose an organization to security threats—a thoughtful, calculated approach to the transition can successfully mitigate the risks. Understanding where data resides, ensuring employee cooperation, and having outside expertise on hand can significantly reduce potential threats. And let’s not forget; the benefits of the transformation outweigh the potential risks, especially when there’s a proper plan in place to protect data and systems every step of the way.
Hila Meller leads BT’s global security sales teams, helping customers protect their data and assets using world class solutions developed by BT’s 3000-strong team of cyber security experts. She is an advocate for Women in Cyber and the co-founder of the global movement Leading Cyber Ladies, and a frequent speaker at international conferences and events. Learn more about BT Security.