Cloud Migration: Moving Your Security Mindset Along with Your Data
Jan 13, 2020
Migrating our data to the cloud to digitally transform and streamline your IT environment is easier than ever. Cloud security is in a place where it is stronger than on-premise security and The Big Three – AWS, Microsoft, and Google – have more access to resources and personnel than you can ever dream of. For infrastructure security, they’re the best.
So why are so many companies still concerned with moving their data to the cloud? Because it is not only about security of the cloud, it is also about being able to secure yourself in the cloud, using the right architectures and technologies and taking the company through a shift in mindset.
For example, the physical location of the cloud’s data center needs to be considered. Certain regions’ data centers are more prone to allow governmental organizations access to the cloud-stored information, and different regions have different laws in place regarding minimum security requirements and data protection.
Another critical element to make sure you get right are access credentials. Issues with access credentials are causing major security breaches. In this case, migration to the cloud creates more security risk – no matter the cloud vendor or their own infrastructure security levels. The blame for this one is on the nature of the cloud itself combined with the weakest link in any security solution – us.
No physical barrier exists between the organization and the data store anymore.They are simply connected via the Internet. Since the cloud resources are publicly available, so is access to the data stores. Therefore, the importance of protecting access credentials is critical.
The latest breach in Capital One is a a classic example of the critical nature of protecting credentials. A miss-configured WAF was assigned too many permissions, allowing the attacker who took control of the WAF to access all the files and read their contents – 100 million consumer credit applications.
Recently, a researcher scanned GitHub repositories looking for AWS S3 access credentials in public source code. More than 100,000 different access buckets around the world were available. While some were no longer working, the ones that were could still be used to access “secure”corporate data on the cloud.
Security becomes an issue due to the differences between cloud technologies and “traditional” applications. When redeploying existing components into the cloud, the DevSecOps team needs to review the existing application infrastructure and ensure that it is not only leveraging all the possibilities of the cloud but also ensuring that the security infrastructure is still appropriate.
Theoretically,when someone decides to redeploy in the cloud, the whole system can be transferred “as is,” with existing perimeters and security models and so on.
While this type of architecture makes the existing “on-prem” data center run in the cloud,it doesn’t benefit from the main features of cloud services – scalability and elasticity.It gets only the very basic infrastructure with the complex maintenance,software, and hardware costs converted into simple all-in-one fee.
Cloud transition is not just a physical but an architectural change. You need to break the perimeter to truly benefit. Applications and data are deployed across different cloud vendors and services, perimeters,and environments, and they need to be protected.
Your developers, managers, and administrators need to be well versed in these new technologies, processes, operational design, and principles involved in cloud security. Security within this “new world” requires completely new ways of thinking and designing the architecture.
Hope you found our content interesting. We always appreciate getting feedback and discussing our ideas, please feel free to drop us a line, we make sure to answer everyone - [email protected]