What are the security risks of enterprise cloud migration and how can they be mitigated? What are some specific...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
pitfalls companies should be aware of when they move systems or applications to cloud platforms, and how can they ensure a secure cloud migration?
One of the main risks involved in a cloud migration is that the apps or systems that worked well in the physical, on-premises IT environment can often fail on a cloud platform. Security and performance issues that were fixed or weren't visible in house may reappear in the cloud.
Some enterprises assume all cloud providers have security tools to protect sensitive data against cloud attacks. However, cloud users have limited or no control over the security tools providers use to make cloud services more secure.
Ransomware is another concern in ensuring a secure cloud migration. In a November 2016 survey, Check Point Software Technologies found most of the companies it surveyed were "concerned about recent ransomware attacks." The respondents perceived corporate data residing in the cloud as vulnerable to hacked APIs, data breaches and denial-of-service attacks. They also felt that corporate data wasn't properly protected from ransomware attacks.
Here are three potential migration pitfalls and recommendations to ensure a secure cloud migration:
1. APIs for apps that ran well in house are hackable.
To avoid this, the company should check APIs for vulnerabilities in a test environment. App behavior should be changed to mitigate the risks of APIs being hacked in the cloud.
2. The security tools provided by the cloud providers don't protect corporate data.
To ensure a secure cloud migration, the company should implement plans and policies on data protection tools. A cloud provider should give the company a list of security tools. The list should help determine what additional security tools are needed to protect the company's data.
3. Well-behaved apps and systems in the cloud need audits.
The company should perform periodic audits to mitigate the risks of exploiting new vulnerabilities that could lead to denial-of-service or other types of attacks. The audits should help the company ensure plans, policies and security controls are properly in place.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Cloud Patch Management and Cloud Configuration Management
Related Q&A from Judith Myerson
A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what ...continue reading
Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses ...continue reading
Expert Judith Myerson explains how IP theft can happen despite the cryptographic protections in IEEE standard P1735, as well as what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.