What are the security risks of enterprise cloud migration and how can they be mitigated? What are some specific...
pitfalls companies should be aware of when they move systems or applications to cloud platforms, and how can they ensure a secure cloud migration?
One of the main risks involved in a cloud migration is that the apps or systems that worked well in the physical, on-premises IT environment can often fail on a cloud platform. Security and performance issues that were fixed or weren't visible in house may reappear in the cloud.
Some enterprises assume all cloud providers have security tools to protect sensitive data against cloud attacks. However, cloud users have limited or no control over the security tools providers use to make cloud services more secure.
Ransomware is another concern in ensuring a secure cloud migration. In a November 2016 survey, Check Point Software Technologies found most of the companies it surveyed were "concerned about recent ransomware attacks." The respondents perceived corporate data residing in the cloud as vulnerable to hacked APIs, data breaches and denial-of-service attacks. They also felt that corporate data wasn't properly protected from ransomware attacks.
Here are three potential migration pitfalls and recommendations to ensure a secure cloud migration:
1. APIs for apps that ran well in house are hackable.
To avoid this, the company should check APIs for vulnerabilities in a test environment. App behavior should be changed to mitigate the risks of APIs being hacked in the cloud.
2. The security tools provided by the cloud providers don't protect corporate data.
To ensure a secure cloud migration, the company should implement plans and policies on data protection tools. A cloud provider should give the company a list of security tools. The list should help determine what additional security tools are needed to protect the company's data.
3. Well-behaved apps and systems in the cloud need audits.
The company should perform periodic audits to mitigate the risks of exploiting new vulnerabilities that could lead to denial-of-service or other types of attacks. The audits should help the company ensure plans, policies and security controls are properly in place.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Cloud Patch Management and Cloud Configuration Management
Related Q&A from Judith Myerson
A swatting attack resulted in the death of a Kansas man. Expert Judith Myerson looks at the technology these attacks use and what can be done to make...continue reading
The Devil's Ivy bug affects millions of internet-connected security cameras. Expert Judith Myerson explains how the exploit works and what can be ...continue reading
An IoT botnet attack on Huawei home routers showed similarities to the Mirai malware. Expert Judith Myerson explains the threat and how enterprises ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.