What are the security risks of enterprise cloud migration and how can they be mitigated? What are some specific...
pitfalls companies should be aware of when they move systems or applications to cloud platforms, and how can they ensure a secure cloud migration?
One of the main risks involved in a cloud migration is that the apps or systems that worked well in the physical, on-premises IT environment can often fail on a cloud platform. Security and performance issues that were fixed or weren't visible in house may reappear in the cloud.
Some enterprises assume all cloud providers have security tools to protect sensitive data against cloud attacks. However, cloud users have limited or no control over the security tools providers use to make cloud services more secure.
Ransomware is another concern in ensuring a secure cloud migration. In a November 2016 survey, Check Point Software Technologies found most of the companies it surveyed were "concerned about recent ransomware attacks." The respondents perceived corporate data residing in the cloud as vulnerable to hacked APIs, data breaches and denial-of-service attacks. They also felt that corporate data wasn't properly protected from ransomware attacks.
Here are three potential migration pitfalls and recommendations to ensure a secure cloud migration:
1. APIs for apps that ran well in house are hackable.
To avoid this, the company should check APIs for vulnerabilities in a test environment. App behavior should be changed to mitigate the risks of APIs being hacked in the cloud.
2. The security tools provided by the cloud providers don't protect corporate data.
To ensure a secure cloud migration, the company should implement plans and policies on data protection tools. A cloud provider should give the company a list of security tools. The list should help determine what additional security tools are needed to protect the company's data.
3. Well-behaved apps and systems in the cloud need audits.
The company should perform periodic audits to mitigate the risks of exploiting new vulnerabilities that could lead to denial-of-service or other types of attacks. The audits should help the company ensure plans, policies and security controls are properly in place.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Cloud Patch Management and Cloud Configuration Management
Related Q&A from Judith Myerson
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works ... Continue Reading
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it ... Continue Reading
The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.