What are the security risks of enterprise cloud migration and how can they be mitigated? What are some specific...
pitfalls companies should be aware of when they move systems or applications to cloud platforms, and how can they ensure a secure cloud migration?
One of the main risks involved in a cloud migration is that the apps or systems that worked well in the physical, on-premises IT environment can often fail on a cloud platform. Security and performance issues that were fixed or weren't visible in house may reappear in the cloud.
Some enterprises assume all cloud providers have security tools to protect sensitive data against cloud attacks. However, cloud users have limited or no control over the security tools providers use to make cloud services more secure.
Ransomware is another concern in ensuring a secure cloud migration. In a November 2016 survey, Check Point Software Technologies found most of the companies it surveyed were "concerned about recent ransomware attacks." The respondents perceived corporate data residing in the cloud as vulnerable to hacked APIs, data breaches and denial-of-service attacks. They also felt that corporate data wasn't properly protected from ransomware attacks.
Here are three potential migration pitfalls and recommendations to ensure a secure cloud migration:
1. APIs for apps that ran well in house are hackable.
To avoid this, the company should check APIs for vulnerabilities in a test environment. App behavior should be changed to mitigate the risks of APIs being hacked in the cloud.
2. The security tools provided by the cloud providers don't protect corporate data.
To ensure a secure cloud migration, the company should implement plans and policies on data protection tools. A cloud provider should give the company a list of security tools. The list should help determine what additional security tools are needed to protect the company's data.
3. Well-behaved apps and systems in the cloud need audits.
The company should perform periodic audits to mitigate the risks of exploiting new vulnerabilities that could lead to denial-of-service or other types of attacks. The audits should help the company ensure plans, policies and security controls are properly in place.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Cloud Patch Management and Cloud Configuration Management
Related Q&A from Judith Myerson
VPN vulnerabilities in products from popular vendors were recently found to enable serious threats. Discover how detrimental these threats are and ... Continue Reading
The Department of Homeland Security warned of a vulnerability affecting WAGO PFC200 logic devices. Discover how this flaw enables threat actors with ... Continue Reading
Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.