While cloud adoption has become the norm, too many organisations start their journey without a clear strategy to steer their migration. The first casualty, inevitably, is security. Without the right precautions, data, applications, servers and networks are all vulnerable. However, it can also create the misconception that the cloud is less secure than the data centre when, in fact, the opposite is the case.

It is time to review your current security strategy and architecture to check that it is fit for purpose with the adoption of new cloud services.  Once you have your security strategy in place, it will form the basis of your security requirements for implementation in the cloud.

A comprehensive, preplanned security strategy is central to any cloud migration. It protects the company from both external and internal attack and will help encourage the buy-in needed from company leadership.

Fail to prepare, prepare to fail

The cloud offers secure systems, applications and data at a fraction of the cost of installing them on-premise. It delivers encryption, advanced identity and access management, the reduction of human error as well as automated resource logging and inspection. It is no wonder that only one per cent of UK organisations has suffered a security breach in the cloud.

Yet, when a high-profile data breach occurs it is often the cloud platform of the business that receives the lion’s share of the blame. More often than not, the real problem lies in the company’s failure to prepare adequately for the cloud, whether technically, culturally or procedurally.

Many organisations take a surprisingly devil-may-care approach to cloud adoption. Their security strategies are not fit for purpose, and they move onto the cloud in the hope that they can iron out any difficulties as they appear. Instead, organisations should ensure systems are cloud-ready before shifting their data, services and applications across.

The cloud is not a panacea for existing security weaknesses – it requires a security architecture and strong internal security policies to achieve its potential for a more secure processing environment. Implementers should first plan out the full cloud infrastructure, which will tell them what is needed from a security perspective. They will have to decide where their data is stored, where their applications are run and what is needed to protect them. A complete security design is needed from the very beginning.

Before the migration begins, you must ensure all cloud accounts and user permissions are in place. The public cloud can be accessed by anyone with an internet connection or VPN, so the correct authorisations should be set up to prevent your crucial data being compromised or your services disrupted by any bad actors.

Remember also that you cannot simply migrate your existing anti-virus or firewall to the cloud. They are unlikely to have been designed for the cloud or their licenses will not be cloud-friendly. Updating or replacing them will require product and device selection, but it is essential to maintaining a strong perimeter. However, you may also choose to boost your response to security incidents and events by going down the increasingly popular route of outsourcing your security incident and event management to (SIEM) providers

Expectation meets reality

Most cloud migrations will require some level of challenging the status quo. Readying the business for the cloud may cause existing spending plans to change. Yet, when done properly, the process is never confrontational.

Not every challenge will be technical – in fact, the hard, technical aspects of migration are often the easy ones. Instead, the challenges are often cultural and perceptions.  Situations that people do not understand are often viewed as threats and generate opposition.  Change its self often creates opposition you may find opposition from the company’s business and financial decision-makers as well as the incumbent security team. Most stakeholders will not have undertaken a cloud migration before, and we all fear the unknown. Ultimately, it is down to cloud advocates to defuse conflicts by acting as educators and guiding the rest of the business through the implementation.

The process of migration should be measured, gradual and always iterative. Many organisations set themselves up for failure by lacking the capabilities to properly test their applications in the cloud. Testing is an invaluable way of uncovering issues before they can harm you in deployment. The pressure will be on to migrate as quickly as possible, but implementers should always take the time to test before deployment.

Proper training is also an important part of preparation. As many as 28 per cent of data breaches is down to employee negligence or the actions of a malicious insider. In a public or private cloud environment, this danger still remains. Security awareness must be a top priority, and all employees should be trained on your updated policies and the consequences of exposing the company to a data breach.

When migrating to the cloud, you reap what you sow. Your company cannot enjoy the benefits of the cloud without first ensuring that it is safe and secure. This is best done during the migration phase, but only if the business is willing. It is up to implementers to remind them that investment now will pay dividends later.

Written by Richard Latham, Principal Consultant at KCOM

The post The great cloud migration – keeping it secure appeared first on DevOps Online North America.

The incident was first reported yesterday at 00:52, and was unresolved by 19:18.

Google wrote in a statement at 06:00: “We are determined the infrastructure component is responsible for the issue and mitigation work is currently underway.”

At 08:30 the message changed: “We have identified the event that triggers this issue and are rolling back a configuration change to mitigate this issue.”

Google stated it was carrying “further measures to completely resolve the issue”, once the change was implemented, half an hour after.

Afterwards, Google advised users to do the following:

• Create a new TargetPool.
• Add the affected VMs in a region to the new TargetPool.
• Wait for the VMs to start working in their existing load balancer configuration.
• Delete the new TargetPool.
• DO NOT delete the existing load balancer configure, including the old target pool.
• Create a new ForwardingRule.

According to The Register, Google admitted that it was source of the issue through an update of its own.

Google also broke its own cloud in April 2016, July 2016, August 2016 and September 2016.

Written by Leah Alger

The post Google in the clouds for 18 hours appeared first on DevOps Online North America.

With the cloud helping detect new threats, the network uses a continuous data exchange, including malicious programmes and websites that could pose a threat to a company’s security.

Kaspersky claimed that false positive rate detection is low because of platform process data being used by its users, insuring insights are accurate, and enabling businesses to act fast.

However, the company has developed a unique product that can be deployed on a private cloud, with a local copy of Kaspersky Security Network complying with data protection laws whilst serving businesses.

Anton Lapushkin, Head of Cloud Infrastructure Development at Kaspersky Lab, said: “Due to the role cloud computing and big data play in quick and accurate detection, services like Kaspersky Security Network are indispensable in cyber security.

“However, customers operating under strict regulations and data transfer policies are forced to disable cloud services like this, and therefore cut off a powerful protection layer.”

Written by Leah Alger

Read more from DevOps Online | Follow us on Twitter

The post Big data technology behind Kaspersky’s network appeared first on DevOps Online North America.