While cloud adoption has become the norm, too many organisations start their journey without a clear strategy to steer their migration. The first casualty, inevitably, is security. Without the right precautions, data, applications, servers and networks are all vulnerable. However, it can also create the misconception that the cloud is less secure than the data centre when, in fact, the opposite is the case.

It is time to review your current security strategy and architecture to check that it is fit for purpose with the adoption of new cloud services.  Once you have your security strategy in place, it will form the basis of your security requirements for implementation in the cloud.

A comprehensive, preplanned security strategy is central to any cloud migration. It protects the company from both external and internal attack and will help encourage the buy-in needed from company leadership.

Fail to prepare, prepare to fail

The cloud offers secure systems, applications and data at a fraction of the cost of installing them on-premise. It delivers encryption, advanced identity and access management, the reduction of human error as well as automated resource logging and inspection. It is no wonder that only one per cent of UK organisations has suffered a security breach in the cloud.

Yet, when a high-profile data breach occurs it is often the cloud platform of the business that receives the lion’s share of the blame. More often than not, the real problem lies in the company’s failure to prepare adequately for the cloud, whether technically, culturally or procedurally.

Many organisations take a surprisingly devil-may-care approach to cloud adoption. Their security strategies are not fit for purpose, and they move onto the cloud in the hope that they can iron out any difficulties as they appear. Instead, organisations should ensure systems are cloud-ready before shifting their data, services and applications across.

The cloud is not a panacea for existing security weaknesses – it requires a security architecture and strong internal security policies to achieve its potential for a more secure processing environment. Implementers should first plan out the full cloud infrastructure, which will tell them what is needed from a security perspective. They will have to decide where their data is stored, where their applications are run and what is needed to protect them. A complete security design is needed from the very beginning.

Before the migration begins, you must ensure all cloud accounts and user permissions are in place. The public cloud can be accessed by anyone with an internet connection or VPN, so the correct authorisations should be set up to prevent your crucial data being compromised or your services disrupted by any bad actors.

Remember also that you cannot simply migrate your existing anti-virus or firewall to the cloud. They are unlikely to have been designed for the cloud or their licenses will not be cloud-friendly. Updating or replacing them will require product and device selection, but it is essential to maintaining a strong perimeter. However, you may also choose to boost your response to security incidents and events by going down the increasingly popular route of outsourcing your security incident and event management to (SIEM) providers

Expectation meets reality

Most cloud migrations will require some level of challenging the status quo. Readying the business for the cloud may cause existing spending plans to change. Yet, when done properly, the process is never confrontational.

Not every challenge will be technical – in fact, the hard, technical aspects of migration are often the easy ones. Instead, the challenges are often cultural and perceptions.  Situations that people do not understand are often viewed as threats and generate opposition.  Change its self often creates opposition you may find opposition from the company’s business and financial decision-makers as well as the incumbent security team. Most stakeholders will not have undertaken a cloud migration before, and we all fear the unknown. Ultimately, it is down to cloud advocates to defuse conflicts by acting as educators and guiding the rest of the business through the implementation.

The process of migration should be measured, gradual and always iterative. Many organisations set themselves up for failure by lacking the capabilities to properly test their applications in the cloud. Testing is an invaluable way of uncovering issues before they can harm you in deployment. The pressure will be on to migrate as quickly as possible, but implementers should always take the time to test before deployment.

Proper training is also an important part of preparation. As many as 28 per cent of data breaches is down to employee negligence or the actions of a malicious insider. In a public or private cloud environment, this danger still remains. Security awareness must be a top priority, and all employees should be trained on your updated policies and the consequences of exposing the company to a data breach.

When migrating to the cloud, you reap what you sow. Your company cannot enjoy the benefits of the cloud without first ensuring that it is safe and secure. This is best done during the migration phase, but only if the business is willing. It is up to implementers to remind them that investment now will pay dividends later.

Written by Richard Latham, Principal Consultant at KCOM

The post The great cloud migration – keeping it secure appeared first on DevOps Online North America.

Gone are the days you need a data centre to run your business or your workloads. But is cloud computing all it seems?

Altaf comments: “Cloud computing has influenced IT and financial services massively. I’ve worked in the IT industry for more than 20 years’ and have witnessed a number of different transformations.

Identity management

“Nevertheless, it’s extremely important to watch out for cloud computing bills because resources can easily be created and it is extremely easy to go over your payment limits, without being aware unless notifications or ceiling is set for maximum spend.

“If you have an application which is based on identity management and you’re running its ‘stress-test’, its also simple to connect millions of test users to the application, making constant API calls and costing additional dollars if test users are not carefully monitored in addition to monitoring the number of API calls.”

Despite this, cloud computing can help massively towards time-to-market being reduced, which means more applications are cropping up because they are easily stored and deployed. From a management perspective, cloud computing also costs less because traditional data centres are, typically, extremely expensive to run. Just be aware that services can change, so it’s important to keep up-to-date with security.

Data classification

“When securing data in the cloud you must find out what data classification you’re going to process. Once you know this, you will know what controls and frameworks are required for securing the cloud through compliance controls, encryption and authorisation,” continues Altaf.

“Cloud computing also has the ability to automate old applications and infrastructure, which can be extremely useful.”

He also notes that the important thing when working in cloud computing is to be multi-skilled. “If not, you will be left behind”.

Written by Leah Alger

The post Cloud computing – the digital economy you must adapt! appeared first on DevOps Online North America.

Mark Luo, Cloud Security Evangelist of CloudPassage, presents Enabling DevOps Through Agile Security at the AWS Pop-up Loft in San Francisco.

To learn more, visit http://aws.amazon.com/start-ups/loft/…

The post Video: Enabling DevOps through Agile Security appeared first on DevOps Online North America.