Taking a Security-First Approach to Cloud Migration
The pandemic and lockdowns hit their first anniversary mark, and many companies continue to have their employees work from home for the foreseeable future. Over the past year, organizations have seen how important cloud computing is to business operations.
In fact, according to a MariaDB survey, 40% of respondents said that COVID-19 accelerated their migration to cloud, and IDC found that while cloud spending increased slightly during the early months of the pandemic, other IT-related spending decreased.
If nothing else, 2020 showed organizations the advantages of cloud services. Of course, with more cloud use, there is more cloud risk. With almost all cloud teams working remotely, there has been an uptick in security vulnerabilities and a concern that there are ongoing cloud security issues that have yet to be discovered. Organizations are migrating so quickly to the cloud that security is an afterthought, and that has consequences.
Instead, a new Deloitte study recommended, this move to the cloud should work with cybersecurity as a differentiator to gain consumer trust. “An integrated cloud cyber strategy enables organizations to use security in their transformation in a way that promotes greater consumer trust, especially in today’s digital age,” the report stated. Any migration to the cloud should take a security-first approach.
Why Security First?
With an integrated, security-by-design cloud cybersecurity strategy, organizations can use security in digital transformation as a driver rather than as an afterthought, said Bhavin Barot, a Deloitte risk and financial advisory principal in the cyber and strategic risk practice, in an email interview. Leveraging secure design principles during a digital transformation or cloud migration helps organizations in the following ways, Barot added:
- Incorporating leading-edge, innovative approaches such as intelligent threat detection.
- Reducing risks related to technology, insider threats and the supply chain.
- Elevating the DevSecOps posture for developers and engineers and
- Establishes a cyber-forward approach that reinforces business objectives, enabling security principles such as zero trust.
The Driver Behind Cloud Security Models Today
The pandemic disruption played a huge role in digital transformation and the migration to the cloud over the past year, with 87% of global IT leaders saying their organization accelerated their plans to move to the cloud. This acceleration may actually benefit how organizations view the cloud and security.
“We’re seeing cloud security efforts shift away from developers handling security and instead toward a more collaborative model that has dedicated cybersecurity teams involved proactively and at initiation,” said Barot. A security-first emphasis could result in making DevSecOps a higher priority for organizations. Because DevSecOps “allows developers and security professionals to have the shared goals of secure configurations continuously monitored, remediated, and managed for cybersecurity that drives creation of agile, resilient solutions,” the Deloitte report stated, development and security teams can “better plan the architecture of the environment and build the cloud infrastructure to enable a secure migration.”
Identity, the Cloud, and Security
Identity is taking a larger role in security processes. Cloud migration often requires a new approach to identity, said Barot. “While previously physical credentials (e.g., building access) were acceptable authorization before, today’s distributed remote work environment demands that systems can be accessed anywhere, making user-level access credentials and key management a frequent requirement.”
Identity and access management protocols can be fed into a modularized identity platform with user-level access requirements, Barot added. “A focus on data protection and privacy regulations, as well as the business need for cyber resilience, can help organizations develop protocols for data access rights, user privileges and identity and access management for cloud.” As cloud computing continues to play a larger role across organizations, taking a security-first approach to cloud migration and cloud use will promote a safer environment, and this, in turn, will build customer trust.
