NSP Marketing
10 March 2021
4 min
ReadIt’s essential to migrate your organisation to the cloud safely. Historically, approaching on-premise data storage with a lock-and-key mentality has been standard practice for on-site office environments. However, in today’s virtual and collaborative world, cloud storage has become is the new king. A cloud storage approach requires a more in-depth understanding of each asset’s sensitive nature to reduce data vulnerability. When considering data migration to the cloud, avoid quick and dirty, seemingly cost-effective solutions. A structured approach centred around asset sensitivity categorisation offers higher long-term security success in the long-run.
The best practice methodology is to reduce system complexity before you move to the cloud.
In the cloud, the meaning of ‘public’ is synonymous with ‘world readable’, something addressed in Andrew A’s My cloud isn’t a castle blog post. Locally, something that is ‘world readable’ provides availability to everyone on the local network. In the cloud, ‘world readable’ is available to everyone in the organisation’s cloud account. Don’t make something’ world readable’ unless you’re ok with anyone in the world reading it.
Favour should favour managed services and serverless functions such as SaaS and PaaS solutions over IaaS solutions. Why? Because cloud providers oversee some if not all of the maintenance of managed services and serverless functions. In contrast, for IaaS solutions, the customer owns custom virtual machine maintenance.
Make sure to avoid a lift-and-shift. Effectively, a virtual machine duplication, the lift-and-shift approach, doesn’t efficiently use the cloud. Cloud providers support databases natively and more efficiently. Custom database implementation or bespoke virtual machines are ok, but remember, never assume; always check. Managed services and serverless functions reduce the maintenance burden so that you can concentrate your effort on other areas.
The use of role-based access can simplify access control management. This way, when users change roles, they lose previous permissions and automatically inherit only permissions required for the new position, ensuring you safely migrate your organisation to the cloud.
When cloud security feature benefits are hard to articulate, likely, they won’t work in the cloud. For example, setting up a single local machine as an internet gateway requires expertise. Inexperienced administrators lacking knowledge or rogue administrators fearful of detection are unlikely to proceed. Another issue is how overly simple tasks can be, meaning untrained administrators can perform them without understanding the full picture. Heightened risk doesn’t render these gateways useless. Still, it’s unsafe to rely on all connections going through a single gateway unless network monitoring effectively detects and removes new gateways as they appear. Or, permission restrictions apply to internet gateway creation for everyday administrators.
Some security features that would be complex on-premise are simple in the cloud. Global monitoring or templated features simple to support in the cloud potentially require substantial implementation locally. An example is the admin nightmare associated with a basic packet firewall on every local system network link. Collating results in this scenario work be virtually impossible. In contrast, cloud systems usually come with this capability by default. Adding a few rules can improve network segmentation and limit the damage if an attacker gets in. That said, don’t over complicate with too many rules.
Keeping security simple has always been good advice. More than 20 years ago, Bruce Schneier noted that the worst enemy of security is complexity. The more complex security is, the harder it is to understand. Meaning it’s more likely that it’s not doing what you think it’s doing. Always be clear who has access to any resource and why someone does not have access. Moving to the public cloud is a good time to simplify the permissions model to ensure a safe migration to the cloud. Seek opportunities to remove the complexity that has accumulated over time. Remove any ‘special cases’ that turn out not to be so special after all. Pruning unnecessary complexity makes holes in security easier to spot and fix. The result will be a more straightforward way to safely migrate your organisation to the cloud.
Think about implementing infrastructure-as-a-code to create an infrastructure based on templates or scripts across the entire system. Encourage thinking in terms of commodity computing and reducing errors. Think of it as a combined checklist and documentation approach for setting up the system. A system catalogue exercise using this thinking will encourage simplification. Infrastructure-as-code lets you recreate your whole system from scratch, benefitting disaster recovery. Setting up duplicate systems for resiliency or temporary duplication for testing system changes or upgrades is subsequently easier.
Moving an existing system to the cloud is a significant undertaking. The temptation is to take the most straightforward route, but a bit of planning and preparation can make the difference between a successful cloud migration and an unsuccessful one.
Enter your details below to stay up-to-date with the latest IT solutions and security measures.