Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

It is always difficult to maintain in-house IT operations at the cutting edge of efficiency. Whether it is a question of getting enough budgets approved or keeping all stakeholders happy, life for technical managers is never easy.

On the other hand, clouds have certain inherent advantages. Big cost savings, convenience, scalability, conversion of CAPEX to OPEX are some of the features that go in favor of cloud solutions. These can help an organization accomplish a lot in a short span of time. Not to forget that cloud service providers do a phenomenal job in convincing businesses to offload at least part of their IT burden.

Amidst attractive marketing pitch it is likely that some of the security risks go un-noticed. Ignoring those risks may prove costly for business. While it is fine to go for cloud based solutions certain precautions must be taken.

Here is the list of considerations that organizations should apply before jumping on the bandwagon.

Know your security objectives

Most of the in-house IT setups have evolved over a period of time. Various security measures got added to the lists in an incremental fashion. Collective effect of all security measures is taken for granted when planning any new in-house system. But all those goodies will not be available in the cloud setup unless you explicitly ask for them. It is highly recommended that before opting for cloud solution, have your security objectives identified and documented. Never rely on an existing document that is several months old. It is always better to have an up-to-date document that captures security objectives and strategy clearly and comprehensively.

What does a service provider offer

Many cloud service providers are silent or vague about the kind of security they offer. Do not rely on marketing brochures which are generally meant to cater to a wide variety of customers. Explicitly ask your service provider about security policy document, practice manual, disaster recovery options applicable specifically to your subscription. Also check the security certifications the service provider has. Look for ISO 27001, SSAE 16, PCI DSS 2.0, HIPAA compliance and any other industry specific certifications. More number of updated certifications adds credibility to the provider.

Transition in phases

It is the old golden rule. Irrespective of the number of applications, size of databases or servers it is always better to structure them in logical phases and move them to cloud in stages. This will ensure that any surprises are discovered early in the cycle and risks are minimized.

Do a vulnerability assessment

Do not bank entirely on contract terms even after you have moved an application or domain to the cloud. Involve a third party to conduct a thorough vulnerability assessment before going live and find out any existing vulnerabilities. Fix those vulnerabilities and conduct another round of tests. Proceed with go-live only when the risk is within an acceptable range.

Maintain a parallel run

You must not wind up your existing in-house setup immediately after going live. It is the most reliable backup and recovery option you have got. Depending on the size of application and criticality the in-house setup can co-exist anywhere from few weeks to few months. Even after that you can continue to use that as an in-house backup. Unlike cloud backup, this backup would be available under your direct custody.

Buy Cyber security Insurance

Even after taking all the precautions in the book things can go wrong. Just one lapse is what hackers require before they can walk away with your sensitive data or carry out a DDOS attack or worse inflict downtime. Explore a suitable cyber security insurance option which can mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. This has to be over and above any safeguards in-built into the contract with cloud service provider.

Remember there are different types of cloud service providers – some are really good while others aren’t. Also, your organizations’ need are specific and even to date there is no one-size-fits-all solution. At the end of the day you are responsible for your data and it’s better to be safe than sorry.

By Manoj Tiwari

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.


(ISC)2 and Cloud Security Alliance Host Cloud Security Summit to Help Cybersecurity Pros Securely Harness Cloud Technologies

By CloudBuzz | September 22, 2017

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit Research cites strengthening of cloud security skills top priority over next three years CLEARWATER, Fla. ,Sept. 22, 2017 /PRNewswire-USNewswire/ — (ISC)² today announced it’s partnering with the Cloud Security Alliance (CSA) for the CSA…

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…