69% of Enterprises are Moving Mission-Critical Information to the Cloud

Why Security matters

According to a research study by the Cloud Security Alliance (CSA), 69% of enterprises are moving mission-critical information to the cloud. These migrations are massively complex and take meticulous planning to ensure success. At the same time, the research shows 65% of businesses are worried about migrating their sensitive data, while 59% of them have security concerns.

The reason? Mission-critical applications and their associated data are at the heart of every organization’s operation. These applications come from leading vendors such as SAP and Oracle and deliver Enterprise Resources Planning (ERP), Customer Relationships Management (CRM), Product Lifecycle Management, Human Capital Management, Supply Chain Management, and Business Intelligence functionality. Each module contains sensitive information from sales, marketing, finance, customers, human resources, intellectual property, and more – so the stakes are high.

And while businesses have made great strides in protecting critical data, organizations, such as the Department of Homeland Security, have issued warnings explaining why the stakes are so much higher. In fact, a recent IDC survey showed that two-thirds of businesses said that downtime of mission-critical business applications could cost their organization $50,000 per hour.

As businesses look to migrate these applications to the cloud, it’s no wonder security is top of mind. But it’s essential to understand how their cloud security strategy stacks up against the security of their on-premises environments.

Protection From On-Prem to the Cloud

There is a misconception that on-premises mission-critical applications can rely on firewalls and other perimeter and end-point defenses for protection. While there is protection added, these point solutions don’t understand the protocols, technology, or complexity of business applications. These perimeter solutions work well to ensure bad actors don’t get into an organization’s network, but cannot help when it comes to understanding threats to an ERP or CRM system or when someone obtains critical data from these applications.

This situation worsens as enterprises move applications to the cloud. Today, CISOs and other business leaders should realize the attack surface is expanding in the cloud. Moreover, there are often discrepancies within businesses on who is responsible for protecting the business application data.

Regarding technology-related risks, with software-as-a-Service (SaaS) business applications, organizations are often shifting accountability for some of the security controls and the patching process to the SaaS provider. In an infrastructure-as-a-Service (IaaS) model, it varies as patching can be outsourced to the cloud service provider or controlled by the business’s security team.

And while the organization’s responsibility around data always remains the same regardless of whether the applications are running on-premise or in the cloud, there is no standard shared responsibility model for security. When it comes to applications that house the “crown jewels” of a business, protection should always be a priority. Security teams need to ensure they understand their responsibility within the service-level agreement they have with partners.

Even though cloud security has advanced so much over the past five years, more often than not, neither the cloud service provider nor mission-critical application vendor will monitor or protect applications to the extent every company needs, and compliance mandates require.

Key Cloud Security Considerations

The good news is that IT organizations and security teams migrating their mission-critical business applications to the cloud don’t have to do it alone. Leading independent organizations, like the Cloud Security Alliance (CSA), provide valuable checklists and guidelines to ensure a smooth migration.

The CSA’s Top 20 Controls for Cloud Enterprise Resource Planning (ERP) Customers prescribes the most critical controls organizations need to review as they begin a migration journey. It includes issues like authentication, user account management, baseline configurations, data encryption, change management controls, vulnerability assessments, and more.

But just because you know what concerns to address and controls to explore doesn’t mean you’re ready to migrate. Businesses should strongly consider tools to help automate the discovery of potential errors before, during, and after the migration.

Security From Beginning to End

The cloud migration process offers companies a unique opportunity to reset and evaluate their current mission-critical application security and compliance status. However, without the proper tools in place, this can be incredibly time-consuming, costly, and difficult to scale.

To help, businesses should look for security solutions that can automate traditional tasks and deliver insights that discover, assess and fix code errors, application-layer vulnerabilities and misconfigurations. A system of this magnitude can support CSA’s top controls. It can also address problems early on in the migration process and fix legacy issues before they transition to the cloud. This level of visibility accelerates migrations by building security and compliance from the start. It also reduces costs by remediating issues that could become complicated down the road.

After a migration, keeping business applications in a secure and compliant state is also a challenge. Whether in an IaaS, PaaS, or SaaS cloud service model, organizations need to invest in tools to continuously monitor business applications to ensure they’re protecting what matters, including data and end-users, from attacks.

From increased scalability and flexibility to cost savings and uptime, the benefits of the cloud are clear. Still, without the proper guidelines and tools in place, businesses can put some of their most sensitive data at risk as they migrate mission-critical applications to the cloud. Industry support groups, and leading application testing and security software can help organizations understand gaps in security and compliance before, during, and after migrations to ensure they move to the cloud with confidence.

By Juan Perez-Etchegoyen

Security Breach 10 Useful Cloud Security Tools
Cloud Security Tools Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security. Cloud computing has become a business solution for ...
10 Leading Open Source Business Intelligence Tools
Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up the decision-making process. Open Source Business Intelligence Tools make it easier to have our raw ...
Stacey Farrar
Modern Auth and Exchange Online Migrations Microsoft has phased out Basic Authentication (Basic Auth), replacing it with Modern Authentication (Modern Auth) to provide increased protection and user security. Through this, Microsoft has turned off Basic ...
Gary Bernstein
Common DevOps Misconceptions 86% of businesses say it’s important for their company to develop and produce new software fast to win market share and beat the competition, Harvard Business Review reveals. Yet, just 10% of businesses ...
Jen Klostermann
The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...
Maxim Melamedov
Trouble is Brewing Cloud Paradise - 2023 Will Determine Company's Long-Term Plans for Cloud Use The relationship between developers and the cloud was practically love at first sight. For years, migration to the cloud in ...
Mark Banfield
Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...
Drew Firment
Stop Focusing on Cloud Adoption and Start Focusing on Cloud Maturity For the past several years, most organizations have made it their priority to shift much of their applications and data from on-premises to the ...
The Backup.png
Cloud For Dummies.png
Disaster Recovery Plan.png
Disaster Recovery Plan.png

PLURALSITE

Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 

(ISC)²

(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.

CYBRARY

CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.