69% of Enterprises are Moving Mission-Critical Information to the Cloud

84shares

Why Security matters

According to a research study by the Cloud Security Alliance (CSA), 69% of enterprises are moving mission-critical information to the cloud. These migrations are massively complex and take meticulous planning to ensure success. At the same time, the research shows 65% of businesses are worried about migrating their sensitive data, while 59% of them have security concerns.

The reason? Mission-critical applications and their associated data are at the heart of every organization’s operation. These applications come from leading vendors such as SAP and Oracle and deliver Enterprise Resources Planning (ERP), Customer Relationships Management (CRM), Product Lifecycle Management, Human Capital Management, Supply Chain Management, and Business Intelligence functionality. Each module contains sensitive information from sales, marketing, finance, customers, human resources, intellectual property, and more – so the stakes are high.

And while businesses have made great strides in protecting critical data, organizations, such as the Department of Homeland Security, have issued warnings explaining why the stakes are so much higher. In fact, a recent IDC survey showed that two-thirds of businesses said that downtime of mission-critical business applications could cost their organization $50,000 per hour.

As businesses look to migrate these applications to the cloud, it’s no wonder security is top of mind. But it’s essential to understand how their cloud security strategy stacks up against the security of their on-premises environments.

Protection From On-Prem to the Cloud

There is a misconception that on-premises mission-critical applications can rely on firewalls and other perimeter and end-point defenses for protection. While there is protection added, these point solutions don’t understand the protocols, technology, or complexity of business applications. These perimeter solutions work well to ensure bad actors don’t get into an organization’s network, but cannot help when it comes to understanding threats to an ERP or CRM system or when someone obtains critical data from these applications.

This situation worsens as enterprises move applications to the cloud. Today, CISOs and other business leaders should realize the attack surface is expanding in the cloud. Moreover, there are often discrepancies within businesses on who is responsible for protecting the business application data.

Regarding technology-related risks, with software-as-a-Service (SaaS) business applications, organizations are often shifting accountability for some of the security controls and the patching process to the SaaS provider. In an infrastructure-as-a-Service (IaaS) model, it varies as patching can be outsourced to the cloud service provider or controlled by the business’s security team.

And while the organization’s responsibility around data always remains the same regardless of whether the applications are running on-premise or in the cloud, there is no standard shared responsibility model for security. When it comes to applications that house the “crown jewels” of a business, protection should always be a priority. Security teams need to ensure they understand their responsibility within the service-level agreement they have with partners.

Even though cloud security has advanced so much over the past five years, more often than not, neither the cloud service provider nor mission-critical application vendor will monitor or protect applications to the extent every company needs, and compliance mandates require.

Key Cloud Security Considerations

The good news is that IT organizations and security teams migrating their mission-critical business applications to the cloud don’t have to do it alone. Leading independent organizations, like the Cloud Security Alliance (CSA), provide valuable checklists and guidelines to ensure a smooth migration.

The CSA’s Top 20 Controls for Cloud Enterprise Resource Planning (ERP) Customers prescribes the most critical controls organizations need to review as they begin a migration journey. It includes issues like authentication, user account management, baseline configurations, data encryption, change management controls, vulnerability assessments, and more.

But just because you know what concerns to address and controls to explore doesn’t mean you’re ready to migrate. Businesses should strongly consider tools to help automate the discovery of potential errors before, during, and after the migration.

Security From Beginning to End

The cloud migration process offers companies a unique opportunity to reset and evaluate their current mission-critical application security and compliance status. However, without the proper tools in place, this can be incredibly time-consuming, costly, and difficult to scale.

To help, businesses should look for security solutions that can automate traditional tasks and deliver insights that discover, assess and fix code errors, application-layer vulnerabilities and misconfigurations. A system of this magnitude can support CSA’s top controls. It can also address problems early on in the migration process and fix legacy issues before they transition to the cloud. This level of visibility accelerates migrations by building security and compliance from the start. It also reduces costs by remediating issues that could become complicated down the road.

After a migration, keeping business applications in a secure and compliant state is also a challenge. Whether in an IaaS, PaaS, or SaaS cloud service model, organizations need to invest in tools to continuously monitor business applications to ensure they’re protecting what matters, including data and end-users, from attacks.

From increased scalability and flexibility to cost savings and uptime, the benefits of the cloud are clear. Still, without the proper guidelines and tools in place, businesses can put some of their most sensitive data at risk as they migrate mission-critical applications to the cloud. Industry support groups, and leading application testing and security software can help organizations understand gaps in security and compliance before, during, and after migrations to ensure they move to the cloud with confidence.

By Juan Perez-Etchegoyen

Juan Pablo Perez-Etchegoyen

As CTO, JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs.

JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world’s biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

www.onapsis.com

THOUGHT LEADERS

Security Breach 10 Useful Cloud Security Tools

Useful Cloud Security Tools For Your Business

Cloud Security Tools Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security. Cloud computing has become a business solution for ...

10 Leading Open Source Business Intelligence Tools

Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up the decision-making process. Open Source Business Intelligence Tools make it easier to have our raw ...

Modern Auth and Exchange Online Migrations: What IT Professionals Should Know

Modern Auth and Exchange Online Migrations Microsoft has phased out Basic Authentication (Basic Auth), replacing it with Modern Authentication (Modern Auth) to provide increased protection and user security. Through this, Microsoft has turned off Basic ...

Common DevOps Misconceptions: It’s Not A Role, But A Culture

Common DevOps Misconceptions 86% of businesses say it’s important for their company to develop and produce new software fast to win market share and beat the competition, Harvard Business Review reveals. Yet, just 10% of businesses ...

The Fintech Landscape Today

The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...

The Cloud is Heading to an Entirely New Formation in 2023

Trouble is Brewing Cloud Paradise - 2023 Will Determine Company's Long-Term Plans for Cloud Use The relationship between developers and the cloud was practically love at first sight. For years, migration to the cloud in ...

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...

Why Organizations Should Stop Focusing on Cloud Adoption and Start Focusing on Cloud Maturity

Stop Focusing on Cloud Adoption and Start Focusing on Cloud Maturity For the past several years, most organizations have made it their priority to shift much of their applications and data from on-premises to the ...

69% of Enterprises are Moving Mission-Critical Information to the Cloud

Why Security matters

Protection From On-Prem to the Cloud

Key Cloud Security Considerations

Security From Beginning to End

THOUGHT LEADERS

PLURALSITE

(ISC)²

CYBRARY

CLOUDTWEAKS

TOPICS

SERVICES

MORE

Sarah Patrick

Drew Firment

Vineet Jain

Dmitry Chekalin

Jon Roskill

Gilad David Maayan

Aruna Ravichandran

David Friend

Alex Dean

Steve Prentice