For businesses of all shapes and sizes, the inherent value in moving enterprise applications into the cloud is beyond question. The ability to control computing capability at a more granular level can lead to significant cost savings, not to mention the speed at which new applications can be provisioned.
Having a modern cloud-based infrastructure makes businesses more agile, allowing them to capitalize on market forces and other new opportunities much quicker than if they depended on on-premise, monolithic architecture alone.
However, there is a very real risk that during the goldrush to modernized infrastructures, particularly during the pandemic when the pressure to migrate was accelerated rapidly, businesses might be overlooking the potential blind spot that threatens all businesses indiscriminately, and that is security.
One of the biggest challenges for business leaders over the past decade has been managing the delicate balance between infrastructure upgrades and security. Our recent survey found that half of organizations who took part now run over 41% of workloads in the public cloud, and 11% reported a cloud security incident in the last twelve months.
If businesses are to succeed and thrive in 2021 and beyond, they must learn how to walk this tightrope effectively. Let’s consider the highs and lows of modernizing legacy infrastructures, and the ways to make it a more productive – and safer – experience.
What are the risks in moving to the cloud?
With cloud migration comes risk. Businesses that move into the cloud actually stand to lose a great deal if the process isn’t managed effectively. Moreover, they have some important decisions to make in terms of how they handle application migration.
Do they simply move their applications and data into the cloud as they are as a ‘lift and shift’, or do they seek to take a more cloud-native approach and rebuild applications in the cloud to take full advantage of its myriad benefits? Once a business has started this move toward the cloud, it’s very difficult to rewind the process and unpick mistakes that may have been made, so planning really is critical.
Then there’s the issue of attack surface area. Legacy on-premise applications might not be the leanest or most efficient, but they are relatively secure by default due to their limited exposure to external environments.
Moving said applications onto the cloud has countless benefits to agility, efficiency, and cost, but it also increases the attack surface area for potential hackers. In other words, it gives bots and bad actors a larger target to hit.
One of the many traps that businesses fall into is thinking that just because an application is in the cloud, it must be automatically secure. In fact, the reverse is true unless proper due diligence is paid to security during the migration process.
The benefits of an app-centric approach
One of the ways that businesses can master security in the cloud is by approaching it from an app-centric perspective. By understanding how a business uses its applications, including its connectivity paths through the cloud, data centers and SDN fabrics, it’s possible to build an application model that can generate actionable insights such as the ability to create policy-based risks instead of leaning squarely on firewall controls.
This is of particular importance when moving legacy applications onto the cloud. The inherent challenge here is that a business is typically taking a vulnerable application and making it even more vulnerable by moving it off-premise, relying solely on the cloud infrastructure to secure it.
To address this, businesses should rank applications in order of sensitivity and vulnerability. In doing so, they may find some quick wins in terms of moving modern applications into the cloud that have less sensitive data. Once these short-term gains are dealt with, NetSecOps can focus on the legacy applications that contain more sensitive data which may require more diligence, time, and focus to move or rebuild securely.
Migrating applications to the cloud is no easy feat and it can be a complex process even for the most technically minded NetSecOps. Automation takes a large proportion of the hard work away and enables teams to manage cloud environments efficiently while orchestrating changes across an array of security controls. It brings speed and accuracy to managing security changes and accelerates audit preparation for continuous compliance. Automation also helps organizations overcome skills gaps and staffing limitations.
We are likely to see conflict between modernization and security for some time. On one hand, we want to remove the constraints of on-premise infrastructure as quickly as possible to leverage the endless possibilities of cloud.
On the other hand, we have to safeguard against the opportunistic hackers waiting on the fray for the perfect time to strike. By following the guidelines set out in front of them, businesses can modernize without compromise.
About the Author:
Kyle Wickert, Strategic Architect at AlgoSec