In this post, guest author David Maman, CTO and founder of GreenSQL – the database security company – lays out a series of simple steps for cloud migration – ensuring security is systematically addressed.
Five Steps for a Secure Cloud Transition
Here are five steps to make the transition much safer for your data, and your company:
1. Understanding my “Attackability Surface”: Before considering migrating to the cloud, map every project component, and map all the hazards. Including which operating systems will be used, which applications will be installed, which types of security mechanisms are required for each component and, which types of access are required for each service running on this cloud.
Generally, after truly understanding the project scope, the risk becomes controllable.
2. Sharing is Not Caring: Many times, using cloud services involves sharing infrastructure and applications with others, which means that the risk factor is multiplied.
The lack of security configuration at one customer, of application vulnerabilities by other customers, can lead to data loss in your databases. Make sure which components you share, and which are dedicated to you.
Often, when it comes to your customers’ or employees’ sensitive information, you cannot avoid purchasing a private cloud for most components.
3. Command and Control: Demand your cloud providers give you true control and monitoring of any, and all, security components. If necessary, even insist that only you will be able to change the configuration of these components.
If it’s just a network firewall, if it’s a web application firewall, if it’s a database firewall or any other element, those elements ensure your level of risk and your business survival on the cloud. Make sure you are aware of any changes in any security element.
4. The Cat in the Hat: The “Cloud” is a beautiful buzzword; every vendor in the entire IT segment is using the word “Cloud” in presentations and sales speeches. But eventually we have to understand, “Cloud” is really only a hosting service; it might be more advanced; it might support “elastic” growth; it might even provide an extremely easy user interface.
Please make sure you understand that the “Cloud” is “smart” shared hosting, which means that many people may have physical access to the servers that host your data and operating systems.
You can almost never be sure that if – your servers have restarted, it’s not because someone copied the hard drive you are using. Encrypt what you can, and make sure that the most sensitive information is not on the “Cloud.”
5. Software As A Service (SaaS) can work: Salesforce taught us that SaaS can actually work, with extremely high business continuity and extremely high levels of security.
Many Fortune 1000 companies use Salesforce with some of their most sensitive information. The thing is is that Salesforce has invested $100s of millions on infrastructure and security, which more than 90% of other SaaS providers will ever be able to afford.
So, if you decide to go forward and adopt a SaaS provider, keep in mind that size does matter; the bigger the provider (and we’re not talking about boutique providers who cost a fortune), the more secured they are.