Industry Trends

6 Tips for a Secure Cloud Migration | Fortinet Blog

By Fortinet | May 15, 2019

According to a recent Cloud Computing Survey by IDG, 92% of organizations already have at least one application or some portion of their computing infrastructure in the cloud. In line with that revelation, 55% of organizations are using multi-cloud, with 21% using three or more clouds. In addition, enterprise organizations have budgeted 32% of their IT budget, on average, to cloud computing.

Moving to the cloud isn’t as easy as snapping your fingers, however. Organizations must bridge their business processes, applications, and workflows between their local physical network and WAN-based branch offices with and one or more networks residing in the public cloud. Unfortunately, this process hasn’t been easy – according to IDG, one of the biggest challenges faced by IT decision-makers is their ability to tackle new data privacy and security challenges posed by the cloud.

With many organizations still in the midst of cloud migration, it’s important to know that many of these challenges are best resolved before your last workload is moved to the cloud. To discover how to best confront those challenges, let’s examine why organizations move to the cloud, and why these challenges arise in the first place.

The Benefits of Migrating to the Cloud

It’s clear that the cloud is growing in popularity – and there are a few key reasons for this. Here’s a general idea of what’s motivating businesses to move to the cloud.

  • Scalability – Since the cloud operates under a pay-as-you-use model, organizations can easily shift the size of their cloud deployment to meet changing demands. This creates a more reliable experience at a reasonable cost.
  • Cost savings – In a recent survey, 47% of IT executives cited cost savings through elastic provisioning and lowered capital expenditures as a primary motivator for moving to the cloud. This is because organizations can cut hardware costs and reduce time spent on maintenance.
  • Better performance – The cloud offers a better user experience through lower latency since data is routed through highly powerful, distributed cloud data centers. This helps provide a better experience for employees and consumers accessing cloud services.
  • Flexibility – Cloud infrastructure is highly flexible by design since it can be accessed by any authorized user, in any location, at any time. This makes cloud migration imperative to enabling remote work.
  • Security – Many high-profile cloud providers, including AWS and Microsoft Azure, provide basic security protections under the shared responsibility model. However, while this is generally beneficial, it doesn’t guarantee that your cloud data will truly be protected – and with 93% of enterprises embracing a multi-cloud environment, there are many new attack vectors to consider.

Why is a Secure Cloud Migration Challenging? 

There are many benefits of moving to the cloud – but the biggest challenge is ensuring that data, workflows, and applications can move quickly and seamlessly across and between these different physical and virtual environments. And from a security perspective, this also requires creating a consistent security posture across all local and cloud-based resources so that policies and enforcement can follow and protect those transactions.

Unfortunately, given the ad-hoc nature of most security deployments, many security policies simply cannot be consistently implemented across a multi-cloud environment, especially when using a variety of tools from a variety of vendors. Even for those rare companies that have standardized on a single security toolset, there are two additional challenges. First, features and functions are often inconsistent when a security tool does not operate natively in a cloud environment. And if they do operate natively, they do not operate consistently between cloud environments. This can create challenges as workflows and applications move between different cloud environments, resulting in security gaps and blind spots that can be exploited.

How to Migrate Security to the Cloud

Addressing these challenges requires careful preparation. This starts by establishing clear communication between lines of business and the IT and security teams.

Without clear communications about business needs and objectives and a candid discussion of related threats, organizations open themselves to a whole array of new risks, including denial-of-service attacks targeting cloud resources, cloud malware injection, web application exploitation, cloud API attacks, and account or service hijacking

To establish a single, consistent security framework that spans the entire multi-cloud infrastructure, every organization should consider the following six steps as part of their migration strategy: 

1. Establish a Common Security Framework

Isolated security devices, decentralized management, and vendor sprawl is usually the result of an ad-hoc, or “accidental” security architecture. Before you can hope to create a consistent cross-network security strategy that spans your cloud deployments, you will need to impose a central security strategy. Once that is in place, you then need to ask three critical questions:

  • What are your short and long-term goals for your network? This includes business objectives, resources that need to be implemented, and how you will address the challenges of today’s digital marketplace.
  • What are the risks associated with those goals? Answering that question often starts with performing a gap analysis for how the cloud will change your security paradigm.
  • How do you specifically address those challenges? This requires not only knowing your current security posture, but also its implications for your future business goals. You must also understand the impacts of a distributed, cloud-based network on risk management, and the policies you need to have in place before you move a single process to the cloud.

2. Make Sure Your Infrastructure is Ready

Whatever you think your bandwidth requirements will be, you can be pretty sure that you have underestimated them. Ever since Bill Gates supposedly said "640K [of RAM] ought to be enough for anybody” back in 1981, new capacity has always driven the development and adoption of bandwidth-hungry applications. So to start, you will need to model and understand data flows and bandwidth requirements to ensure that your security solutions can meet performance requirements, especially for latency-sensitive services and new immersive applications that will need to travel over VPN tunnels. Then, assume you are wrong by at least half.

3. What About Compliance?

You can begin by understanding what requirements you have to meet for data processed and stored on the cloud, as well as for data that moves between different cloud and physical network environments. However, given regulations like GDPR and the California Consumer Privacy Act, it’s only a matter of time before those requirements are ratcheted up. 

So, any compliance strategy must be flexible enough to adapt to new requirements. As a result, it is not only crucial that your legal team be consulted before you begin to build or adopt any sort of cloud program, but also that you consult experts working in areas where new, stricter regulations have already been put in place so you aren’t caught flat-footed when changes happen.

4. High Availability and Disaster Recovery are Table Stakes

The biggest fear for most organizations looking at a cloud solution, after addressing security concerns, is the continuous availability of cloud-based resources. It’s one of the primary drivers of a multi-cloud strategy. In addition to parsing out functions to different clouds, it is also important to consider the redundancy of critical functions and data.

You must also consider issues like the need for dynamic scaling (probably yes) and whether your security solutions can meet new performance requirements (probably no). Finally, you must consider things such as flow symmetry, load balancing, and error correction to maintain availability, performance, and protection when utilizing highly dynamic, cloud-based services.

5. The Right Tool for the Job

 
Cloud security requires much more than simply placing a firewall at the perimeter of the cloud infrastructure. A wide range of security solutions will need to be applied depending on the applications running and services being used. A next-generation firewall (NGFW) solution is the most common security tool to be applied, but other solutions are often also required, including web application firewall (WAF), intrusion protection or detection service (IPS/IDS), and a cloud access security broker (CASB).

6. Lifecycle Management

Consistency in security policy and enforcement, especially when they span multiple environments, is crucial. In addition to their ability to operate natively in a cloud, security tools must also be chosen for their ability to interoperate seamlessly through the entire security policy lifecycle with solutions deployed in other environments.

This includes things like consistent support for changes in security policy, consistent dynamic provisioning and scaling, single point of management—including integration with a central ITSM solution and central log collection, and centralized policy orchestration and correlation. To make this happen without compromising on security functionality and efficacy, organizations must consider adopting open standards, APIs, and cloud connector technology that can translate between solutions deployed in different cloud environments on the fly.

Don’t Be Fooled Into Taking Security Shortcuts

Adopting a cloud service can be deceptively easy. In many cases, it’s as simple as clicking a link. Likewise, adding a new cloud-based infrastructure is far easier than building its physical counterpart. But that can be deceptively simplistic when it comes to security.

Far too many organizations have had to pay the price for rushing into a new cloud solution without carefully considering challenges related to security. These have ranged from opening new attack vectors into their network, to being unprepared for new cloud-based threats or being blindsided by fines and penalties for failing to adequately prepare for new compliance considerations.

Careful preparation, including the careful consideration of the six steps outlined above, can save you time, money, and reputation in the long run. Taking the time now, before you begin to build out your new cloud infrastructures, platforms, or services, will enable you to compete effectively—and securely—in today’s new digital marketplace, now and long into the future.

 

This is a summary of an article, entitled “6 Considerations for Secure Cloud Migration,” that was originally published on April 11, 2019. You can read the entire article on the DevOps.com website.

Learn more about how Fortinet’s multi-cloud solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Read these customer case studies to see how Cuebiq and Steelcase implemented Fortinet’s multi-cloud services for secure connectivity and application security.