SoftwareOne logo

7.5 min to readCloud Services

How to adapt security when moving to the cloud

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

The cloud is a tremendous innovation that promises a lot of benefits to its adoptees – enhanced collaboration, reduced downtime, decreased IT costs, and scalability, just to name a few.

However, there is one glaring concern that many organizations have – cloud security. While many organizations familiarize themselves with basic cloud security measures, the actual process of a cloud migration often raises a few additional concerns. This is true even for the most popular cloud services, such as Azure and Amazon Web Services.

One of the most prominent issues revolves around how organizations can bring their current standard of security into the cloud. This isn’t a simple task – although the cloud’s accessibility and flexibility are two of its best traits, they can cause some problems with both legacy and new applications and services. Let’s take a look at four vulnerable areas that organizations must monitor when migrating to the cloud.

Security challenges with microservices

The term “microservices” describes a type of architecture where one application is made of small, loosely connected, but independently deployable, services. This is different from the norm, where multiple services are firmly coupled into a single, unchangeable application. Instead, microservices piece together a single application from a few loosely connected services. For cloud-native applications, this is becoming the norm.

While microservices help businesses scale and optimize their deployments more efficiently, they pose a security issue to the uninitiated. For the most part, this is due to some microservices not having built-in or user-friendly security controls. Additionally, another part is associated with inherent security challenges posed by developers, or a DevOps structure – we’ll expand more on that in the next section.

When you use microservices, you’re creating a complicated cloud environment that usually utilizes many databases – all of which need to be managed and secured on an ongoing basis. Not only that, but microservices often dabble in multi-cloud – so a single microservice may concurrently use applications from Azure, AWS, and other cloud providers. For that reason, it’s best to use a platform that will help you manage all of your cloud deployments from one place.

Cybersecurity panel discussion: Shift left security helps prevents defects early

Securing ephemeral workloads

Ephemeral workloads exist in a special type of container that only runs for a single session. Once the workload is not being used, it is terminated. When the workload needs to be run again, it begins as a fresh start. This can help IT teams develop and implement new technological initiatives quickly. Think of these workloads as an intangible single-use product – they’re designed to be created, used, then destroyed.

While the fleeting nature of these workloads is beneficial to security, ephemeral workloads can pose a few access-related security concerns. It’s crucial that organizations only allow established, pre-approved users to use ephemeral workloads. Even though ephemeral workloads are single-use, the hardware of the machines that launch them is persistent. This means that hackers could potentially capture login information from internal employees if a vulnerability exists within the system itself, or inherently in the ephemeral workload. For that reason, different tiers of security are needed depending on how secure the workload or device must be.

Securing containers for cloud migration

Containers compartmentalize an application by rolling it into a single package, isolating it from outside factors. While they have many purposes, one prominent purpose is helping IT teams move software from one computing environment to another. While they can be used to move data from one physical environment to another, cloud users are by far the biggest proponents of containers. They start up quickly, have a small file size, and enable the use of microservices since one container can host many modules.

In the past decade, container security has improved by leaps and bounds through optimizing their code to remove vulnerabilities. However, organizations still need to consider a few key points. When on-premises containers are moved to the cloud, they may need updated security policies that restrict access to containers. The IT team should be able to whitelist and blacklist certain processes, storage practices, and network activities. This is difficult to accomplish manually, so organizations are advised to find a platform that can assist with managing access.

Final thoughts

Security in the cloud isn’t straightforward – and as a result, organizations need to find tools and resources to simplify cloud security. For the best results, search for a group of cloud experts who can provide internal resources and expertise to resolve all CSP-related concerns – especially involving Azure and Amazon Web Services. They should help you budget and build a roadmap in a way that considers security requirements from the get-go.

If your organization isn’t lacking in cloud experts, then those cloud experts would benefit from an easy-to-use cloud management platform that can identify and implement the best ways to share, access, and migrate data across the cloud. This will help to simplify cloud management – which makes cloud security much more addressable. With the right tools, your organization can enjoy the highest standard of cloud security.

A green field with a river running through it.

Cloud Security

Harden your cloud security with 24x7 policy-based configuration scanning.

Cloud Security

Harden your cloud security with 24x7 policy-based configuration scanning.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.