Accelerating Cloud Migration Should Not Exceed Security Issues

Covid will play an undeniable role in accelerating digital transformation. The trend doesn’t seem to slow down as we enter a new phase of cloud-enabled hybrid work. The move to a cloud environment, however, brings new challenges in terms of security, in an environment where cyber threats are on the rise, the lack of IT skills is intensifying and innovation projects are should move faster. The pressure on IT professionals (Editor’s note: Information technology) and security only increases with the number of factors influencing the success of a migration. This is where automation and visibility in the cloud environment are absolutely necessary to reduce vulnerabilities and allow teams to evolve and change quickly.

Security issues

Last year, external cloud attacks rose +100% per quarter. Many questions have emerged since then about cloud security levels. However, IT teams forced to move quickly to the cloud will often choose the faster and easier way. This is the approach Lift and Shift – literally “lift and move” – ​​has grown in popularity. This approach involves taking an application, moving it to the cloud, and running it there, without any redesign, regardless of the infrastructure on which it was originally designed. Although this method is simple to implement, it creates some security issues and may hinder further digital innovation.

This simplistic approach will lead to restraint in the transition process. This affects visibility and causes SecOps teams to lose (note: Security-Operations) the ability to monitor the security status of cloud environments and the workloads (typically programs or applications) running on them. Without good data visibility, cloud infrastructure can fall victim to incorrect configurations, inefficiencies, and vulnerabilities. Therefore, IT teams should always avoid bringing applications into the cloud environment that are not designed to run there, if they want to reduce security risks and protect their IT environment.

A growing lack of skills

The lack of digital skills is increasingly palpable. Companies struggle to fill IT positions in general, and those involving cloud security in particular. So it is difficult to find professionals with enough knowledge to protect company data against increasingly frequent and sophisticated cyberattacks.

Automation has an important role to play here in strengthening the security strategy of the company. It supports security analysts and cloud security specialists, allowing them to provide greater enterprise security coverage without having to recruit a larger team. It also reduces the number of false alarms and prioritizes detected threats. DevSecOps teams (note: Development-Security-Operations) thus making more informed, accurate and quick decisions.

The role of visibility

When it comes to managing and protecting data in the cloud, visibility is key. The amount of data continues to rise, as does the complexity of IT that comes with digital innovation. In this context, it is impossible to effectively manage or analyze data without enhanced processing (such as machine learning – editor’s note: machine learning) and, of course, automation. Without visibility, data analysis and anomaly detection, SecOps teams would not be able to detect the most dangerous attacks against IT infrastructure, i.e., anonymous attacks also known as Zero Day.

Zero Day attacks are on the rise and often go unnoticed for long periods of time. With cloud visibility and machine learning, these anonymous attacks can be identified earlier because the unusual habits they generate are flagged as high-risk priority alerts. With the use of automated technologies that move away from traditional security strategies, companies are therefore better prepared for the most serious cyberattacks. Visibility is also important because, without a clear view of the environment, abnormal behavior may go unnoticed.

With the pressure to advance digital change set to continue, the strategy Lift and Shift and the burden on SecOps teams will not be lifted any time soon. It’s important for businesses to remember that moving non -native applications to a cloud environment hinders their evolution and creates more security risks. By gaining visibility and introducing automation, the pressure on SecOps teams can be relieved and the transition to the cloud will be more secure.

(Photo credit: iStock)

Article written by

Contributor

Philippe Vanhove Philippe Van Hove is Vice President EMEA South & Central of Lacework, the cloud security company. …
See his contributions

This text is published under the responsibility of its author. Its content does not in any way interact with the editorial staff of Les Echos Solutions.

Leave a Comment