Dangers in the Cloud – When Remote Work Migrations are Rushed
For several years now the world has been steering enterprises to the cloud, and the trend is only growing. The cloud is marketed as a utopia that will free you of all the problems that plague you currently in your on-prem world. There are so many reasons to move to the cloud, such as the elimination of capital expenditures and product life cycles. Other benefits include predictable budgeting models, limitless scalability, reduced operating costs, and simplified management. If these are not enticing enough, then the recent pandemic was a supreme motivator. For SMBs that have lagged in this cloud transformational trend, the worry is that their competitors are gaining advantages over them, and as a result, many SMBs are now hastening to catch up.
This motivation and pressure to move to the cloud is why so many companies have immersed themselves in cloud migrations. To the cloud’s credit, many are reaping benefits from their migrations. For many large companies, the cloud has proved so beneficial that they have adapted multiple clouds, creating complex hybrid clouds. It’s no wonder why those that are late to the game may feel left out.
Moving to the Cloud Isn’t Easy
Anyone who has ever moved their household to a new residence knows that moving isn’t fun. There’s always a lot more work than first anticipated, and unexpected costs seem to always arise. On top of that, something always gets broken or lost and family members sometimes must live in transitionary spaces. Moving anything to another destination isn’t easy. That includes moving to the cloud. Look around your data center, it wasn’t built overnight, and your cloud migration isn’t going to happen overnight either.
The Myth of Lift and Shift
We often hear the phrase ‘lift and shift’ when it comes to cloud migrations. The term is used to describe applications that require minimal rearchitecting and can quickly be moved. This is true for newer and off-the-shelf applications. The closer the applications and their data are to one another, the easier it is to collectively move them together. Often though, lift and shift is but an allegorical mantra as many enterprises utilize customized applications while older applications often lack ample documentation or personnel that can support it.
According to a published survey, 73% of cloud migration projects take a year or longer to complete. Ninety-six percent of the survey respondents reported that moving applications to the cloud took more time and money than they expected. Sixty-two percent cited that the projects were more challenging than expected. One of the key reasons why enterprises underestimate the time involved in a cloud migration is that they forget about all the underlying services and interdependencies that support the application. Similarly to moving a family from one location to another residence, and thus moving their habitat with them, when you migrate an application to the cloud, you are moving its entire ecosphere as well. Enterprises must conduct assessments that map out these underlying services and interdependencies to avoid costly disruptions and troubleshooting efforts for a newly migrated application.
The Cloud Often Requires Specialized Personnel
The cloud is a different beast than the traditional on-prem datacenter. A simple process such as authenticating a user for instance is performed using different protocols in the cloud. While any new technology can be mastered, there is often a steep learning curve that must be overcome. That’s why it is important to attain the assistance of outside specialists that can help reduce the migration windows and ensure there aren’t any “gotchas” or unanticipated risk factors that can result in costly disruptions.
The Cloud Doesn’t Mean its Secure
There is a misconception out there that enterprises don’t have to worry about security as much when applications are in the cloud. The SolarWinds attack nearly a year ago showed us how vulnerable cloud-dependent organizations are. Just last October, Microsoft warned that Russia state-sponsored hackers are specifically targeting cloud service providers and supply chain vendors. The reason is simple: a hacker can leverage a single attack on a cloud provider to target multiple organizations. The fact is that cloud ecospheres are just as vulnerable to the same common types of cyberattacks as your traditional LAN environment.
It’s important to understand how cloud security is allocated. The cloud provider is not singularly responsible for the security of digital assets. Cloud providers implement a shared responsibility model that defines the responsibilities for both themselves and their customers. For instance, data encryption and integrity fall under the jurisdiction of the customer. Companies need to have written security strategies and policies that pertain specifically to the cloud to secure their environments. They also need to have a well-planned out and rehearsed cloud incident response plan pertaining to the cloud as well.
Securing the Cloud Requires New Tools and Personnel
One of the most critical elements that is required to secure an environment is visibility. It is difficult to secure what you cannot see. This became evident in 2020 when companies hastily implemented their remote work strategies in response to the pandemic. The number of cyberattacks increased significantly as internal IT and cybersecurity teams lost visibility into their employees’ workspaces. Companies were forced to revamp their cybersecurity strategies to adjust to this new remote world. Risks can be greater in the cloud as well due to its distance, lack of visibility, and the fact that your personnel aren’t there. Legacy security tools that may have been adequate in a limited on-prem environment are often inadequate for complex hybrid architectures and extended IT estates. The necessity to predict and identify cybersecurity threats in a distant cloud ecosphere requires new tools such as AI and Security Operation Centers. A managed Security Operations Center (SOC) can be especially valuable to SMBs that often lack the internal staff to actively monitor and remediate security incidents.
Conclusion
There is no doubt that there are significant advantages to migrating your digital assets to the cloud. While the decision to do so may be an easy one, the actual process of doing it is not. There are many inherent risks in transferring applications, services, and data to the cloud. Many of these risks are in the form of security gaps that must be addressed beforehand. Acquiring the services of a specialized team that is experienced in cloud migration and securitizing cloud environments can pay huge dividends that raise the ROI of the project. Moreover, the addition of SOC infrastructure can provide the insights and preventive actions necessary to secure your new environment. The cloud can be a great destination for you, just don’t do it in haste.