Security is the leading challenge faced during cloud migration, say 60% of all IT and security professionals. This security crisis is largely due to the lack of clarity on the responsibility of ensuring secure migrations.
In a recent report titled ‘Reducing Risk in Cloud Migrations’, based on a survey by Centrify, access control to cloud service administrative accounts has been touted by 71% of the respondents as being the most critical issue during migration to the cloud. But only 53% of organizations are securing access to the workloads they have already moved to the cloud. An alarmingly high 60% of organizations inappropriately rely on the cloud provider for being responsible for secure access control.
The survey recorded responses of over 700 professionals from the United States, Canada, and the UK from across 50 verticals, which include technology, finance, education, government, and healthcare. Every firm needs to conduct an honest assessment of how they can make cloud migrations more secure by clearly identifying where the onus of keeping it secure, lies. The biggest challenge during cloud migration still remains the security crisis, winning by a wide margin of 60%.
Reducing time-to-market is one of the primary catalysts driving cloud migrations. This makes it imperative for organizations to build security systems and policies into their cloud initiatives.
The two significant factors driving cloud migration today, the respondents said, were – improved speed of IT services delivery (65%) and lowered total cost of ownership (54). Additional factors include increased competitiveness (17%), outsourcing IT functions that don’t create competitive differentiation (22%), and greater flexibility in responding to the market changes (40%).
The cost of migration (35%) and the lack of expertise (30%) also remain significant impediments to the success of cloud migration projects. Organizations are facing constant time and financial constraints on the road to achieving cloud migrations on schedule to support the time-to-market initiatives. Businesses can’t afford the lost time and expense of a successful or an attempted breach impeding the cloud migration progress. Most companies wrongly believe that cloud service providers provide complete protection. In reality, very often service providers lack the scale to adequately address the more complex, challenging areas of IAM and Privileged Access Management (PAM) in multi-cloud or hybrid environments.
The three initial steps that will set the foundation for implementing least privilege access are
- Implementing a standard security model in the hybrid, cloud and on-premises environments
- Migrating cloud instances securely started with Multi-Factor Authentication (MFA)
- Deploying a standard privileged access control security model equivalent to on-premises and cloud systems.
- Utilizing enterprise directory accounts for advanced privileged access.
The way to move ahead securely is to acknowledge that privileged access to cloud environments is not the responsibility of the cloud provider. Firms need to adopt a modern approach to Privileged Access Management that enforces the least privilege, prioritizing the “just enough, just-in-time” access. It is essential to employ a standard security model across cloud, on-premises, and hybrid environments. Modernizing the security approach to allow securing access to cloud environments is the way forward where firms don’t need to re-invent the wheel. Best practices from securing on-premises workloads and data centers can often be successful in securing privileged access in hybrid and cloud environments.