How to mitigate risks during cloud migration
03 mins read
There are clear benefits to cloud migration, but are businesses blind to the risks that could tarnish their reputation?
More and more businesses are moving to the cloud. It’s hardly surprising considering cloud adoption promises simple and affordable access to data, all while removing the responsibility of storing sensitive information on-site. The cloud enables mobility, which has become invaluable to businesses, providing instant access to vital data, anywhere and anytime. Yet evidence suggests businesses excited by the benefits of cloud adoption might also be blind to the risks.
ManageEngine’s 2017 industry survey, which explored UK-based IT professionals' outlook on cybersecurity and the cloud, revealed an uptake in cloud adoption. 87% of UK companies had an enterprise cloud strategy in place at the time, while 40% had adopted a hybrid cloud strategy. A further 26% had taken a public cloud approach.
The uptake is even evident among small and medium-sized enterprises, despite the general assumption that cloud solutions are costly and therefore more feasible for larger organisations. Across the board, respondents to the ManageEngine survey believed that cloud adoption is beneficial for the bottom line and that it smooths cross-departmental processes by strengthening relations between the IT team and the wider business. Seventy percent of survey respondents claimed to have experienced these impacts in their own business.
The security blind spot
Given that almost half of survey respondents reported that they install security updates and patches rarely, only occasionally, or never at all, it’s easy to wonder whether organisations have realistically considered security in the process of migrating to the cloud. This should come as something of a revelation in the wake of countless cyber attacks on businesses of varying size and stature.
The ManageEngine survey revealed that 50% of IT decision makers said both IT security and Internet security were going to be their top IT challenges for the next 12 months. This suggests that the security capabilities of the adopted cloud solutions may not have been considered prior to their implementation, or that the chosen solutions are not being fully utilized when it comes to bolstering security.
Could it be that businesses migrating to the cloud expect their security fears to be addressed through cloud adoption? In terms of reputational damage, operating under this assumption could be disastrous. While a cloud services provider will have its own data security measures in place, it's foolish to assume cloud vendors will be in total control of their customers' data.
Mitigating the risk
Businesses migrating to the cloud must still shoulder the responsibility of handling their own data. Under the freshly-launched GDPR, the consequences of a data breach could be catastrophic; any business found to be subject to a data breach can be fined up to €20 million, or four percent of its annual global turnover – whichever is higher. Beyond the financial penalties, the reputational fallout from a breach could see a business' existing and potential customers dissuaded from trusting that company with their data.
So how can organisations embrace the cloud without risking their reputation? Those opting to move their infrastructure to the cloud should ensure their vendor's hosting facilities comply with global security standards. This means the vendor has strong physical and network security practices in place and stringent people processes. Common security certifications to look out for while choosing a cloud provider include ISO/IEC 27001, SOC2, and SAS, although these certifications vary by geography.
Any cloud vendor that implements these measures should also be able to guide their customers in handling best practices related to data accessible on the cloud. With internal and external risks covered, businesses can fully reap the benefits of cloud adoption.
This article was originally published in Datacenter Dynamics.
About the author
Kumaravel Ramakrishnan, Director of marketing
Kumaravel Ramakrishnan has over a decade of experience in IT, mostly in ITSM. He loves interacting with ITSM professionals, and is a regular speaker at ManageEngine conferences and industry events. When not fretting about leads and revenue at ManageEngine, Kumar has his hands so full with his two kids that he's almost given up cooking bizarre dishes and trying to find the next Google in the Indian stock market. What he's never stopped doing is buying books, and those books have never stopped piling up waiting to be read!