4 Best Practices to Securing your Data while in Transit to the CloudKashif Dhatwani
A rapid increase in the adoption of cloud technologies and associated benefits has created a push in the industry to migrate workloads to popular cloud solutions to remain competitive in relevant markets. Recently, BIAS has found that more and more leading industry organizations are turning to the cloud, assessing its capabilities, and looking for ways to revolutionize their databases and applications. One common thread is the emphatic focus on security, especially within the financial, healthcare and government sectors. Because of this, many cloud providers have matured their offerings significantly.
With that in mind, I will discuss some of the core security challenges presently facing our customers, as well as key capabilities that address these challenges when migrating workloads related to databases and applications.
Core Challenges and Important Considerations
1. Evaluate the Cloud Provider
It is important to evaluate the cloud provider and their capabilities pre-migration to ensure they can meet your company’s standards, as well as industry compliance regulations (i.e. ISO and SOC). In today’s industry, this is an assurance that the cloud provider is invested in building a secure framework for their customers’ services.
2. Establish Availability of Secure Channels of Communication
During the migration, the availability of fast and secure communication channels between the currently hosted, on-premise environment and the cloud is crucial. The key to a secure migration is the presence of strong communication channels providing the highest level of encryption possible during migrations from on-premise to cloud. The migrations take form of hosted infrastructure to Infrastructure as a Service (IaaS), or migration from hosted databases and applications to Software (SaaS) or Platform as a Service (PaaS). In both cases an encrypted channel is required. The current industry standard is the TLS 1.2-based encrypted channel and organizations must use the highest level to avoid introducing any vulnerabilities.
3. Protect your Data Throughout the Migration
While we discussed encryption in transit, it is a critical requirement to also have data encrypted at rest. Most of the database services in the cloud offer this function natively, and the migration planning process should evaluate the best options to enable encryption for your data. If data at rest is encrypted at its source, the data is transmitted in an encrypted form to the cloud. there are several solutions in which data can remain encrypted end-to-end. For example, if the databases are hosted in the Infrastructure Cloud, then it is important that encryption is enabled by default in the cloud. This will allow for end-to-end encryption and helps ensure the secure migration of data.
4. Using a Key Management System
Key management systems from prime cloud providers have matured enough so that customers can now use them with confidence. This allows for the management of master and sub-keys, which can provide enhanced protection to the data and applications beyond migration. Identifying a proper key management system to manage encryption keys may be useful for not only database encryption, but also for platform and software services as well.
Final Thoughts and Recommendations
The full-scale protection of data and applications may require different approaches in order to be fully secured. But with cloud technologies maturing at rapid speeds, many cloud gurus have concluded that, when properly planned and strategized, the cloud can be more secure than an internal, on-premise data center. My recommendation is to have a holistic approach to data and application security and review your organization’s approach to building a Security Operations Center (SOC). SOCs can scale at different levels and can include solutions not only related to data security, but also include security broker technologies such as Oracle Cloud Access Security Broker (CASB) and Identity and Access Management (IAM) services in the cloud. This combination of services enables end-to-end security across all applications, platforms, and databases.
The BIAS Advantage
BIAS helps its customers build security strategies around the adoption of cloud, specifically in the context of working with guidance from NIST and SANS. BIAS has experience implementing solutions for some of the world’s leading commercial and public sector organizations, and our architects have in-depth experience in driving and assisting customers with building their cloud platforms. We guide our customers with best-of-breed solutions to build identity SOCs with built-in data security strategies and plans. Our intent is to ensure the protection of customers’ assets with solutions that not only meet current industry standards but can also be enhanced and improved continuously with the latest capabilities of Machine Learning and Artificial Intelligence. This will lead to a more complete, scalable security framework which can provide holistic data protection for our customers, their employees and their clients.
Interested in learning more? Contact us here.