What Worries Enterprise CISOs When Migrating to the Cloud

by Roark Pollock

February 18, 2019

access_time 7 min read


Migrating to the cloud offers a number of advantages to enterprise organizations that CISOs really like, but there are real security issues that make switching over to a cloud environment worrisome.

In fact, IDC customers in a recent survey said they expect about 50% of their public cloud applications will move to private cloud or on-premises infrastructures over the next 2 years, with security issues driving about 19% of that move, performance issues 14%, and cost issues 12%.
IDC: Increased Services, Pullback From Public Clouds Huge IT Disrupters

CISOs want and obviously aren’t getting continuous insight into their cloud environments. They need a way to monitor and measure risk and maintain confidence that they have the proper security controls in place.

Increased Security Risks

Migration to the cloud means using managed IT services and many believe this means relinquishing a high level of visibility and control. Although the top cloud providers use the latest security technology and file encryption, even the most up to date systems can fail and expose your sensitive data to the world.

In reality, cloud environments are subject to similar cyber threats as private enterprise data centers. However, the cloud is becoming a more attractive target due to the significant amount of data that has been stored on servers in the cloud.

Attackers know that enterprises are slowly migrating to the cloud, and they are already targeting cloud environments. And those CISOs who make IT decisions should not assume that their data when stored off-premise is more difficult for cyber criminals to acquire.

There continues to be increases in application attacks against deployments in the cloud. And there are increases in attack frequency on organizations that store their infrastructure in the cloud.

The Cloud is a Jackpot

With the shifting of valuable data, production workloads, and applications to cloud environments these revelations should not come as a surprise. Hackers, like everyone else, have a limited amount of time to complete their job. They want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are largely considered that fruit bearing jackpot.

Unfortunately, there is a misconception within organizations and even CISOs about security. A number of enterprise CISOs are under the impression that once a cloud migration has taken place then the cloud company is completely responsible for the security of their data.

Security in the Cloud Needs to be a Shared Responsibility

“The key to protecting your critical data is being knowledgeable about how and where along the ‘cyber kill chain’ attackers infiltrate systems and to employ the right security and visibility tools, practices and resource investment to combat them.”

All organizations must take responsibility for the security of their data whether it is hosted in house or in the cloud. This responsibility cannot be completely abdicated to a cloud company. If your organization suffers from a data breach while using cloud management services, it is unlikely that you will be able to evade responsibility.

It is essential that every organization fully understands the environment and the risks that are associated with cloud management. There can be myriad legal, financial, commercial, and compliance risks. Before migrating to the cloud be sure to scrutinize contracts so that the supplier’s liability is fully understood if a data breach is to occur.

The key to protecting your critical data is being knowledgeable about how and where along the ‘cyber kill chain’ attackers infiltrate systems and to employ the right security and visibility tools, practices and resource investment to combat them.

Cloud Security and Visibility is the Key

Whether you are using cloud management services or are hosting your own infrastructure, you need security and visibility within your environment. If you are considering the migration of part — or all — of your environment to the cloud, then this is essential.

After a cloud migration has taken place you can rely on this security and visibility foundation to monitor each user, device, application, and network activity for potential risks and possible threats. Thus, the administration of your infrastructure becomes that much more effective.

Don’t let your cloud migration result in weakened security and incomplete compliance. Ziften can help maintain cloud security and visibility for your existing cloud deployments, or upcoming cloud migrations.

Learn more about how enterprises can maintain cloud security and visibility: https://ziften.com/cloud-visibility-and-security/.