{"id":2469,"date":"2018-10-22T11:00:55","date_gmt":"2018-10-22T11:00:55","guid":{"rendered":"https:\/\/devbloglavaprotocols.nityo.in\/what-you-need-to-know-about-security-before-migrating-to-the-cloud\/"},"modified":"2018-10-22T11:00:55","modified_gmt":"2018-10-22T11:00:55","slug":"what-you-need-to-know-about-security-before-migrating-to-the-cloud","status":"publish","type":"post","link":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/what-you-need-to-know-about-security-before-migrating-to-the-cloud\/","title":{"rendered":"What You Need to Know about Security Before Migrating to the Cloud"},"content":{"rendered":"<div style=\"margin-top: 0px; margin-bottom: 0px;\" class=\"sharethis-inline-share-buttons\" ><\/div><div class=\"article-meta__author-name\">\n <em><strong>By Maya Kaczorowski, Product Manager, Google Cloud<\/strong><\/em>\n<\/div>\n<p><!--more--><\/p>\n<div><\/div>\n<div>\n<div class=\"module--text h-c-page\">\n<div class=\"h-c-grid\">\n<div class=\"uni-paragraph h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6 h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3\">\n<div class=\"rich-text\">\n<p>Earlier this year, McKinsey released a report titled \u201c<a href=\"https:\/\/cloudplatformonline.com\/how-it-security-is-changing.html?utm_source=blogs&#038;utm_medium=gcpblog&#038;utm_campaign=2018-18q1-gc-cc-secure-googlecloud-direct-google-leadgen-mckinseysecurityreport&#038;utm_term=asset&#038;utm_content=mckinseysecurityreport\" target=\"_blank\" rel=\"noopener\">Making a secure transition to the public cloud<\/a>,\u201d the result of interviews with IT security experts from nearly 100 enterprises around the world.<\/p>\n<p>Leveraging the expertise of Google Cloud and McKinsey security experts, the research presents a strategic framework for IT security on cloud and hybrid environments, and provides recommendations on how to <a href=\"https:\/\/lavaprotocols.com\/2018\/02\/13\/data-migration-marketing-automation-similar-moving-partner\/\" target=\"_blank\" rel=\"noopener\">migrate to the cloud<\/a> while keeping <a href=\"https:\/\/lavaprotocols.com\/2016\/04\/19\/cloud-security-secured-not\/\" target=\"_blank\" rel=\"noopener\">security<\/a> top of mind.<\/p>\n<p>The research shows what many already know: that <a href=\"https:\/\/lavaprotocols.com\/2015\/10\/28\/why-public-cloud-is-inherently-more-secure\/\" target=\"_blank\" rel=\"noopener\">public cloud adoption<\/a> is accelerating thanks to increased technical flexibility, simpler scaling, and lower operating costs.<\/p>\n<p>What\u2019s exciting is that the research also reveals that many Chief Information Security Officers (CISOs) no longer view security as an inhibitor to adoption but instead an opportunity\u2014\u201cIn many cases [CISOs] acknowledge that cloud service providers\u2019 security resources dwarf their own,\u201d the authors write\u2014and now these companies are focused on how to best adopt and configure cloud services for increased security.<\/p>\n<p>\u00a0<\/p>\n<h3><strong>When implemented properly, public-cloud adoption can significantly reduce the total cost of ownership (TCO) for IT security.<\/strong><\/h3>\n<p>This requires enterprises, cloud providers, and third-party service providers to work together collaboratively and transparently within a shared security model.<\/p>\n<p>Google Cloud has long believed in creating trust through transparency, previously releasing a detailed overview of its\u00a0<a href=\"https:\/\/cloud.google.com\/security\/security-design\/\" target=\"_blank\" rel=\"noopener\">infrastructure security<\/a>, explaining\u00a0<a href=\"https:\/\/youtu.be\/O-JXFQezWOc?t=9m5s\" target=\"_blank\" rel=\"noopener\">their shared responsibility model<\/a>, and how they already protect users and customers at the lower layers of the stack\u2014and Google is thrilled to see McKinsey\u2019s detailed <strong>endorsement of the same approach.<br \/> <\/strong><\/p>\n<p><strong>Related<\/strong>:\u00a0<a href=\"https:\/\/lavaprotocols.com\/2016\/04\/19\/cloud-security-secured-not\/\" target=\"_blank\" rel=\"noopener\">Cloud Security: So are we secured (or not)?<\/a><\/p>\n<p>\u00a0<\/p>\n<h3><strong>Common security approaches, and their trade-offs<\/strong>.<\/h3>\n<p>Every company has different IT needs, but the report found two common security decisions companies take when adopting cloud services:<\/p>\n<p>(1) defining the perimeter, and<\/p>\n<p>(2) deciding whether to re-architect applications for greater manageability, performance, and security on the cloud (interestingly, only 27% of companies surveyed actually do this\u2014change is hard).<\/p>\n<p>The research identifies three common archetypes for perimeter security: backhauling, cleansheeting, and adopting cloud provider controls by default.<\/p>\n<ul>\n<li><b>Backhauling<\/b>\u00a0allows companies to continue managing IT security on-prem, with an external gateway connecting the data centre to the public cloud. Approximately half of the companies surveyed currently use this model, but only 11% plan to continue doing so, since it can keep companies from realizing certain cloud benefits, such as agility.<\/li>\n<li><b>Cleansheeting<\/b>\u00a0requires greater investment and expertise, as it calls for redesigning IT security around a \u201cvirtual perimeter\u201d and leveraging multiple cloud-native tools and services.<\/li>\n<li><b>Using cloud provider controls<\/b>\u00a0is the most cost-effective solution, but\u2014depending on the cloud provider\u2014can limit autonomy and may offer limited capabilities.<\/li>\n<\/ul>\n<p>McKinsey uses these three models, along with the decision to re-architect applications for the cloud, to identify six \u201carchetypes\u201d for cloud security. Each archetype has its own tradeoffs:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"article-module h-c-page\">\n<div class=\"h-c-grid\">\n<figure class=\"article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 \">\n    <img decoding=\"async\" loading=\"lazy\" class=\"aligncenter\" src=\"https:\/\/4843500.fs1.hubspotusercontent-na1.net\/hubfs\/4843500\/Imported_Blog_Media\/mckinsey-1_max-1000x1000.png\" alt=\"security on the cloud\" width=\"1000\" height=\"797\" data-recalc-dims=\"1\"><br \/>\n   <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"module--text h-c-page\">\n<div class=\"h-c-grid\">\n<div class=\"uni-paragraph h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6 h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3\">\n<div class=\"rich-text\">\n<p>There isn\u2019t a \u201cright answer\u201d for security when making a move to the cloud\u2014it depends on your company\u2019s expertise, flexibility, and cost decisions.<\/p>\n<p>And, you don\u2019t have to use only one archetype. For example, Evernote describes in their\u00a0<a href=\"https:\/\/blog.evernote.com\/tech\/2017\/02\/08\/part-2-protecting-customer-data-gcp\/\" target=\"_blank\" rel=\"noopener\">migration story to Google Cloud Platform<\/a>:<\/p>\n<p><i>\u201cFor most of our controls we found an equivalent, cloud platform version. For data encryption at rest, we gained a security control that we hadn\u2019t engineered on our own. For some controls, like IP whitelisting, we had to adapt our security architecture to not rely on traditional network controls.\u201d<\/i><\/p>\n<p>\u2014\u00a0Rich Tener, Director of Security, Evernote<\/p>\n<p>\u00a0<\/p>\n<h3><strong>The economics of security on the cloud.<\/strong><\/h3>\n<p>Relying on cloud service provider security controls is \u201cthe most cost-effective approach,\u201d the authors write.<\/p>\n<p>\u201cAs organizations move more and more applications to the public cloud and lean towards using native CSP controls, a decrease in security operating and capex costs is likely.\u201d<\/p>\n<p>Eighty percent of companies that choose to rely primarily on the cloud provider\u2019s controls and re-architect their applications in parallel see cost savings.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"article-module h-c-page\">\n<div class=\"h-c-grid\">\n<figure class=\"article-image--large h-c-grid__col h-c-grid__col--6 h-c-grid__col--offset-3 \">\n    <img decoding=\"async\" loading=\"lazy\" class=\"aligncenter\" src=\"https:\/\/4843500.fs1.hubspotusercontent-na1.net\/hubfs\/4843500\/Imported_Blog_Media\/mckinsey-image-3_max-1000x1000.png\" alt=\"security on the cloud\" width=\"1000\" height=\"718\" data-recalc-dims=\"1\"><br \/>\n   <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"module--text h-c-page\">\n<div class=\"h-c-grid\">\n<div class=\"uni-paragraph h-c-grid__col h-c-grid__col--8 h-c-grid__col-m--6 h-c-grid__col-l--6 h-c-grid__col--offset-2 h-c-grid__col-m--offset-3 h-c-grid__col-l--offset-3\">\n<div class=\"rich-text\">\n<p>So, if you\u2019re planning a cloud migration, where should you focus your security efforts? McKinsey asked respondents about their approach to applying cloud security controls in several areas to find out what companies are doing:<\/p>\n<ul>\n<li><b>Identity &#038; access management (IAM<\/b>): 60% of enterprises are using on-premises IAM solutions; in just three years respondents expect that number to be cut in half. Google provides a tool called\u00a0<a href=\"https:\/\/tools.google.com\/dlpage\/dirsync\/\" target=\"_blank\" rel=\"noopener\">Google Cloud Directory Sync<\/a>, which helps users bring existing identities to Google Cloud and manage cloud permissions natively with\u00a0<a href=\"https:\/\/cloud.google.com\/iam\/docs\/overview\" target=\"_blank\" rel=\"noopener\">IAM<\/a>.<\/li>\n<li><b>Encryption<\/b>: The majority of respondents encrypt data both at rest and in transit\u2014and even more (upwards of 80% in both categories) will do so three years from now. Google Cloud already\u00a0<a href=\"https:\/\/cloud.google.com\/security\/encryption-at-rest\/default-encryption\/\" target=\"_blank\" rel=\"noopener\">encrypts data at rest by default<\/a>, and\u00a0<a href=\"https:\/\/cloud.google.com\/security\/encryption-in-transit\/\" target=\"_blank\" rel=\"noopener\">in transit<\/a>\u00a0when it crosses a physical boundary.<\/li>\n<li><b>Perimeter security<\/b>: Today, 40% of enterprises are backhauling data traffic and using existing on-premises network security controls\u2014but that will decrease, with only 13% expecting to be using the same approach in 3 years. To help enterprises make the move to cloud-based perimeter control, Google Cloud lets users connect to their on-premises environment using\u00a0<a href=\"https:\/\/cloud.google.com\/interconnect\/\" target=\"_blank\" rel=\"noopener\">Dedicated Interconnect, an IPsec VPN tunnel, direct peering or carrier peering<\/a>. Google Cloud users can also control their perimeter with a\u00a0<a href=\"https:\/\/cloud.google.com\/vpc\/\" target=\"_blank\" rel=\"noopener\">Virtual Private Cloud (VPC)<\/a>.<\/li>\n<li><b>Application security<\/b>: 65% of respondents define security configuration standards for cloud-based applications, but less than 20% are using tools or template-based enforcement. To address this, Google Cloud offers\u00a0<a href=\"https:\/\/cloud.google.com\/security-scanner\/\" target=\"_blank\" rel=\"noopener\">Cloud Security Scanner<\/a>, an automated way to scan apps for common vulnerabilities.<\/li>\n<li><b>Operational monitoring<\/b>: 64% of respondents use existing SIEM tools to monitor cloud applications rather than creating a new set for the cloud. Google Cloud users can\u00a0<a href=\"https:\/\/cloud.google.com\/logging\/docs\/export\/\" target=\"_blank\" rel=\"noopener\">export logs<\/a>\u00a0from Stackdriver to the SIEM of their choice.<\/li>\n<li><b>Server-side endpoints<\/b>: 51% of respondents have a high level of confidence in their cloud service provider\u2019s approach to server-side endpoint security. Google Cloud customers can use a variety of\u00a0<a href=\"https:\/\/cloud.google.com\/security\/partners\/\" target=\"_blank\" rel=\"noopener\">partner tools<\/a>\u00a0for endpoint security.<\/li>\n<li><b>User endpoints<\/b>: 70% of respondents believe that public-cloud adoption will require changes to user endpoints. Google created the\u00a0<a href=\"https:\/\/cloud.google.com\/beyondcorp\/\" target=\"_blank\" rel=\"noopener\">BeyondCorp<\/a>\u00a0enterprise security model to allow its employees to work from anywhere, and our customers can do the same with\u00a0<a href=\"https:\/\/cloud.google.com\/iap\/\" target=\"_blank\" rel=\"noopener\">Identity Aware Proxy<\/a>. In addition,\u00a0<a href=\"https:\/\/support.google.com\/chromebook\/answer\/3438631?hl=en\" target=\"_blank\" rel=\"noopener\">Chromebooks<\/a>\u00a0provide automatic software updates, and run applications in a restricted sandbox.<\/li>\n<li><b>Regulatory governance<\/b>: When adopting public cloud, companies must navigate governance and compliance requirements, with data location and financial regulations topping respondents\u2019 list of concerns. Google Cloud has a broad spectrum of\u00a0<a href=\"https:\/\/cloud.google.com\/security\/compliance\" target=\"_blank\" rel=\"noopener\">compliance<\/a>, including PCI, SOX, and HIPAA.<\/li>\n<\/ul>\n<p>\u00a0<br \/> <span style=\"font-weight: 400;\"><a href=\"https:\/\/www.blog.google\/products\/google-cloud\/new-research-how-evolve-your-security-cloud\/\" target=\"_blank\" rel=\"noopener\">Article<\/a> first appeared on the Salesforce blog.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Lava is an <\/span><\/i><a href=\"https:\/\/lavaprotocols.com\/crm\/\"><i><span style=\"font-weight: 400;\">authorised Salesforce Partner <\/span><\/i><\/a><i><span style=\"font-weight: 400;\">in Malaysia and has more than a decade of experience in cloud solutions which includes marketing automation, CRM implementation, change management, and consultation. We pride ourselves in not just being a CRM partner but in also understanding the needs of our customers and taking their business to the next level.<\/span><\/i><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<p><span class=\"et_bloom_bottom_trigger\"><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article is based on a research that looks at the strategic framework for IT security on the cloud and hybrid environments and provides recommendations.<\/p>\n","protected":false},"author":1,"featured_media":2470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[18],"class_list":["post-2469","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-blog"],"jetpack_featured_media_url":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-content\/uploads\/2024\/10\/LPOct_19102018.jpg","_links":{"self":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/posts\/2469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/comments?post=2469"}],"version-history":[{"count":0,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/posts\/2469\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/media\/2470"}],"wp:attachment":[{"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/media?parent=2469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/categories?post=2469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/wp-json\/wp\/v2\/tags?post=2469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}