Three Cloud Migration Myths Putting Organizations at Risk


November 27, 2018

Many organizations get so caught up in the promise of the cloud that they overlook the challenges associated with migrating to a new environment, and keeping it secure.

This was the topic of last month’s Cyber Tech & Risk: People in Cybersecurity discussion by Ajay Sood of Symantec, Arani Adhikari of KPMG, Marcos Santiago of TD Canada, and BlueCat’s own Andrew Wertkin.

Together, they broke down the most common cloud migration mistakes they see in the industry.

Falsehood #1: My Cloud Service Provider Will Keep Me Secure

Adhikari, who consults on cybersecurity-related projects for KPMG, told us that customers need to understand “cybersecurity as a joint responsibility for both the Cloud Service Provider (CSP) and Cloud Service Subscriber (CSS).” Those who assume a public cloud provider will comprehensively guard their network as part of their service package risk exposure to avoidable cyber incidents.

Examples of such incidents are easy to find. Some were simply caused by unsecured Amazon S3 buckets (these are like file folders, but in the cloud). The result was exposed voter and customer data at companies like FedEx, Booz Allen Hamilton, and more.

“When an Amazon S3 bucket with sensitive information is exposed, it is not due to any issue on Amazon’s front,” Adhikari explains. “It is due to the misconfiguration of settings that lead to the buckets being public–this is the subscriber organization’s responsibility.”

While Amazon has taken steps to help clients better manage settings on their own end, organizations are not off the hook. Adhikari reminds attendees that organizations are “still responsible for hardening the operating system they host, making sure that the hosted applications are securely deployed, conducting vulnerability assessments on them, etc.” Organizational cloud migration strategies ought to take this into account.

Falsehood #2: The Cloud is an Extension of my Network

During the panel, Wertkin cautioned that the cloud environment – and hybrid cloud environment – is a completely different landscape from the traditional data center. It needs to be treated that way, too. “You’re not in your firewall anymore,” he said. “There’s not a boundary. We’re removing the border between internet and intranet in many, many cases.”

Consider this: DNS queries which come in from the cloud typically get privileged access to the network. Only, there’s no rigorous pre-check for them. The moment those queries enter the corporate network, they’re left to act unchecked. This is because enterprises often build their networks in an ad hoc, decentralized way. That inhibits visibility and control over internal queries in any at-scale, meaningful way.

To build a backdoor between internet and intranet requires a more secure migration plan, you need resilient network architecture (see: Adaptive DNS for cloud). It just isn’t cautious to treat the cloud like a simple additional server on the network.

Falsehood #3: Cloud is Cheaper

Ajay Sood noted that moving applications to the cloud, and data to the cloud, is “a never-ending journey.” While cloud platforms don’t come with the same expense spikes that traditional IT infrastructure demands every few years, it isn’t free of cost guesswork and risk.

“Looking at the number of applications we have now, can we predict where they will be in five or ten years? Every time you need a new application, or any time there’s a new piece of technology, new protocol, or new way of interfacing with your customers or your workers, you’re going to have to adopt that in the cloud. What people don’t often recognize is that the dynamic nature of cloud applications means increased complexity, and it’s also getting more expensive.”

This expanded cost consideration also applies to cybersecurity in the cloud. It isn’t just a CSP’s responsibility. Cloud security isn’t same as on premise security. Securing the sprawling compute in there requires additional budget.

Closing Suggestions

Moving to the cloud isn’t a prerogative, it’s a responsibility. One that requires thoughtful planning and execution. Cybersecurity incidents can occur when network infrastructure becomes disjointed, responsibility for security is fragmented, and long-term funding is absent. Before deciding that applications and services belong in cloud infrastructure, triple-check those factors to ensure they can support your cloud initiative through its lifetime. 

As cloud computing becomes a better understood technology, keep abreast of additional developments in the space. According to Gartner at a recent conference, factors that also need to be considered in a cloud migration (besides cost) include: availability of talent to administer a cloud infrastructure in the context of a likely-diverse environment, organizational politics involved in managing that environment. Learn more about getting your DNS ready for the cloud here.

Published in:

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more