THANK YOU FOR SUBSCRIBING

Using Cloud Migration As Security Opportunity
By CYRIL SEGRETAIN, INFORMATION SECURITY OFFICER EUROPE, UNIQLO


CYRIL SEGRETAIN, INFORMATION SECURITY OFFICER EUROPE, UNIQLO
The multiplication of public and private cloud and solutions as a service such as SaaS, PaaS and IaaS answers a new trend to use external hosting providers and suppliers for applications. Most of the companies now use multiple cloud providers and solutions for their core business or support applications. Either cloud brought them new project and usage, or just a simple way to migrate existing applications to a cheaper hosting solution with great performance.
Migration to the Cloud is a real opportunity for Information Security departments and I feel that we can include ourselves directly in the migration project and review the security by design of the legacy application. The exact legacy application that we would never have been allowed to understand the windings and security only because “it works”. Moving this application to the Cloud is a good opportunity to change this to “it works, and it is secure” by understanding risks and reducing them.
Building a Cloud project management methodology will enable companies to introduce security by design and start the security by default for the next projects.
As Information Security professionals, we need to be proactive on understanding Cloud technologies and their security. Cloud solutions were built to answer most of the problematics of their customers, so they often include security tools or capabilities. Enabling and using the embedded security in the Cloud solutions might already raise the security maturity of the company and answer to some main business risks such as resilience.
If security, instead of being an obstacle in application development and deployment, becomes a driving force for Cloud migration and implementation, there will be a possibility to review the global architecture to adapt it to the Cloud by including security and performance at the same time. And your company will be able to present a more secure and efficient product to your customers based on these enhancements.
Legacy systems can be a real problem for companies as they need to be maintained for a very specific business purpose that tends to accept all risks linked to discovered vulnerabilities or depreciation. Migrating these systems to a Cloud solution will help covering new vulnerabilities in a more timely manner and limit technical depreciation.
But the ease of access and use of Cloud technologies brings an important risk around shadow IT where applications and systems are neither secured nor known by the Information Security department of your company. With any incident on these specific unknown systems, such liabilities will only be noticed when impacts are no longer acceptable. Using Cloud solutions in a company needs to be driven to avoid shadow solutions and unidentified risks.
Cloud solutions are still new and constantly changing, therefore risks linked to these technologies need to be assessed. Indeed, Cloud is used to transfer some availability and material risks to the Cloud provider. Risk analysis must be performed on Cloud systems to implement security and define clear scopes of responsibility of different stakeholders.
The growing use of Cloud solutions and platforms is a great opportunity for every company to include information security by design, but it needs to be framed by a risk analysis to define responsibilities and security needs.
As Information Security professionals, we need to be proactive on understanding Cloud technologies and their security. Cloud solutions were built to answer most of the problematics of their customers, so they often include security tools or capabilities. Enabling and using the embedded security in the Cloud solutions might already raise the security maturity of the company and answer to some main business risks such as resilience.
If security, instead of being an obstacle in application development and deployment, becomes a driving force for Cloud migration and implementation, there will be a possibility to review the global architecture to adapt it to the Cloud by including security and performance at the same time. And your company will be able to present a more secure and efficient product to your customers based on these enhancements.
Legacy systems can be a real problem for companies as they need to be maintained for a very specific business purpose that tends to accept all risks linked to discovered vulnerabilities or depreciation. Migrating these systems to a Cloud solution will help covering new vulnerabilities in a more timely manner and limit technical depreciation.
But the ease of access and use of Cloud technologies brings an important risk around shadow IT where applications and systems are neither secured nor known by the Information Security department of your company. With any incident on these specific unknown systems, such liabilities will only be noticed when impacts are no longer acceptable. Using Cloud solutions in a company needs to be driven to avoid shadow solutions and unidentified risks.
Cloud solutions are still new and constantly changing, therefore risks linked to these technologies need to be assessed. Indeed, Cloud is used to transfer some availability and material risks to the Cloud provider. Risk analysis must be performed on Cloud systems to implement security and define clear scopes of responsibility of different stakeholders.
The growing use of Cloud solutions and platforms is a great opportunity for every company to include information security by design, but it needs to be framed by a risk analysis to define responsibilities and security needs.
Weekly Brief
Read Also
Follow the Money as Roadmap for Data Analytics
Hiek van der Scheer, Chief Analytics Officer, Aegon
How CERN has embraced and navigated the recruitment software maze
Anna Cook, Deputy Group Leader – Talent Acquisition, CERN [NASDAQ: CERN]
Key to AN Effective RCM: Collaborate with Payers
Sheila Augustine, Director of Patient Financial Services, Nebraska Medicine
Vulnerability Management- Thinking Beyond Patching and Software Vulnerabilities
Brad Waisanen, Vice President, Information Security at TTI
Rethinking Change Management
Viviane Minden, MBA, Change Management & Communications Head, Enterprise Operations Simplification, Novartis [SWX: NOVN]
ABM - Is that really what this is all about?
Uwe Seebacher, Author for B2B Marketing and Predictive Intelligence, Marketing and Management Professional, Professor, Executive Advisor, Andritz [WBAG: ANDR]

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info