While digital transformation has brought about an array of changes, paradigm shifts and benefits, one of the most impactful has been the move to the cloud. Remember the first time you logged into an application through a URL and didn’t have to download it on your hard drive? All you needed was a login and password. It was so cool and easy. No watching and hoping your new app’s executable file would launch correctly. Yes, it was great to enter the wonderful world (and era) of the cloud.
The cloud, of course, is not only great for the user and customer experience. For organizations that migrate applications to the cloud, there’s the agility it delivers, the flexibility and ability to innovate faster and more easily, the simplicity it brings to IT, the shift from a Capex to an Opex model and, of course, the cost savings (if done correctly). All good, of course, but what unfortunately happens at times is that security becomes an afterthought, with organizations taking a “We’ll get to that later” mindset. That’s never a good way to think about cybersecurity. It should always be a “Let’s ensure we take security into account each and every step of the way.”
While the following certainly doesn’t suggest that our customers have the We’ll get it to later mindset to IT security (after all, they use Radware!), we like to query them on an array of cybersecurity subjects because we always receive insightful, interesting and, perhaps most importantly, educational responses. You’ll see that this month is no different.
“What is the one thing you wish you’d have known regarding cloud security challenges prior to migrating to the cloud?”
It’s always fun and interesting to get dozens of responses and see that several responses appear over and over. In this case, there were 3 points that resurfaced time and again — the lack of security skill sets on staff, the degree to which configuration played an integral role, how APIs were affected and the lack of visibility into their cloud infrastructure and applications. Again, always interesting.
“A couple of things I wish I would have known include how little expertise we had on staff and the direct link between security setting misconfigurations and data breaches.”
“Misconfigurations of cloud security settings seem to be the leading cause of cloud data breaches. Also, I wasn’t prepared for the cloud’s lack of visibility into my applications.”
“Many of our IT personnel — me included — believed all government-related data could be shifted to the public cloud. While many governments now mandate that mainframe applications be migrated to the cloud, that doesn’t mean everything automatically can.”
“I was surprised that there was such a lack of security in the cloud in the first place.”
“There are several things I wish I would have known and could have prepared for prior to our cloud migration: we had far less security expertise on staff than I had imagined. Also, I didn’t understand the degree to which cloud server misconfigurations could open you up to data breaches; that means key data getting exposed directly to the internet.”
“I didn’t anticipate the inherent challenges related to safeguarding data security. Cloud migrations require careful and meticulous planning. Without that level of expertise and knowledge, critical data can immediately become vulnerable to attacks. It sounds elementary, but you must remember that a lot of sensitive and critical data is getting transferred. This automatically makes it vulnerable to attacks.”
“I didn’t know or understand what it would mean to the security of APIs. And misconfigurations can create multiple vulnerabilities that you may not be aware of, even if your applications are secure.”
“When you get so caught up with focusing on your application portfolio, it’s easy to push security to the side. But it needs to be carefully considered from the onset.”
“I didn’t anticipate the lack of visibility as it relates to cloud security. Also, unsecure APIs and interfaces can easily and quickly become significant cloud computing security issues and challenges. While APIs are essential for a customized cloud experience, just remember that they present a very real threat to security.”
“It’s easy to get excited about migrating to the cloud, but understand that you’ll have less visibility and control than you might imagine. You need to be aware of that and prepare for it.”
“I didn’t anticipate the lack of security skills and knowledge we had on staff. And stay mindful that many DevOps and cloud engineering teams often ‘take things into their own hands’, even though they may not have experience or even a solid understanding about cloud technology, much less how it affects security.”
“Create your cloud security plan early and definitely in tandem with everything else. It will help keep you honest and thinking about security throughout your cloud journey.”
We’re about 40 years into the Digital Revolution, and inarguably one of its most significant benefits is the migration of applications and workloads to the cloud. Of course, that doesn’t mean moving to the cloud won’t come with many challenges. Just remember this — don’t take your eyes off security. Hopefully our customers have given you things to think about prior to your cloud migration. Again, it’s what they wish they would have known.