Top 5 Security Factors to Consider When Moving to the Cloud

Tags

Security Cloud

22 January 2020

3 min read

IBM Acquires HashiCorp to Power Hybrid Cloud Innovation

Accelerate automation and security across multi-cloud environments.

 Learn more

Author

IBM Cloud Team

IBM Cloud

While organizations continue to move more mission critical applications and workloads to the cloud, security remains a top concern for IT, cybersecurity, and business decision-makers.

According to the 2019 Cloud Security Report, 93% of cybersecurity professionals are either extremely or moderately concerned about cloud security. Nearly 30% said they experienced a public cloud-related incident in the last 12 months. Top security issues are data loss, data privacy, compliance, accidental exposure of credentials, and data sovereignty.

The level of concern about cloud security is not surprising. With more applications and data moving to the cloud, the impact of a security breach can be devastating. The average cost of a data breach is now USD 3.92 million, per the 2019 Cost of a Data Breach Report by the Ponemon Institute.

The good news, however, is there are ways to mitigate the impact of a breach, either pre-emptively or after a breach occurs. Foremost among these, according to Ponemon, is “extensive use of encryption.” Other key mitigating factors include data loss prevention, threat intelligence sharing, and business continuity management.

 

As an IT decision-maker, what can you do to mitigate both the risk and the concern about a cloud security breach?

First, you have to recognize and acknowledge that any time you are using public cloud, you are using a shared responsibility model—this means that you are responsible for security to and from the cloud and the cloud provider is responsible for security within its cloud infrastructure.

Second, you should choose a cloud provider that offers the highest levels of protection and expertise—particularly in areas that have a significant effect in reducing risk, such as encryption, access control, monitoring and visibility, along with data sovereignty and other compliance requirements.

Third, you should use a public cloud platform that is tightly integrated with your on-premises virtualized environment, specifically VMware. With tight integration, you can run VMware workloads in the cloud with a high uptime availability at the virtual machine (VM) level while leveraging innovations such as stretched clusters to reduce risk and improve availability of mission critical applications.

Five important security factors

With those three considerations in mind, here are five additional important security factors to consider in choosing a public cloud provider:

  1. Encryption: As noted, encryption is the number one factor in preventing and mitigating the impact of a breach. Ask if your public cloud vendor offers a FIPS 140-2 Level certified Hardware Security Model. This is important because Level 4 certification provides industry-leading protection against tampering. Additionally, you can access functionality so that no one—including cloud administrators—has access to encryption keys at any point.
  2. Role-based access control: With role-based access control, you can decrease the risk of breaches and data leakage by reducing and managing access to sensitive information. You can guarantee that only authorized users are given access to what they need to do their jobs. You also enhance compliance by more effectively managing how data is accessed and used.
  3. Data sovereignty: As described by TechTarget, “Verifying that data exists only at allowed locations can be difficult. It requires the cloud customer to trust that their cloud provider is completely honest and open about where their servers are hosted and adhere strictly to several level agreements (SLAs).” Make sure your cloud provider has data centers all around the globe and can comply with data sovereignty regulations by geo-fencing workloads running on trusted servers.
  4. Compliance: Data sovereignty and compliance go hand-in-hand, particularly as more and more enterprises are conducting business globally and local governments and agencies have strict compliance requirements for doing business, such as General Data Protection Regulation (GDPR) in the European Union. In public cloud, you want to be able to enforce compliance requirements with continuous monitoring and alerting against policy-based templates for audit readiness.
  5. Business continuity: Backup and disaster recovery are vital use cases when it comes to public cloud, but you must also make sure that your provider supports high availability capabilities to ensure the integrity of backup and DR sites when recovering from cyberattacks. Make sure to ask your cloud provider about recovery time objectives and recovery point objectives, as well as capabilities such as stretched vSAN clusters for your VMware solutions in hybrid and public cloud.

Mitigate risk by choosing the right public cloud provider

Perhaps it is inevitable that business and IT leaders will have concerns about cloud security. The idea of trusting your mission critical data and applications to another company can be somewhat daunting.

Today’s reality, however, is that you can mitigate risk—and concern—by choosing a public cloud provider that is focused on security leadership and trust, offering enterprise grade protections in key areas such as encryption, control, compliance, data sovereignty, and business continuity.

Learn more about IBM’s security leadership and how to most securely migrate your mission critical VMware workloads to IBM Cloud.

Rethink application modernization with generative AI

Discover how IBM and AWS can help CIOs unlock innovation and value in application modernization with AI.

Resources

Kickstart your cloud migration journey

Access essential insights on cloud migration with IBM's latest report. Discover the top 10 facts every tech leader needs to know.
Understanding IaaS, PaaS and SaaS: Choosing the right cloud solution

Learn about the key differences between infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS). Explore how each cloud model provides varying levels of control, scalability and management to meet different business needs.
Application migration: Moving to the future

Discover the process of migrating applications across platforms or environments while ensuring minimal disruption and optimized performance. Learn the strategies, use cases and stages of migrating legacy and modern applications.
Effortless cloud migration with lift and shift

Learn how to transition your applications to the cloud quickly with the lift and shift strategy, retaining your existing infrastructure while gaining cloud benefits. Explore the advantages, VMware workloads and use cases that make this approach the preferred choice for many businesses.
Migrate VMware vSphere to IBM Cloud with ease

Migrate VMware vSphere workloads to IBM Cloud with RackWare Management Module (RMM), a self-service migration tool offering automated migration.
Optimize your cloud migration with IBM Turbonomic

Efficiently plan and accelerate your cloud migration projects with IBM Turbonomic. Gain actionable insights into application workloads, optimize performance and save costs while ensuring seamless cloud transitions.

Take the next step

Accelerate your cloud migration journey with expert consulting services from IBM. Discover how our solutions can help you transition to the cloud efficiently, or book a live demo to see the benefits of IBM Turbonomic in action.

 Explore IBM Cloud Migration Services Book a live demo