Application Security June 25, 2021
By Matthew Delargy 4 min read

During the last decade, conversations about cloud migration and transformation, as well as cloud security, have been ubiquitous among business owners. With Gartner’s most recent forecast of an 18.4% increase in worldwide public spending on cloud services in 2021, totaling almost $305 billion, it is clear this trend is only heading upward. But what are the risks that come with this cloud transition?

Knowing the risks and mitigation strategies involved is essential. After all, it enables businesses to make informed decisions about their cloud journey. This article explores the risks that come with cloud migration. Whether your company is just starting its cloud journey or already operating within the cloud, IBM has road maps for both.

For Companies Starting Their Journey

Companies at the beginning of their cloud roadmap must consider the following challenges:

Providers’ Roles in Cloud Security

Moving data from on-premises to the cloud can be confusing and lead to misconfigured servers, opening the door to potential cyber threats. This was the case with the April 2019 Facebook Amazon Web Services server breach, resulting in over 540 million accounts being exposed. These instances are a stark reminder of how vulnerable data can be during cloud migration.

Solution: Leading cloud providers offer built-in security to the cloud environment. Since they own the cloud environment, it is both their duty and within their interests to ensure security of the cloud. However, the users of the service are responsible for the security in the cloud – therefore the responsibility is shared under the shared responsibility model.

Reskilling and Resourcing Teams

Vital changes in company strategy require a shift in its employees’ skill base. Cloud migration requires more management and training of employees using new cloud apps. In the interim, this may leave a company’s security posture at risk.

Solution: The journey to the cloud will require the inevitable upskilling of employees. Hiring a strong security team and more DevOps engineers will help bolster the transition. They can reconfigure the cloud environment and assure data security in the cloud long term, offsetting the short-term costs of retraining staff.

Creating a Clear Cloud Migration Strategy

Key decisions prior to moving to the cloud will lead to a smooth transition. Failure to do so could complicate the process and leave a company open to cyber threats. Choices include using one cloud provider or a mix, which can result in vendor lock-in or a costlier and more complex environment, respectively. Also, deciding which data will reside on-premises and which will reside in the cloud at an early stage will provide clarity from the offset. Ensuring governance and a target operating model are in place prior to migration will pay dividends down the line.

Solution: Planning and strategy. Begin by performing a cloud security assessment to create a stronger, more flexible roadmap for your cloud journey. Assessing which data will be moved to the cloud, and in what format, will result in a clear migration strategy destined to succeed. Furthermore, IBM’s use of open-source tools, such as the recent adoption of Kubernetes, allows cloud apps to work together seamlessly. This creates a cloud system that is both flexible and secure.

For Companies Already Running in the Cloud

Companies already residing in the cloud should be aware of the following safety concerns:

Lack of Insight and Control

What if you operate within another entity’s data center and share data ownership? You may run into trouble with a lack of visibility and control over your company’s own data. These ‘blurred lines’ can lead to confusion or doubt over who is supposed to take care of what. According to an IBM survey, 44% of respondents believed they could not rely on their cloud provider for even baseline security.

Solution: Implement security information and event management (SIEM) tools. Doing so will improve the visibility of your data by providing real-time updates of information security systems. Management of event logs will further streamline this outlook and provide the insight required to support a company’s cloud migration.

Cloud Security and Access

Application programming interfaces (APIs) provision, manage and implement assets across cloud applications. As these connect to the internet via the cloud, there’s more potential for attackers to infiltrate the environment. And if they do, all cloud assets are at risk. For example, according to IBM X-Force Incident Response and Intelligence Services (IRIS) in June 2020, 45% of cloud-related threats were via app exploitation. In this way, cyber criminals can amplify the impact of their access to the cloud, developing data theft into other areas such as cryptomining and ransomware.

Solution: Implement strong identity and access management protocols. Companies should deploy policies such as multi-factor authentication and minimum password standards to add safeguards against threats. Restricting access on a least-privileged basis limits the number of privileged accounts, which, in the hands of a malicious actor, could leave a company’s cloud infrastructure at risk.

Malware, Ransomware and Data Theft

Cyber criminals can infiltrate the cloud via phishing emails and poorly configured storage servers. Moreover, the constant movement of data to and from the cloud has increased the number of opportunities for cyber criminals to intercept data. Hence, there are more chances to attack not only the cloud but also client networks and linked devices.

Solution: Apply security measures. These include conducting training and awareness programs among employees, including phishing simulations. Implementing pre-emptive detection and response capabilities and data security solutions will actively seek out and eradicate threats before they develop into a serious issue.

Cloud Security Migration Tools for All

With most businesses only 20% of the way into their cloud adoption, the cloud migration journey continues to be relevant in client conversations across all industries. No matter what stage a business is in its cloud journey, IBM is on hand with specialist services tailored to your business need.

 |  |  |  |  | 
Matthew Delargy
Security Consultant, IBM

More from Application Security
August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

August 10, 2023

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

August 9, 2023

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

August 8, 2023

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature