In the brave new world of Big Data, security should be top of mind for technology professionals all around the world. When it isn’t, the results can be disastrous. In the realm of the small and midsize enterprise, of course, the preferred solution to protecting customer and other business data has been to move to cloud-based solutions where security is handled primarily by the cloud provider. What many don’t realize, however, is that the migration to cloud services itself entails an element of risk if it isn’t planned and executed well. To help your organization stay protected, here are three data-security steps that should be at the core of any cloud migration.
1. Streamline pre-migration data security
When making a move into the cloud, there is a real risk of carrying flawed data-security practices forward into an environment that may be even more unforgiving than an on-premises system. For example, one of the most common security flaws that tend to stick around after a cloud migration is a flawed user database. Before migrating any data or systems, it’s critical to conduct a thorough review of all user accounts and access rights to make sure there are no outdated credentials or insecure access protocols in use. When business systems and data are centralized with one (or several) cloud providers, a single stray user account could become the Achilles heel of the entire security system.
2. Set security boundaries
One of the biggest mistakes many companies make when moving towards cloud services involves a fundamental misunderstanding of how cloud security operates. Many seem to think that partnering with a reputable cloud provider is enough to keep their business data secure, but that is only partially correct. In reality, cloud providers are responsible for operational and network security, as well as for addressing software and hardware flaws in their systems (proprietary business software being a notable exception). But they are not responsible for security issues arising from customer use (or misuse).
Part of the problem is that businesses fail to set up procedures to handle the aspects of cloud data security that aren’t in the purview of the provider. To avoid security issues, it’s crucial for businesses to delegate responsibility for cloud data security procedures to the proper individuals within their own organizations. Limit access to critical administrative functions (like credential control and data storage configuration) to those who are trained to handle the tasks.
3. Plan for proper equipment decommissioning
One of the least planned-for aspects of many cloud migration projects is determining how to handle the decommissioning of on-premises systems once their primary operations have shifted to the cloud. In truth, failing to adequately sanitize, reconfigure, or destroy disused servers and other hardware can pose an enormous data-security risk. This is especially true when poorly secured internal systems fall into the wrong hands. To prevent such issues, it’s critical to review all firewall and security appliance settings to remove any access paths to newly decommissioned equipment and take steps to wipe or destroy any data stored on the affected systems.
If the migration entails a large-scale wind-down of on-premises operations, it’s usually a good idea to turn to a reputable IT asset disposition service, which can handle the entire process. In such a scenario, the ITAD vendor will handle the secure wipe of the equipment and provide certification that the work has been carried out. That will shield your business from liability in the event there’s a problem later on. The whole procedure might be financed through the resale of the equipment, which further lowers the total cost of the migration.
Obviously, there’s no one-size-fits-all approach to cloud migrations that will ensure data security, but paying attention to these basics is a great place to start. Failure to do so will invite all kinds of potential security issues and could create a data security environment that’s not only risky but difficult to correct after the fact. It’s worth paying attention to the details and working to get things right the first time.
To learn more about the basics of SME data security, read Six Common Data-Security Blunders To Avoid.