Cloud Migration: 12 Risks and How to Avoid Them - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
Commentary
1/17/2020
07:00 AM
Gaurav Sharma, Director of Operations, Chetu
Gaurav Sharma, Director of Operations, Chetu
Commentary
50%
50%

Cloud Migration: 12 Risks and How to Avoid Them

Despite some imperfections, cloud adoption is the future. Of course, it's important to be mindful of the risks involved with the practice.

Image: OlivierLeMoal - stockadobe.com
Image: OlivierLeMoal - stockadobe.com

Many businesses immediately put a cloud migration plan into motion after hearing about all the advantages of the cloud. After all, cloud services have skyrocketed in popularity over the last decade and failing to offer your software services in this fashion is often seen as being "behind the times." 

However, in the race to cloud adoption, cloud security is often overlooked. Remember, cloud application development involves utilizing a "shared responsibility model" with the cloud service provider (CSP) your organization chooses. There are far more potentially vulnerable facets when dealing with cloud services. The "attack surface" increases, since, unlike traditional consumer desktop applications, there is the CSP, typically an API service, content to and from various sources, the core code of the application, and of course the end user's machine. 

We’ve identified some risks and vulnerabilities involved when a business chooses cloud adoption and how to avoid them:

  1. Far less consumer control: The end-user does not have complete autonomy when running cloud applications. Much of the logic and processing is done on a separate server. An attack on this server could compromise the data of all your users, sinking a successful application overnight.
  2. Unauthorized instance spawning: As you know, it is very simple to spin up a new "instance" of a virtual machine or container through any major cloud provider. However, if the administrative credentials are compromised, a malicious user could spawn new instances that cost your company a great deal of money. These instances could also potentially connect to your other instances and steal data from them.
  3. Potential API vulnerabilities: Most cloud application development involves utilizing an API to make common calls easier and more intuitive. However, any user of the application can use one of a variety of tools to see both the URL to each API call and the parameters it expects. If credentials aren't checked with every API call, you may have trouble.
  4. Shared cloud services exploits: By nature, the servers that power the cloud are shared by multiple companies. Though companies try to logically segregate each company's data, it may be possible for an attacker who has access to the server to exploit it and steal your data.
  5. Secure deletion issues: From time to time, you will need to safely delete data. That can be very easily done on desktop applications, but it becomes more complex when you use multiple servers and providers (and, of course, cached data of the end-user).
  6. Improper user privileges: Any company's cloud credentials could get stolen. Every major cloud service offers an internal user management feature, where people are assigned roles that have privileges. If everyone shares an account, there is an even higher likelihood of this.
  7. Single-vendor monopoly: Cloud providers have attractive offers to begin with, but if you need to change providers, it can be very difficult and time-consuming. This can cost a huge amount of money and time.
  8. Overworked IT staff: Largely overlooked, any cloud migration plan can put a large burden on your IT staff. If their days are already overflowing, it can make the job unbearable, and egregious mistakes can be made.
  9. The insider threat: As always, there is a risk of an insider threat. Unlike traditional software, an insider with administrative cloud access can completely ruin an application and a company's reputation in seconds.
  10. Data loss: Through using multiple providers, anything from an attacker to a power outage at a data center may incur sudden, unexpected data loss. Without a proper backup plan, this can instantly put an application out of commission.
  11. Too many suppliers: With so many suppliers of cloud programs, your data may go through several providers. If a single provider is compromised, the data may go out of your control.
  12. Too little research: Many organizations instantly want to switch after hearing of the advantages of the cloud. However, in their excitement, they fail to do the proper research. This can lead to fatal errors.

Mitigating cloud risks

Here are some cloud security mechanisms you can use to stay safe:

  • Take your time setting up your cloud account and ensure that users have appropriate privileges. Never allow shared accounts and remember to give the least privilege practical to each user.
  • Instead of manually performing processes, like database backups, automate them. Don't make any room for human error.
  • Ensure that you can adequately log and see data going in and out. Invest in a tool suite that allows you to easily "drill down" into sessions to identify potentially malicious users.
  • Make sure your team fully understands the chain of providers being used. Assign team members duties such as ensuring that every provider utilized is staying up to date with patches.

Despite some imperfections, cloud adoption is the future. Of course, it's important to be mindful of the risks involved with the practice. Rather than avoiding it completely, simply use best practices and ensure that you have vigilant staff and a strong chain of suppliers and tools.

Gaurav Sharma is a Director of Operations at Chetu Inc. based in Las Vegas, Nevada. For 11 years, he has overseen various technical projects including software development in the cloud.

 

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll