Data Migrating…Cloud or Not…..
Do we know the Risks?
Image Courtesy of the NewYorkTimes and TechRadar

Data Migrating…Cloud or Not….. Do we know the Risks?

With the rapid move towards digitization in all areas of life, a growing portion of everything we know is migrating from the physical to a digital form. Through the years, the world economy has become more connected and interconnected. With the rapid growth of data across the globe in organisations, each running their own data infrastructure/data centers to centralising their data storage, many organisations are asking the questions, is there a more efficient option for data management?

With the growing need to access data from sites away from the prime office locations and the rapid growth of the Internet during the later part of the 20th century coupled with the exponential rise of internet access in the 21st century and the 4th Industrial Revolution, we have seen significant changes in how business operations have been forced to adapt to the ‘new normal’. ?Remote working and the strong change in the mindset of staff and stakeholders is having a major impact on how data is managed.

Moving data from on premises (‘on prem’) to the ‘cloud’ is NOT as a simple has hooking up a physical filing cabinet to the catapult and catapulting the file cabinet into the cloud…The need to strategise, plan and understand the risks and compliance requirements form an integrated and complex challenge.

Prior to a significant IT project that involves data, it is important to identify the Organisation’s ‘Crown Jewels” (i.e., business critical assets). Executive management must understand that such a move is not poorly IT. It encompasses, governance, risk and compliance requirements as well.

Migration to the Cloud requires understanding of the types of Cloud Solutions available. There are four main types of cloud computing:?private clouds, public clouds, hybrid clouds, and multi-clouds. There are also three main types of cloud computing services: Infrastructure-as-a-Service (IaaS), Platforms-as-a-Service (PaaS), and Software-as-a-Service (SaaS)

Migrating to the cloud requires a well-thought-out strategy that could cover the following at the minimum; a comprehensive list (i.e., inventory) of the organisations cloud assets; a list of security and compliance requirements relevant to cloud assets, the required security controls on cloud components (security controls need to include access controls, fire walls, patching, anti-malware at the minimum), continuous and continual improvement of related cloud processes and services and monitoring on a continuous basis of security and compliance related to the cloud.

Statista?estimates that by end 2022, for the first time, the amount of enterprise data stored in the cloud will surpass data stored on-premises.?As of 2022, over 60 percent of all corporate data is stored in the cloud. This share reached 30 percent in 2015 and has continued to grow as companies increasingly shift their resources into cloud environments in the hope of improving security and reliability next to advancing business agility.

To mitigate the risk of migrating data to the cloud, it is important to understand the risk management behind data in the cloud. The migration to the Cloud needs to incorporate an effective GRC approach. (GRC= Governance, Risk & Compliance). In addition, there are a number of cloud migration tools that will be helpful in this process.

Some of the key risks to be aware of when migrating to the cloud include the following…

The Organisation lacks a clear cloud migration strategy. The organisation needs to fully understand the reasons for wanting to migrate its data to the Cloud.?Moving to the Cloud might appear to be the ‘in-thing’ but jumping in headfirst without a clear migration strategy is certainly asking for trouble. Included in the Cloud Migration strategy should be the reasons for the migration, the benefits to the organisation, identification the data to be migrated, the size of current storage and a roadmap to the growth in storage (in the future). Ensure proper planning is undertaken as poor planning may result in a disastrous outcome, financial, reputational and serious system failures.

Migration to the Cloud poses security risks to the Organisation. The need to meet compliance requirements, external cyber-attacks, malware, poorly drafted contracts with Cloud vendors, are some of the key risks that must be understood and mitigated. Identifying the Security Risk. We live in uncertain and unsafe times. Migrating to the cloud attracts a host of security risks from contractual breaches, compliance violations, malware, external cyber-attacks, naming just a few. To mitigate some of these risks, choosing a cloud provider that has a strong compliance, governance and risk focus is imperative. Having in-house technical experience that incorporates security skills, DevOps and GRC skills will enhance the cloud adoption and mitigate many risks with this migration.

Existing architecture may pose a challenge when the systems house legacy applications which rely on out-of-date system libraries, programming languages and limited skills (or scares resources). Reliance on the Cloud provider to support the legacy applications will not truly mitigate the associated risks. The Organisation will need to find solutions to circumvent the issues with the legacy systems/applications.

Organisations should be cautious on the type of Cloud they select. Select a Public Cloud may result in reduced visibility and control which will pose a real risk that can affect the performance of the organisation. When the organisation has its data stored on premises, it has full control over all its resources, policies, and infrastructure. By migrating to the cloud, a 3rd party vendor is involved (i.e., cloud service provider-CSP), some responsibilities move away from the organisation which can result in reduced visibility over data and IT infrastructure for the organisation.

Moving data to a new location may result in loss of data that may occur through human error, technical issues, data corruption or incomplete data sets. The organisation needs to ensure that its 3rd party Cloud Service Provider or CSP has the necessary processes in place that include data backup, data restoration and data fall-over. The Organisation should also ensure that it has a full BCP in place prior to migrating to the Cloud.

With migration to the Cloud, the Organisation is never certain where all its data really is. The data could be spread across multiple servers (storage devices) and multiple locations, hence the Cloud. In the event of the Organisation needing to delete data, the risk exists that with the Cloud, all the deleted data may not be completely deleted. Ensuring this does occur, should be treated with the CSP SLA and treated as part of the risk management space.

Migrating to the Cloud often brings with its cost savings, Organisation need to be cautious as costs can sometime not be contained. Due to the various and often flexible pricing models offered by the CSPs, some of these pricing models can be difficult to understand and challenging to select the best combination. If the Organisation struggles to figure the best option that fits its needs and business, it may waste a great deal of money. It is recommended to involve the services of an expert in these negotiations as its will be money well spent in the long run.

Migration to the Cloud offers a number of benefits which include the following:

Migration to the Cloud can be easy - Solution design and implementation that includes an incredibly versatile "lift & shift" migration for existing server/data workloads. The Cloud migration allows scalability in the Organisation being able to choose the amount and type of resources it requires with the virtual data centre. It can scale up or down as it requires. The Organisation through its CSP has access to a wider range of storage mediums thereby reducing the need to invest in the technology directly. The CSP also facilitates a wider selection of networks that the Organisation would not have had it not opted to migrate to the Cloud.

The Organisation has the benefit through the Cloud to create or extend its own private network from its Virtual Data Centre while choosing multiple firewall options. The CSP can offer a fully managed cloud solution that incorporates disaster recovery across multiple data centres with enhanced security services.

As the growth of data increases with the world becoming more virtual. The migration to the Cloud requires the support of appropriately skilled and experience IT staff including IT administrators that maintain full control of the servers and can perform tasks such as provision virtual servers, provision virtual servers from templates, upgrade virtual servers, console access to virtual servers, configure networks, start, stop, reboot, and delete virtual servers. The CSP has the required IT staff with the correct mix of skills and experience.

Migration the Organisation’s Data and IT Infrastructure to the Cloud is not a straightforward exercise. There are many factors to consider and a number of risks to mitigate. It is not a pure IT exercise or decision but a business decision that requires strategic intent incorporating a number of factors that will have major implications on the business. There are also many benefits in migrating to the Cloud. Choosing the correct CSP (Cloud Service Provider) brings a wealth of benefits that could enhance the performance of the Organisation, improve its security posture and competitiveness.

Remaining with data on premises may restrict growth of the organisation. Organisations have a great number of options in migrating to the Cloud….

?

Mohsien is a Finance, Technology and Risk Professional?(GRC/ESG).

要查看或添加评论,请登录

社区洞察

其他会员也浏览了