One of the presentations that I delivered this year at TechED Brazil was about On-Premise Security while Migrating to the Cloud. There are many reasons to migrate to the cloud and during this presentation I emphasized the three core elements below:
While those core elements sounds very good, we must also be alert for the new challenges that comes with this adoption, such as:
New Threat Landscape
The presentation was really focus on the second bullet (on-premise security). Some of the reasons why this is still an important point to address include:
- Key parts of the overall solution still remain on premises
- Parts which, if broken, would compromise the security of the entire solution
- The customer organization is very likely the weakest link in the security model
- Attackers know this and are actively targeting end users and on-premise servers
The misconception that the migration to the cloud means offloading your security to the cloud provider is just plain wrong. You need to be diligent because at the end of the day it is your data that could get compromise if you relax the on-premise security. You should adopt a defense in depth approach. All the elements from the endpoint to the cloud must be secure, not only the hosts, but the path and the remote clients. Here is a typical example of how this will look like:
There are five key elements in this diagram
- Internal client security: you must continue the effort to protect your on-premise client. Nowadays the end user is way more exposed to social engineers attacks and one mistake from them can compromise your company’s data.
- Server Security: most likely there will still be some servers running on-premise (such as legacy application, file servers, etc). You must adopt security policies and best practices to protect those servers.
- Edge Security: regardless of which edge solution you use, always try to identify a solution that can offer the elements described in the diagram above.
- Remote Client Security: while most of your internal clients will take a lot of advantage of accessing cloud services without having to connect to the internal network, there will still be scenarios where the internal client will access some kind of resource located in the internal network. You must validate this access before allowing the client computer to access those internal resources.
In summary the path to the cloud requires a lot of planning to make sure that your users can have a seamless experience while you keep your data secure.