Six steps to a seamless cloud security journey

With where we find ourselves today in relation to COVID-19, the urgency to move to the cloud has never been greater.
Read time 3min 40sec

An organisation’s cloud journey can be a beautiful symphony or sound like a five-year-old banging the kitchen pots and pans. Given the current COVID-19 circumstances and the requirement for social distancing, many employees are probably working from home, needing safe and easy access to applications and documents in the cloud.

Here are some tips to make the cloud journey the trip of a lifetime.

Gradually let go of legacy infrastructure

Moving to the cloud is a turning point that can be used to enforce new standards that are difficult to apply to current legacy environments. Start with the basics: all builds must be defined through an infrastructure code software tool.

Sharing standard, approved patterns for common components with teams will speed up their assimilation of the technology. A change control programme (where both existing and new systems are constantly monitored) is essential to ensuring the migration to cloud is implemented systematically and effectively, minimising possible business disruption.

Check the fine print

Licence management is different when using the cloud, so vendors must ensure clients understand it and disclose the T&Cs.

There may also be some hidden benefits, as a number of cloud providers offer discounts when clients move over to them. If there is a free trial period, use it. Also check if any technical consultancy is available at no cost.

Let cloud balance the load

Gone are the days of hardware appliances providing load-balancing across servers and data centres. Cloud providers should offer this as an easy-to-use service.

Ultimately, if the cloud environment is treated like an additional data centre, the business can take advantage of its many benefits.

By combining this load, and balancing capability with distributed denial-of-service protection and a Web application firewall, companies can host a well-defined, resilient and secure front-end for all Internet-facing applications.

Take security seriously

With the size of the cloud and the ease of accidently sharing data with the world, this should be a top priority. Companies don’t, or shouldn’t, allow on-premises application developers to change firewall rules to expose their applications, so they shouldn’t allow them to do it in the cloud.

In fact, when centralising cloud ingress (traffic that enters the network) and egress (traffic that exits the network) there is an opportunity for enhanced oversight and control.

Ensure scalability

Simply put, automation is needed to apply security at scale. If all applications are built using infrastructure as code and can automatically scale as load changes, the ability to quickly roll out patches can be straightforward.

This is achieved through enforcing a minimum skill level for teams moving to the cloud, as well as strict architecture requirements to support scalability and automated builds. All the code must be stored in a central versioning repository, similar to the source code.

This enables easy change management and review, as well as helps engineers think about how they could build pipelines to automate testing, deployments as well as the “dreaded” destructive (DR) tests (in order to monitor ongoing functionality and regression).

Take advantage of the cloud provider’s service offering

As firms are more likely to move from on-premises to cloud-based infrastructure, so too are engineering teams moving from on-premises to cloud-based skills.

Whether the on-premises environment is built from CD, or automated from bare metal, companies can benefit from the tools and processes available from the cloud provider.

However, if the team is not prepared for this, they will continue to run just as they always have, and often not even realise the assistance the cloud provider can provide.

In addition, engage with the cloud provider to determine what training it can make available, and pick a minimum level that all engineers should meet before they can move their applications through to the cloud.

Ultimately, if the cloud environment is treated like an additional data centre, the business can take advantage of its many benefits: great scalability in compute power, the ability to manage large estates, seamless remote working for employees and access to additional metadata that can help drive actionable insights.

Sandro Bucchianeri

Absa group chief security officer

Sandro Bucchianeri is Absa group chief security officer. He grew up in the Cape Flats and, unlike many children from that area, had the opportunity later to study and work abroad. He has worked in the UK and the US, and travelled to over 50 countries across the globe in his role as a security consultant before joining Absa in 2017.

Bucchianeri has more than two decades of experience in the field of security information protection. Previous roles include group chief security officer at National Bank of Abu Dhabi and chief information security officer at Investec PLC. Earlier, Bucchianeri was CSO and global head of consulting at Sysnet Global Solutions.

He is a keen supporter of new business ventures, and is passionate about making a contribution to uplifting communities. He led Absa’s efforts in establishing the Absa Cyber Security Academy – a partnership with Maharishi Institute.

Bucchianeri is a member of a number of boards, including the Payment Card Industry Security Standards Council advisory board, which also comprises representatives of Amazon, PayPal, Microsoft and Wal-Mart.

He has several international certifications in risk management and cyber security, in addition to a Masters Degree in Information Security from Royal Holloway University of London.

See also