Many publishers today are looking nervously over their shoulders, waiting for the next business crisis! Security is uppermost at many publishing houses, and one key element of a comprehensive security review is that of data security. An on-premise to cloud migration should be a key element in any publisher’s future-proof disaster planning.
In this blog we will examine the question of moving IT operations from an on-premise set-up, to cloud operations, a pivot that significantly enhances data security. We will look at the general statistics that show a landslide of companies moving to the Cloud. What are the benefits and challenges, and why it is a critically important step for most publishers?
The global pandemic has seen more and more companies accelerate their move to the cloud, reinventing their offerings, and becoming more cost-efficient, agile, and innovative in how they operate their businesses.
As an on-demand, self-service environment, cloud is now seen as vital to achieving end-to-end digital transformation, especially for smaller publishers who typically did not have the resources to consider it previously. Now, more than ever, cloud is vital to help businesses reopen, reinvent, and outmaneuver uncertainty.
The Cloud Computing Stampede
The cloud industry is large and getting larger. Over the past decade, cloud computing has become the foundation for the delivery of mobile and content services as well as the best alternative to traditional enterprise computing environments. As businesses transition to a digital-first economy, cloud will continue to play an ever-greater role. The IT industry will continue to focus on delivering greater efficiency, flexibility, and innovation through the Cloud.
Given the Cloud’s central role in the future enterprise, International Data Corporation (IDC)* forecasts “whole cloud” spending – worldwide spending on cloud services, the hardware and software components underpinning the cloud supply chain, and associated professional/managed services – will surpass $1.3 trillion by 2025 with a compound annual growth rate of 16.9%. You can see the full report here.
Types of Cloud Migration
When considering its cloud migration strategy, a publisher must consider two factors. The first is the deployment model—public, private, hybrid, or multi-cloud. The second element is the service category. These are SaaS (Software as a Service), PaaS (Platform as a Service) or IaaS (Infrastructure as a service), which denote respectively increasing levels of participation on the part of the publisher’s IT staff. With SaaS, for example, typically all the following activities are managed by the outside service provider(s): applications, database management, runtime operations, middleware, operating system, virtualization, servers, storage and networking facilities. By comparison, in an IaaS environment, typically only virtualization, servers, storage and networking are managed by the external providers, and with PaaS, there could be anything in between.
There are also three different migration approaches your company can choose to adopt. These include a basic “lift & shift” (rehosting), involving the transfer of data and applications from the on-premises data center to the public cloud, where you make the minimum number of changes simply to get the application(s) running in the new environment. The second cloud migration approach is “replatforming” (moving to a wholly new cloud based operating system, with the advantage of a reduction in operational expense), and last, “refactoring”, which is an upgrade of application components to conform to new standards.
Why Move to the Cloud
A move to the cloud is far from just a technology exercise. It needs to be rooted in business outcomes —specific objectives the company wants to achieve. Taking advantage of all the opportunities that the new environment offers, is an ongoing opportunity that should not be missed, probably at a second stage of the whole project. Clearly, all this demands careful planning, with contributions from all sections of the company.
With this in mind, the main reasons to move to cloud computing are:
- Network Capacity
- Connectivity and Efficiency
- Total Cost of Ownership
This was perhaps a weak link in the very early days of cloud computing, however today, these concerns are not significant. Most cloud platforms deliver the highest levels of security, data integrity and backup/recovery facilities because they make huge investments in resources and technology, along with a skilled team of IT experts and engineers that the typical publisher just can’t afford to do by themselves. Note that data loss can still be significant if businesses do not install strict processes and procedures at the user level – more on this later.
Cloud subscribers can now instantly “right-size” their computing capacity to that which is needed and can easily upgrade (or downsize) their network resource needs to what is required at that time. Scalability and resource consumption are therefore much more easily managed. Cloud providers are focused on ensuring very high levels of service availability and the degree of access speed that is demanded (and paid for) by the subscriber. Availability is often measured in downtime hours per year. The emphasis can now be on your core competency and not on IT. Compare this to managing outdated servers and software on-premise with limited human and computing capabilities.
Connectivity & Efficiency
Users can connect no matter where they work, anytime, anywhere, using any device. That means no more risk of files being stored on any computer. Employees situated in various locations can collaborate easily and by providing simultaneous syncing, working, and sharing documents and records in real time, cloud computing helps increase the collaboration and efficiency of employee teams. There is a reduced risk of data loss and safer backup security offsite –decreasing the potential for hackers, viruses, ransomware, and other cybersecurity problems.
Total Cost of Ownership
Cloud-based IT provides a user with scalable computing power, while minimizing most IT requirements -such as routine maintenance and physical data storage, delivering significant savings, and predictable budgets.
There are very significant opportunities provided by the cloud environment for innovation in new applications and enhanced operation of existing apps. This includes analytics, automation, AI, and collaboration with external data sources and Big Data that are simply not available to smaller operations.
The Challenges of an On-Premise to Cloud Migration
A cloud migration project requires extensive planning across the whole organization. Successful migrations begin with a defined strategy and careful coordination with your chosen cloud provider and retraining of all involved players in the business. Detail cost estimates are an essential part of this planning process. Regardless, the majority of companies migrating to the cloud experience one or all of the following challenges:
We have described the security advantages that the major Cloud Service providers deliver. However, this type of security applies only to the hardware and IaaS (Infrastructure as a Service) levels and does not address the security at the user end. It’s easy to fall into the trap of solely providing developers and data users with permissions to any cloud resource while ignoring the additional processes and procedures that are now necessary in the new environment. These processes need to be identified and installed from the beginning, or the business is exposed to all manner of illegitimate access.
Not every application can be moved easily. The business needs to decide which applications to keep, and which ones need to be rebuilt. Users should examine options for optimizing applications for the cloud.
Resolve key infrastructure and application dependencies, by prioritizing applications and identifying necessary remediations. This is essential to reduce risk and cost.
Commitment from all departments across the business is essential for migration to succeed. Every stakeholder must be represented on the project team. This includes assessing the skills that are required in the organization, and filling the gaps where they don’t exist, either by tools and personnel provided temporarily by the Cloud Service Providers, or by adding to your own permanent staff where needed.
A Closer Look at Cloud Security
Cloud security issues are related to cyber threats due to malicious and accidental misconfigurations, hijacking of user accounts caused by poor encryption, identity management, lack of process controls and data leakage from insecure APIs or other infrastructure endpoints.
SaaS providers handle much of the security for a cloud application. The SaaS provider is responsible for securing the platform, network, applications, operating system, and physical infrastructure. However, as we have pointed out earlier, providers are not responsible for securing customer data or user access to it. Control is increasingly shifting from IT to users, who can change file sharing settings, create their own groups, and install third-party apps, all of which can result in headline-worthy data breaches.
Gartner estimates that 95% of cloud security failures are the customer’s fault. To avoid security breaches, customers must implement improved security processes, possibly enhanced by tools and technologies. Below are SaaS security practices that organizations can adopt to protect data in their applications.
Detect rogue services and compromised accounts. The average organization uses many more unique cloud services than their IT departments are aware of, some of which are very high-risk services. Publishers can deploy Cloud Access Security Brokers (CASB) to audit their networks for unauthorized cloud services and compromised accounts. Onboarding and offboarding procedures typically need improvement.
Apply identity and access management (IAM). Companies must ensure that end users do not gain access to more resources than they require for their jobs. A role-based Identity and Access Management solution (IAM) solution uses processes and user access policies to determine what files and applications a particular user can access. An organization can apply role-based permissions to data so that end users will see only the data they’re authorized to view.
Encrypt cloud data. Data encryption protects both stored data and data in transit between the end user and the cloud or between cloud applications. Sensitive data such as financial information and personally identifiable information (PII) should always be encrypted. This service may be provided by the Cloud Provider or enhanced by other solutions such as by implementing a cloud access security broker (CASB).
Enforce data loss prevention (DLP). DLP software monitors for sensitive data within SaaS applications or outgoing transmissions of sensitive data and potentially blocks it. DLP software detects and prevents sensitive data from being downloaded to personal devices and blocks malware or hackers from attempting to access and download data.
Monitor collaborative sharing of data. Collaboration controls can detect granular permissions on files that are shared with other users, including users outside the organization who access the file through a web link. Employees may inadvertently or intentionally share confidential documents through email, internal collaborative software such as MS Teams, and cloud storage sites such as Dropbox.
Advanced malware prevention. This includes technologies such as behavioral analytics and real-time threat intelligence that can help detect and block zero-day attacks and malicious files that may be spread through cloud email and file sharing applications.
Cloud access security brokers (CASBs) protect enterprise data and users across all cloud services, including SaaS, PaaS, and IaaS. According to Gartner’s Magic Quadrant for Cloud Access Security Brokers, CASBs detect threats and provide IT departments with greater visibility into data usage and user behavior for cloud services, end users, and devices. CASBs also act immediately to remediate security.
Process and Procedure Implementation. These include eliminating security misconfigurations and correcting high-risk user activities applications.
CASB’s provide a variety of security services, including:
- monitoring for unauthorized cloud services,
- collecting details about users who access data services from any device or location,
- restricting access to cloud services based on the user, device, and application,
- compliance reporting,
- templates to guide IT staff through the process of policy creation
IT departments can learn to protect their cloud applications and data by following cloud security best practices and implementing effective SaaS security solutions.
Don’t Go It Alone
If your publishing company is facing an on-premise to cloud migration, the most important thing is to ensure you have the expertise you need to make the project successful. knk has over 30 years experience in publishing software and has helped hundreds of publishers around the world update their systems to the cloud. Contact us today to learn how we can bring your operations into the latest Microsoft Azure cloud technology.
The knk blog team fills the knk blog with content, new posts and replies to comments.
We welcome your comments!