days until DORA is in effect on January 17, 2025. Download your cheat sheet here.
To Minimize Cloud Risk, Pivot Security From An Afterthought to a Baked-In-Advance Priority
More than 90% of cybersecurity professionals worry about security in the cloud, and this concern is amplified for firms in the financial services space that deal with particularly sensitive data. Far too often, these cloud security problems are there from the very beginning – as organizations power through with hurried and poorly strategized migrations that result in security gaps from misconfigured systems. Let’s examine the pitfalls of poorly coordinated cloud security, and how a more proactive approach that bakes in security from the start can dramatically reduce enterprise risk in the cloud.
Uncoordinated Cloud Migrations Create Ongoing Security Risks
Cloud migration—whether to a public, hybrid or multi-cloud environment—is essential for financial services organizations looking to keep up with competitors. Far too often, though, rapid results and hurried “lift and shift” migrations are prioritized over security. In the absence of a coherent security strategy, a piecemeal approach prevails in which new tools are added haphazardly and operate in uncoordinated and inefficient ways. This adds confusion and obstructs visibility into your network.
The problems multiply to the extent this lack of visibility extends to third party vendors – leaving organizations wondering about where data is stored or processed, and whether any controls are in place to protect it as it moves. If you don’t know where your most sensitive data is stored, you can’t protect it. This is especially troublesome with your “crown jewels,” or most sensitive data – which becomes vulnerable to ransomware, exfiltration and possibly also step regulatory fines from compliance violations if the data is subject to national or international regulations such as the General Data Protection Regulation (GDPR).
The bottom line is that there is no simple “on button” for security, and the “set it and forget it” mindset spells trouble. Organizations must instead consider and plan for security at the beginning of the cloud migration project and on an ongoing basis.
Proactive Planning Creates Stronger Security
For cloud migration to succeed, organizations must have an established cloud security policy in place from the very beginning. By considering security upfront, you can ensure your organization’s cloud infrastructure is secure before any data is migrated. This advance planning may get you off to a slightly slower start, but it will save you trouble and money down the road.
Carefully consider which assets and applications you plan to move to the cloud and take a layered approach by securing the perimeter with access protocols and controls. Financial services institutions may want to keep applications with highly sensitive data on-prem, while moving applications with less sensitive data to a public cloud. All of these considerations should be part of a proactive and comprehensive security policy that is also able to be updated as needed.
Revisit your policy often – annually at the bare minimum, and hopefully more frequently. If you operate in an agile environment, tie your policy review to your rate of change. You’ll also have to adapt policies as compliance regulations change. The recent introduction of new SEC cybersecurity guidelines is a good example of rules that financial services firms need to adapt to. And as a recent ECI webinar demonstrates, these guidelines will continue to evolve in the future.
Working with a managed service provider that bundles public cloud features with best-of-breed security solutions is a great strategy for keeping your cloud protected. For example, a managed SIEM provides real-time security analysis of data to proactively identify potential security risks. Leveraging machine learning and statistical analysis, it identifies anomalies, patterns and trends that may indicate a current or future security risk.
When choosing an MSP, look for a partner that executes the necessary product testing to select the best vendor for each security layer and has the expertise to manage your cloud environment. For the cloud migration journey to succeed in both the short-term and long-term, you must have an established cloud security policy to guide your operations in the cloud, identify threats, mitigate vulnerabilities and defend against cyberattacks—all before a single byte is migrated.