Sponsored By

Cybersecurity insights from industry experts.

Considerations for Reducing Risk When Migrating to the Cloud

Proper planning is an essential part of reducing security and compliance risks before, during, and after a migration to a new cloud environment.

Rob Sadowski

August 28, 2023

4 Min Read
A cloud with multiple ladders leading into it
Source: Jacky via Adobe Stock Photo

The moment your organization begins planning for a cloud migration, risk and security considerations should be at the forefront. A proper cloud migration strategy starts with an assessment of the current state of your organization's applications, data, and workflows, then moves on to the creation of a step-by-step migration plan. A gradual process is always preferable, when possible, as migrating to the cloud often involves moving sensitive data, and the right safeguards are essential.

Migrating data and establishing new workflows in a cloud environment can lead to the emergence of security gaps or blind spots. But it's important to remember that a successful move to the cloud can ultimately reduce your organization's attack surface and vulnerability, as well as offer additional work flexibility and cost savings from the elimination of often expensive data centers operations.

Fortunately, the risks involved with a cloud migration can be managed and reduced — a process that starts with an in-depth understanding of your organization's data.

Protecting Your Data

Before data can be migrated to the cloud, your team should perform an assessment to understand where the data currently resides and what workflows access or depend on that data. This will help you understand what can be moved at which stage of migration, which teams will be impacted, and any considerations like APIs that need to be managed and updated. Misconfigured APIs or employees hunting for access to the data they need to do their jobs are two examples of common security risks that can arise as a result of a cloud migration — but both can be anticipated and avoided.

When it comes time to actually move your sensitive data to the cloud, encryption is an important control to employ. Encryption is the default with a variety of transfer options to Google Cloud, but your security team will need to evaluate your specific data transfer plan to make sure it satisfies the requirements of your organization and industry.

Post-migration, an all-too-common security blind spot has to do with data duplication. As IT's attention turns to smoothing out the post-migration experience for users, it's easy to forget about backups that were made pre-migration to allow for rollbacks, should something go wrong. While the creation of these backups is wise, it's a best practice to reduce any unnecessary or unsecured backups over time. Establish a dedicated step in your migration roadmap to evaluate the state of these backups, to reduce the risk of old — but still sensitive — data being overlooked.

Ensuring Compliance

With the changes involved during and after a cloud migration, it's important to involve your compliance team in the process to minimize the risk of a violation at some point during the move or in your newly established cloud environment. Depending on your region and industry, you'll be used to adhering to particular compliance regulations, and your cloud partner can help you by providing documentation such as certifications, control mappings, and responsibility matrices, and by offering best practice recommendations suited to your needs.

A guiding principle to follow to help reduce the risk of a compliance issue as a result of a cloud migration is to reduce complexity when possible. Store sensitive data in fewer locations and limit access to it in order to make compliance audits easier.

It's also possible to automate some compliance processes in a cloud environment, running continuous checks for configuration/control drift and non-compliance, without requiring the direct human attention of your security team. Building guardrails into the base configurations of your new environment is an efficient way to take advantage of the flexibility the cloud provides while reducing the risk of a security incident.

Security Monitoring

Once you begin migrating to the cloud, security monitoring remains essential. Visibility into resources and potential threats can be enhanced but often works differently in the cloud than it does in a local data center.

Take advantage of the security portal your cloud provider offers to maintain an effective view of your new environment. Understanding how your assets connect and work together — whether in a single cloud, a hybrid environment, or a multi-cloud configuration — is essential for monitoring for vulnerabilities and eliminating blind spots.

Successfully reducing security risks before, during, and after a cloud migration is a team effort. Your IT, security, and compliance teams should all be involved in the process. And after the migration is complete, testing and verification — both automated and manual — can help make sure your new cloud environment remains secure and compliant.

Read more Partner Perspectives from Google Cloud

Read more about:

Partner Perspectives

About the Author(s)

Rob Sadowski

Director, Trust & Security Product Marketing for Google Cloud at Google

Rob Sadowski is Director, Trust & Security Product Marketing for Google Cloud at Google. A Googler for 6 years, he is responsible for creating and delivering Google Cloud’s core platform security messages, encompassing IAM, posture and risk management, data security, network security, compliance and digital sovereignty. Prior to joining Google, he held multiple senior roles in strategy and marketing at RSA Security, and came to RSA as part of the team that drove the creation of EMC Corporation’s Security division. He is a former member of the PCI Security Standards Council Board of Advisors and has been a commentator on cybersecurity issues to global media outlets including CNN, USA Today, the Financial Times, NPR, Fox Business, and CNBC.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights