Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Things to Consider Before Migrating Business Applications to the Cloud

According to a recent survey (PDF) of 240 information security professionals around the globe, network operations and applications owners to determine how security management affects organizations’ agility with regards to connectivity of critical applications in the modern data center.

According to a recent survey (PDF) of 240 information security professionals around the globe, network operations and applications owners to determine how security management affects organizations’ agility with regards to connectivity of critical applications in the modern data center. Something that struck me right away from the findings was that while many organizations are planning to migrate critical business applications from physical infrastructure to private, public or hybrid clouds, more than two-thirds of organizations encounter application connectivity disruptions or outages during data center migration projects.

Considering cloud migrations are a rising trend, this is a concerning issue. There is so much complexity baked into applications that comprise of numerous servers, networking and storage components as well as security infrastructure that spinning up a new application or making an update is fraught with risk. Many organizations today lack the necessary visibility of their application connectivity requirements and the underlying security policies. And when conducting a data center migration, these challenges are magnified. Before you make your move to the cloud, here are a few things to consider:

Securing Applications in Cloud EnvironmentsThe Move to the Cloud is a Business Decision, but Security Management Goes Hand-in-Hand

There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications as we’re in an application-driven business environment. If a critical application is down or performing at a non-peak level, the business will suffer. At a technical level, it’s understanding that most firewall changes are driven by business application connectivity needs and understanding the impact to these applications and to the network by making sure that you can associate all firewall change requests to the appropriate application.

Consider the Risk of Decommissioned Applications

When decommissioning applications or servers in the data center, many IT professionals have to manually identify firewall rules to change and if left in place, many unnecessary access rules are left creating security risk. Oftentimes, organizations simply leave those access rules in place because they don’t have the comfort level to remove those rules for fear of causing an outage. While you certainly don’t want to break the connectivity for a critical application, you also should have a plan to remove that unneeded access because more access leaves gaps for bad guys to exploit. Use your firewall rules (hopefully there is decent firewall rule documentation) to identify network components and applications that may be related to effectively remove unneeded access, without impacting the business.

Prioritize Network Vulnerabilities the Way You Want

Organizations want to prioritize network vulnerabilities by business application. Nearly half of respondents in the survey wanted to view risk by the business application. With this type of visibility, security teams can more effectively communicate with business owners and enable them to “own the risk”.

Reduce Complexity

Advertisement. Scroll to continue reading.

Complexity is a killer of security and agility. Today’s enterprise network has more business applications with complex, multi-tier architectures, multiple components, and intricate, underlying communication patterns that are driving network security policies. An individual “communication” may need to cross several policy enforcement points, while individual rules, in turn, support multiple distinct applications. This complexity typically involves hundreds, or even thousands of rules, with many potential interdependencies, configured across tens to hundreds of devices, which equally supports as many business-critical applications. The sheer complexity of any given network can lead to a lot of mistakes, especially when it comes to multiple firewalls with complex rule sets. Simplifying security management processes through automation and an application-centric approach is a must.  

These are just a few security management considerations to take in while you continue in your plans to move critical business applications to the cloud. There are many valid reasons for moving to the cloud, but you must remember the implications of poor security management and how improvements here can not only ensure tighter security, but also a data center that is more agile and supportive of the business.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.