Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Things to Consider Before Migrating Business Applications to the Cloud

According to a recent survey (PDF) of 240 information security professionals around the globe, network operations and applications owners to determine how security management affects organizations’ agility with regards to connectivity of critical applications in the modern data center.

According to a recent survey (PDF) of 240 information security professionals around the globe, network operations and applications owners to determine how security management affects organizations’ agility with regards to connectivity of critical applications in the modern data center. Something that struck me right away from the findings was that while many organizations are planning to migrate critical business applications from physical infrastructure to private, public or hybrid clouds, more than two-thirds of organizations encounter application connectivity disruptions or outages during data center migration projects.

Considering cloud migrations are a rising trend, this is a concerning issue. There is so much complexity baked into applications that comprise of numerous servers, networking and storage components as well as security infrastructure that spinning up a new application or making an update is fraught with risk. Many organizations today lack the necessary visibility of their application connectivity requirements and the underlying security policies. And when conducting a data center migration, these challenges are magnified. Before you make your move to the cloud, here are a few things to consider:

Securing Applications in Cloud EnvironmentsThe Move to the Cloud is a Business Decision, but Security Management Goes Hand-in-Hand

There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications as we’re in an application-driven business environment. If a critical application is down or performing at a non-peak level, the business will suffer. At a technical level, it’s understanding that most firewall changes are driven by business application connectivity needs and understanding the impact to these applications and to the network by making sure that you can associate all firewall change requests to the appropriate application.

Consider the Risk of Decommissioned Applications

When decommissioning applications or servers in the data center, many IT professionals have to manually identify firewall rules to change and if left in place, many unnecessary access rules are left creating security risk. Oftentimes, organizations simply leave those access rules in place because they don’t have the comfort level to remove those rules for fear of causing an outage. While you certainly don’t want to break the connectivity for a critical application, you also should have a plan to remove that unneeded access because more access leaves gaps for bad guys to exploit. Use your firewall rules (hopefully there is decent firewall rule documentation) to identify network components and applications that may be related to effectively remove unneeded access, without impacting the business.

Prioritize Network Vulnerabilities the Way You Want

Organizations want to prioritize network vulnerabilities by business application. Nearly half of respondents in the survey wanted to view risk by the business application. With this type of visibility, security teams can more effectively communicate with business owners and enable them to “own the risk”.

Reduce Complexity

Complexity is a killer of security and agility. Today’s enterprise network has more business applications with complex, multi-tier architectures, multiple components, and intricate, underlying communication patterns that are driving network security policies. An individual “communication” may need to cross several policy enforcement points, while individual rules, in turn, support multiple distinct applications. This complexity typically involves hundreds, or even thousands of rules, with many potential interdependencies, configured across tens to hundreds of devices, which equally supports as many business-critical applications. The sheer complexity of any given network can lead to a lot of mistakes, especially when it comes to multiple firewalls with complex rule sets. Simplifying security management processes through automation and an application-centric approach is a must.  

These are just a few security management considerations to take in while you continue in your plans to move critical business applications to the cloud. There are many valid reasons for moving to the cloud, but you must remember the implications of poor security management and how improvements here can not only ensure tighter security, but also a data center that is more agile and supportive of the business.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.