In the wake of the COVID-19 pandemic, a growing number of companies are opting to move operations and data from internal servers to the cloud. However, experts warn of running headlong into a cloud migration without first considering the risks and challenges that such a move can entail. SUROS, a Taiwan-based IT solutions company, has striven to assist enterprises in navigating this complex process safely and securely with a range of solutions that includes information security governance, information architecture, data center infrastructure, and integrated planning across organizations.
Mark Chen, SUROS’ chief executive officer, notes that cloud migration affords companies a number of distinct advantages. For one, he says, the on-demand nature of the cloud makes firms that migrate to it much more operationally efficient, saving time and costs associated with continuous upgrades to the hardware and software that needed to be purchased in the past, as well as the personnel required to maintain such equipment. And moving operations to the cloud allows for more flexibility and agility as firms can pay according to their space and storage needs.
Another perk of cloud adoption is the high availability of cloud-native software as a service (SaaS), including machine learning and AI services, which users can subscribe to directly. In addition, companies that move to the cloud can quickly implement information security controls and ensure regulatory compliance as cloud services in general have obtained some degree of certification, such as ISO 27001 and CIS. “Those companies undergoing a digital transformation can thus focus their efforts on the services they offer their customers,” says Chen.
However, he warns, companies in a rush to move to the cloud often overlook some of the most basic guardrails to keep their information and that of their clients safe. Chief among these is the development of governance capabilities across organizations. In addition, Chen says, awareness among managers is very important for a digital transformation, as is determining the most appropriate amount to invest in a cloud migration. “At the outset, most businesses don’t need to hire a large consultancy; most times, they can get by with a medium-sized firm like us,” he says.
Chen says that organizations need to have a clear segregation of duties among their personnel, something which too many companies do not pay enough attention to when moving onto the cloud. “If your organization’s employee access privileges are not clearly defined, it will make the transition really messy,” he says.
Among the other key points that Chen emphasizes is the need for a revised business impact analysis (BIA), an assessment of the operational and financial effects of each function of a company, as well as a high level of visibility of the organization’s storage and management processes on the cloud. “In revising the BIA, companies need to understand that control on the ground and control in the cloud impact how their operations are interrupted or data is lost in different ways,” says Chen.
Lastly, Chen stresses that such interruptions or losses can be mitigated through proper management of cloud-based operations. Such management includes the implementation of threat intelligence and attack surface monitoring – recognizing and tracking the weak points in an organization’s security and services following a transition to the cloud – and plugging any holes with proper configuration, identity and access management, careful use of digital certificates, and data encryption. Companies that employ this approach are more likely to catch malicious actors hiding among legitimate users and ensure continuity of business operations.
According to Chen, other than being cognizant of the risks associated with operating on the cloud, businesses must invest in the right tools to keep their operations stable and data secure. He notes that, compared to many information security teams, which still rely on mainly on their human resources, the tools SUROS uses are all automated. Through the company’s work with American firms SAILPOINT, which provides identity management services, and CHEF, which specializes in automation software, SUROS is able to offer clients affordable, scalable solutions to ensure their digital transformation is as smooth, fast, and safe as possible.