THANK YOU FOR SUBSCRIBING
Editor's Pick (1 - 4 of 8)

Using Cloud migration as security opportunity
Cyril Segretain, Information Security Officer Europe, Uniqlo


Cyril Segretain, Information Security Officer Europe, Uniqlo
Building a Cloud project management methodology will enable companies to introduce security by design and start the security by default for the next projects.
As Information Security professionals, we need to be proactive on understanding Cloud technologies and their security. Cloud solutions were built to answer most of the problematics of their customers, so they often include security tools or capabilities. Enabling and using the embedded security in the Cloud solutions might already raise the security maturity of the company and answer to some main business risks such as resilience.
If security, instead of being an obstacle in application development and deployment, becomes a driving force for Cloud migration and implementation, there will be a possibility to review the global architecture to adapt it to the Cloud by including security and performance at the same time. And your company will be able to present a more secure and efficient product to your customers based on these enhancements.
Legacy systems can be a real problem for companies as they need to be maintained for a very specific business purpose that tends to accept all risks linked to discovered vulnerabilities or depreciation. Migrating these systems to a Cloud solution will help covering new vulnerabilities in a more timely manner and limit technical depreciation.
But the ease of access and use of Cloud technologies brings an important risk around shadow IT where applications and systems are neither secured nor known by the Information Security department of your company. With any incident on these specific unknown systems, such liabilities will only be noticed when impacts are no longer acceptable. Using Cloud solutions in a company needs to be driven to avoid shadow solutions and unidentified risks.
Cloud solutions are still new and constantly changing, therefore risks linked to these technologies need to be assessed. Indeed, Cloud is used to transfer some availability and material risks to the Cloud provider. Risk analysis must be performed on Cloud systems to implement security and define clear scopes of responsibility of different stakeholders.
The growing use of Cloud solutions and platforms is a great opportunity for every company to include information security by design, but it needs to be framed by a risk analysis to define responsibilities and security needs.
Weekly Brief
I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
Read Also
