Secure cloud network architectures

How automation mitigates security concerns surrounding cloud migrations

Roberto Garcia
© Shutterstock / Natali_ Mis

Organizations continue moving to the cloud, and they show no sign of slowing down. However, many IT and security professionals have reservations about security when it comes to the cloud. In this article, Roberto Garcia discusses how automation helps minimize risks resulting from human error and protect against common security mistakes when migrating to the cloud.

As 2019 wraps up and 2020 kicks off, many popular year-end predictions for IT tout the ongoing digital transformation across most industries. As Gartner recently found that up to 60% of organizations will use an external service provider’s cloud managed service offering by 2022, it’s no secret that organizations will continue migrating to the cloud at full speed. Industry experts may understand that cloud migration is inevitable, however, knowing how to accomplish this feat efficiently and securely can make or break cloud deployments.

Security is consistently found to be the top reason for organizations that have opted for cloud migration. A recent LogicMonitor survey found that 66% of IT professionals list security as their greatest concern when it comes to cloud migration. The alarm is even more prevalent in DevOps, where as many as 73% of security professionals admit that their organization does not have privileged account access in place.

SEE ALSO: The impact of ML and AI in security testing

The good news is that, with proper planning and implementation, data can be securely transferred from both on-premises and legacy systems to the cloud with minimal risk. For example, the most secure cloud network architectures often require a demilitarized zone (DMZ).

As the name implies, the DMZ is a virtual “no man’s land” when it comes to data. It is a buffer that resides in between an organization’s external-facing network and limits access to internal network assets. The DMZ also serves as a contained safe space in which data can be audited for potential risks, eliminating the need for file encryption, store-and-forward systems, or polling for changes to secure data. Most of all, PCI DSS requires that all organizations implement a DMZ to separate payment networks from untrusted sources.

Automation also is key to seamless cloud migration, as it impacts both security and efficiency. One of the greatest benefits of automation is that it helps to minimize risks resulting from human error. Mistakes happen, but the risks posed by human error is not to be underrated as Gartner recently predicted that 99% of cloud security failures through 2025 will be the customer’s fault.

Workflows and file transfers are ideal processes for automation in a cloud environment. Other automated capabilities include P2P and B2B transfers, multi-factor authentication, auditing, and reporting. Organizations that plan to automate these processes can expect to save time and increase efficiency surrounding cloud migration.

SEE ALSO: Security engineering: Glide path for software products

Automated data transfers enable seamless cloud migrations on other fronts as well. By using a single outbound connection, overhead costs can be significantly reduced in comparison to traditional proxy and firewall configuration. Another example is specific to the DMZ, which can automatically map and route connections to secure sites on the network resulting in reduced total cost of ownership and simplified network maintenance.

As more organizations make preparations to undergo the digital transformation in 2020, those that put security concerns to ease at the onset can instead focus on deploying with efficiency. Automation will be key to maximizing efficiency in pursuit of the cloud. Seamless cloud deployments should be the expectation in 2020. Security should be a given.


Roberto Garcia

Roberto Garcia has more than 20 years of experience in defining, architecting, managing, and implementing a broad range of information systems and applications, focusing on computer security and IT compliance. As Globalscape’s VP of Product Strategy and Engineering, Garcia is responsible for strategic and tactical product planning and the entire product life cycle for Globalscape products.

Previously, Garcia served as Chief Architect for the intrusion detection engine of Symantec’s Norton Internet Security product. Prior to Symantec he served as Director of Product Development for the L-3 Network Security’s risk assessment and vulnerability management product suite, as well as Foundstone’s award-winning Enterprise Vulnerability Management System. Garcia has been an integral part of two successful acquisitions by industry leading information security companies: Symantec and McAfee. In addition to his management experience, Garcia has technical expertise in security technologies including Intrusion Detection,Vulnerability Management, and Assessment and Enterprise Risk Management. Garcia holds a BS degree in Computer Science from Marist College.

Inline Feedbacks
View all comments