As more organizations are adopting cloud services in a “shift and lift” approach, a cloud security strategy designed to reduce the risks of cloud assets is crucial in preventing a data breach, with a priority on “sensitive” data encryption and authentication. That means moving an application and its associated data to a cloud platform, without redesigning it.

Some cloud migration strategies to consider is to rehost or refactor the applications:

• Rehost: This is infrastructure as a service (IaaS), or lift and shift. That allows the application to rehost without changing its architecture. That migration usually is fast and relatively inexpensive, but the ongoing operation might be costly since cloud efficiencies are not really leveraged.
• Refactor. Also known as platform as a service (PaaS): That allows the applications’ installation to a cloud provider’s infrastructure. In that case, developers can reuse languages, frameworks, and containers leveraging code, which is important to the organization. Some weaknesses could be some missing capabilities or incompatibilities, in addition to the transitive risk that needs to be investigated, and the framework lock-in.

A multi-cloud strategy will become one of the most popular among organizations in 2023

A multi-cloud strategy will become one of the most popular among organizations in 2023 with a substantial growth compared to 2021 as indicated in figure 1. It refers to the organization’s strategic decision to use for their cloud usage more than one infrastructure-as-a-service (IAAS) vendor. For example, an organization may host some applications with cloud provider 1 and some other such as backend with provider 2. That multi-cloud strategy always involves splitting computing workloads between more than one public cloud provider. Avoiding “vendor-lock-in” is one of the most common reasons, followed by cyber security and diversifying geographical potential points of failure.

Figure 1: Multi-cloud adoption worldwide in 2021 and 2023, by organization size. Source Statista 2023.

However, the data breaches are becoming a very serious threat when organizations migrate to the cloud and need to secure sensitive data and users’ access. According to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches involve human error, such as employees exposing information directly or by making a mistake that allows cybercriminals to gain access to the organizations’ systems [1].

A zero-trust strategy could be the solution to that threat, becoming one of the most preferred C-executives’ security choices around the world. One of the most widely used definitions comes from the National Institute of Standards and Technology (NIST):

“Zero trust is the term for an evolving set of cyber security paradigms that move defences from static, network-based perimeters to focus on users, assets, and resources. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”

Zero trust can be implemented with the following steps (Figure 2):

1. Identify every resource
2. Authenticate every request
3. Provide the appropriate and least privilege to the pre-authenticated workloads and then remove privilege once task is completed
4. Consistently monitor, control, and audit

Figure 2: Zero Strategy steps

Gartner predicts zero trust network access to be the fastest-growing network security market segment worldwide achieving a growth of 31% in 2023 — up from less than 10% at the end of 2021. It’s forecast to achieve a 27.5% compound annual growth rate (CAGR) between 2021 and 2026, jumping from $633 million to $2.1 billion worldwide [2].

Adopting the zero trust strategy will help organizations with the following advantages:

• Automatically disallow suspicious activity
• Limit access by providing Just-In-Time (JIT) and least privilege
• Detect attacks and anomalies
• Check and manage version accessibility

Zero trust is the best choice to reduce risk and improve security by investing in platforms that enable effective encryption and authentication management across their organizations

Zero trust helps organizations to prevent data breaches with a single platform and single sensor architecture — endpoints, workloads and other technology areas.  It is the ideal framework for organizations to secure external and internal users, workloads and similar environments as they migrate into a highly distributed cloud and mobile-centric world ^[3]. That strategy should be followed with modern authentication (more than password only) for access in cloud and software as a service application. While organizations understand in most cases the value of modern authentication, adoption is still not as widespread as expected, which may indicate an opportunity for providers to drive improved adoption. Zero trust is the best choice to reduce risk and improve security by investing in platforms that enable effective encryption and authentication management across their organizations.

Conclusion

Closing organizations and Chief Information Security Officers (CISO) need to develop a modern cloud migration and cybersecurity strategy that consists of the following steps:

• first to select their cloud migration strategy that suits their momentum, 
• Prepare a study that defines the sensitive data and applications that need to be secured.  That is one of the most critical steps, the identification of the network’s most critical and valuable data, assets, applications and services.
• Then, develop a plan, to implement the Zero Trust security policies. With sensitive data in place, it helps prioritize where to start and also enables the creation of Zero Trust security policies.
• A final study will allow identifying the users, which applications they are using and how they are connecting to the cloud to determine and enforce policies and modern authentication that ensures secure access to critical assets.

References

1. Verizon’s 2022 Data Breach Investigations Report (https://www.verizon.com/business/resources/reports/dbir/)
2. Gartner Identifies Three Factors Influencing Growth in Security Spending (https://www.gartner.com/en/newsroom/press-releases/2022-10-13-gartner-identifies-three-factors-influencing-growth-i )
3. 2022 Thales EMEA Cloud Security Study, Thales (https://cpl.thalesgroup.com/euro-cloud-security-research)