Recently, we conducted an independent survey of 300+ Oracle application customers to uncover what’s holding IT decision makers (ITDMs) back from moving their Oracle applications to the cloud. The resulting study uncovered myths around cloud migration that many ITDMs still believe to be true, with good reasoning, although many of these have since been debunked.
One of the most interesting, but perhaps least surprising statistics: 97% of ITDMs ranked security as the main concern still holding them back from migrating to the cloud.
Myth Busting: Security Concerns Outweigh Cloud Benefits
ITDMs are right to be concerned about security risks – it’s impossible to escape, as we are consistently seeing security breaches as a trending topic in the news and on social media. No one wants to be the next Equifax or Bad Rabbit. It’s a risk/reward analysis, and the cost savings and flexibility benefits of the cloud may not add up in many IT decision makers’ minds as worth the risk of a security breach.
In Apps Associates’ recent study, ITDMs ranked “the loss of data and the theft of credentials” as one of the biggest concerns about moving to the cloud. When asked point-blank, “When it comes to moving to the cloud, what is your biggest concern?” the majority of responses centered on security. Some of the verbatim responses received include:
- “Security is always our biggest concern and also uptime of the application in the cloud”.
- “Security, as it drives many factors in our IT department today”
- “Data breaches”
- “Security especially when substantial customer data is involved”
- “Security and getting the systems back online”
- “Protecting customer privacy data”
The study results were clear. For ITDMs, security isn’t just top of mind – it’s crucial not only for the evolution of their careers, but also for the success of the entire company.
But there is a way to move to the cloud securely. As cloud becomes the de facto standard in IT, significant advancements have been made to ensure the migration and management process is feasible to do in a secure fashion. This is especially true on more advanced platforms like AWS, that have already created the infrastructure enterprises need as the foundation to construct a secure environment.
Move It, Manage It: Securely in the Cloud
Not only is it feasible to securely migrate to the cloud, it’s also the more effective option. In many cases, the cloud environment is more secure than what most organizations can provide on their own. Security in the cloud can be deployed to meet the same level of security that an on-premise environment can provide – except there’s the inherent benefits gained from cloud such as flexibility, agility, cost and resource models.
The major cloud providers today also have a large a partner network, something that many on-premise infrastructures don’t have, which allows for customers to have a larger range of professional services available which helps companies to deploy cloud-based security properly, scale and be more agile. Beyond the additional support cloud offers, it was found in a recent survey by Alert Logic that the variations in threat activity is not that dependent on where the infrastructure is located – whether on-premise or in the cloud.
AWS Shared Responsibility Model is a great example of the foundation provided by a secure cloud provider. With this model, there are clear responsibilities on what your organization is responsible for versus what the cloud-service provider is responsible for. The model calls for AWS to secure the cloud itself – all the hardware, software, physical infrastructure and assorted connections including networking, database, storage and compute resources. Meanwhile, the customer is responsible for all system security above the hypervisor – things like data, platform, applications, operating system and networking traffic protection. AWS also achieves third-party validations for thousands of global compliance requirements and updates security controls on a regular basis.
AWS also provides companies with fine-grained access control to their information on the cloud, even to things that would be much harder to access when they’re on-premise. CIOs who have been working with data and servers that are on-premise for a while might not even normally have a clear understanding of where all of their information is — but by storing it in the cloud, CIOs can feel safe knowing it’s all in one place. Working with established public cloud offerings such as AWS and having clear rules on who is owning what will make the transition a secure one. Partnering with professional service providers, such as Apps Associates which maintains the skilled, certified resources and an integrated toolset from technology providers such as AlertLogic, can also help ensure the transition is done safely and the migration is as smooth as possible.
Tactical Tips: Migrating Over
Alongside choosing a secure cloud provider, some tips to keep in mind include:
- ITDMs should assess and plan for all source data to be transferred. The data should be encrypted at rest on the source prior to transfer with a strong encryption algorithm.
- Hardening of the server must be performed before copying any data. Allow only specific and minimal sets of ports with restrictions to specific IP and CIDR.
- Proper authorization and access control must be implemented to restrict access to data sourced, transmitted or stored in the cloud.
- Establish audit and monitoring which must be enabled, maintained, monitored and archived for ongoing and historical analysis at any moment in time.
Moving to the cloud can seem like a daunting task, however it’s one that organizations that want to stay ahead of competition must be thinking about. Per our recent study, 3 out of 5 ITDMs say they’re planning to move their Oracle legacy applications to the cloud this year. Moving securely is possible – don’t get left behind.
Bill Saltys is Senior Vice President, Alliances. Bill is responsible to drive the strategic direction of a cross-functional program across Apps Associates focused on customer value through alliances with industry leaders that will enable cloud adoption, transformation and managed services. Prior to joining Apps Associates, Bill held executive and senior management positions within the high technology sector in both entrepreneurial firms and Fortune 500 companies such as Texas Instruments and Digital Equipment Corporation in the areas of strategic planning & engineering.