Loading...
Tech Trend

How To Adopt A Best Practice Approach To Cloud Migrations

Sameer Malhotra is co-founder and CEO of TrueFort, a former Wall Street tech exec and an expert in IT infrastructure and cyber security.

Cloud computing has fundamentally changed the way organizations create, store and manage data. It has introduced remarkable opportunities to work faster and better. What’s often lost in the conversation, though, is that clouds also present new and often formidable challenges surrounding migrations and application dependencies.

Too often, cloud migrations can create havoc when application dependencies are murky or unknown. This increases both operational and security risks. However, identifying and cataloging these complex relationships can prove extraordinarily challenging.

Why Dependencies Matter

By nature, cloud migrations are messy. Part of the problem is that applications, systems and data take on radically different shapes and forms in the cloud compared to legacy systems. Too often, there’s limited visibility into complex relationships and dependencies, including in critical areas like communications and identities.

The problem is based on a simple fact: Most modern applications aren’t designed to operate on an individual physical server tucked away in a private data center. Clouds, with distributed application code and containers, introduce an entirely different environment for application programming and running apps. This includes the widespread use of containers, connectors and APIs.

Often overlooked in the eagerness to take advantage of clouds is that, while it’s relatively easy to orchestrate communication across containers, the situation becomes far more complex as multi-cloud frameworks emerge. Suddenly, it’s difficult to identify dependencies because functions coded into individual applications now reside in widely used and often-shared containers.

The impact of all this is significant. For example, when an enterprise migrates an application to a public cloud, the entire database must either travel with the application or remain accessible after the migration is finished. Without complete mapping for both local and external resources, the application and data may not function as intended. Not surprisingly, security risks also increase.

Gaining A Deeper View

The foundation for a more advanced security framework starts with the concept of security readiness. This must exist for every application that’s hosted in the cloud and must account for the fact that apps that are migrated to the cloud and cloud-native apps aren’t the same. While it’s possible to use DevOps processes to produce new cloud apps with embedded mapping and dependencies, legacy apps do not map to the cloud securely. As a result, achieving application-level visibility is a critical step toward reducing cyber risks.

One way to address the challenge is to adopt a behavioral-based dependency mapping framework for analyzing application behavior. By monitoring all activity performed by an application spanning network connections, data access and machine-to-machine communication, a behavioral-based dependency mapping framework builds a comprehensive profile over time by understanding flows, dependencies and various other relationships.

IT administrators and security teams can then drill down into applications and view specific events. They can also analyze these behavioral profiles to better understand specific interactions. What’s more, machine learning can be used to spot critical issues and pinpoint application behavior that falls outside of an expected profile. This framework also makes it possible to view the entire run-time environment in context via an adaptive application trust graph.

Consider these three capabilities for a behavior-based dependency framework:

Communications. You need detailed information about the length of sessions, types of commands used and volumetric data. Analyzing this information will offer clues into the characteristics of an attack by showing communications activity into and out of the application.

Dependencies. Knowing dependencies is the key to migrating securely and successfully. Consider solutions that automate the process of identifying and mapping application dependencies in real time. This will provide the context needed to understand run-time behaviors in relation to other modules that interact with an app in the cloud.

Credentials. Credentials management is another vital area. Look for security solutions that provide data about user access, systems and devices — including those with special administrative privileges.

Then, consider deploying a cloud infrastructure entitlement management (CIEM) system for identifying and remediating excessive, unnecessary and unused permissions. This makes it easier to address functional requirements and ultimately reduces the need for testing. The end result is reduced security demands on DevOps teams and other IT staff.

To be sure, putting a behavior-based application dependency framework into practice is not without its challenges. Traditional approaches such as security information event management (SIEM), networking monitoring and application management only provide siloed views of behavior. Trying to piece together these data sets, which are dynamic and constantly changing, to extract usable visibility is manually intensive and error prone.

Into The Clouds

With a behavior-based application dependency framework, an organization can gain a broad and deep view into the cloud infrastructure. There’s visibility across clouds, containers and workloads. There’s a structured approach to a migration that encompasses local planning, transition, hosting and testing. Finally, it’s possible to adopt continuous monitoring for an array of tasks, including connections to applications in legacy data centers and identifying systems that the organization can retire.

With the right tools and framework, migrating applications to the cloud and managing multi-cloud security becomes more manageable.

Source:How To Adopt A Best Practice Approach To Cloud Migrations

Leave a Reply

Your email address will not be published. Required fields are marked *