32:32

10(ish) Questions to Ask How When Migrating to or Using the Cloud

June 16, 2022


Listen on SpotifyListen on Apple Podcasts

Episode Summary

The cloud is the new ”hip” place where everyone wants to be. But not many know what being in such an environment involves — communication, regulations, collaborations, etc. 

Therefore, it is essential for companies, as Chris puts it, to ”look before you leap.”

In this episode of Dr. Dark Web, host Chris Roberts discusses all things cloud. He shares valuable tips on how companies should approach the cloud, what questions to ask vendors, and which segments to pay special attention to, including regulations and data security.

Podcast Expert

  • Host Name: Chris Roberts

Podcast Insights

🎙️ Have realistic expectations and create a migration plan. As Chris explains, the cloud is another technology you can implement to improve your business. Therefore, you must determine how, when, and why you want to do it. Nothing happens overnight, and it may take you months to enter this new environment. ”You are putting a 12-, 24-, 36-, 48-month plan in place for migration. And then, how are you going to use it more effectively? So it’s a very short one, but it’s probably the one that’s going to take the longest amount of time — rather than rushing in where fools go, take that step back, shine the light, and go, ‘What are we going to do at a technology and business level?’ That’s probably one of the big ones: How is this going to be used? What’s the effectiveness?”

 

🎙️When leaving data in a new environment, such as the cloud, you want to know who has access to it and manages it. Opting for the cloud has many benefits such as making it easier for companies/individuals to have all their data secured in one place. However, the cloud also involves a heavy workforce. ”You have a lot of people behind the scenes. You still have an entire data center that is filled with dedicated architectures that somebody has to support, manage, and provision. […] You need to look at the vendors in that supply chain and get deep and dark with those questions.”

 

🎙️Encryption is critical in the cloud. As data has become one of the most valuable currencies, you want to ensure that the information you put in the cloud is protected. Security is one of the most critical questions you want to discuss with a particular vendor, as there’s a possibility of third parties accessing and using your data. ”Your data is in the cloud. I’m hoping, for the most part, you haven’t put it up there, free and clear. I think it depends on what it is. If you put photos up there; we put those up on social media all the time. It is what it is. But if you, as an organization, are putting your crown jewels into that cloud, you’re going to make sure that there’s encryption in there. And then we get into the question as to who’s got the keys. […] I back up a couple of my core systems to the cloud; it’s my encryption. So the only person who can get to that data is whoever has my private key, the codes, and a whole bunch of other things.”

Episode Highlights

The Common Approach to the Cloud

”When we look at the cloud environment, you can treat it like a green field, which is, you can go into it. Most of us have terrestrial networks, so we’ve got stuff that’s brick and mortar, and we’ve got stuff in certain places. 

And unfortunately, what we saw in the cloud was that people just threw everything into the cloud and went, ‘Yeah, that’d be fine.’ Well, it wasn’t. 

The preference is to take that step back, look at it, and go, ‘How are we going to approach this? Are we going to look at this in a more logical manner? Or are we going to do better separation and segmentation? Are we going to look at it from the standpoint of how we can do identity and access management effectively?’”

Let’s Talk About Governance

”We, for the most part, all have to adhere to some types of compliance, government regulations, or whatever it might be. If you’re going to go charging into the cloud, and you’re flipping data, you sure as heck better make sure that that environment is able to effectively support the governance and compliance you need. 

Security should always go along with that. And that is one of those conversations, but as you start looking at it, you have to turn around and say, ‘Hey, not only is it on the governance side, but is it also on the business side of the policies? Does it help us with the end goals?”’

Ask Yourself: Can I Be More Disciplined in the Cloud to Use It Effectively

”You’ve built this environment. How are you going to ensure audit and compliance with it? How are you going to report? Can you rely on the vendor to help you with reporting? Do you have to do it yourself? The very tools that you use in your terrestrial system, how do they translate to being used in the cloud environment?

So a lot of the conversations to take a step back and go, ‘Okay, I’m effectively building an entirely new environment. How do I ensure its integrity? How do I ensure I can report on it and validate it when somebody asks me?”’

Third-Party Access to Your Data in the Cloud 

”I have my little slice of heaven, and I’ve got my little fluffy cloud; I’m very happy with it. And you’ve told me who’s operating and who’s managing it. Who else might have access? What third-party tracking is in place? Who’s pulling statistics off of it? Who are you selling the data to? Who’s got the rights? All of these other things have underlying management.

So, let’s say I sign up for my bit of cloud, put my data up there, and want to monitor and manage it. Would you have subbed that out with a third party? 

The cloud is like your terrestrial data center; you will constantly have people coming in and out of that data center, plugging stuff in, and doing work on hardware, software, and systems. So the same rules apply. You want to know who’s coming in and out and who might be able to touch or influence that system.”

What If Someone Gets Into Your Cloud System?

”We all know that data is currency. We’re aware of the fact that ransomware targets data. So then the question becomes that if somebody gets into my terrestrial system and somehow manages to get into my cloud system, and they encrypt the snot out of both of those, what options does the organization I’m subscribed to have to help me recover my data?

Are they taking snapshots? Is there any other way I can bring stuff back? So it’s useful to have a cloud — no two ways about it — for this kind of thing, but not if it’s directly connected, not if you’re using the same passwords, and not if the vendor doesn’t do a darn thing about it. So it’s only useful if you ask the questions and understand the options.”