Tech mahindra
Tech mahindra

Security considerations during Cloud Migration

Posted by: Natarajan Ramanathan On August 14, 2019 11:49 AM facebook linked in twitter

With Cloud computing, there is a substantial exposure towards new security and risk elements for organizations which often requires novel approach. But, any new approach developed to maintain standards is based on the responsibility held by the teams within the organization and the Cloud provider.

In this post, we look at the responsibility matrix in Security space within Organizations and the major challenges faced by them.

Roles and responsibility by Service Model

Cloud Security is a shared responsibility model between the Cloud Service Provider (CSP) and Customer. Managing the cloud security is critical to the business. As a refresher, here are the 3 major service models

Infrastructure as a Service (IaaS): CSP is responsible for physical security of the infrastructure and network. Customer is responsible for everything that is built on the infrastructure.

Platform as a Service (PaaS): CSP is responsible for virtual machines, operating system, middleware technologies and user are responsible for applications, data, and interfaces that are implemented on the platform.

Software as a Service (SaaS): CSP is responsible for everything except the data and interfaces.

Vulnerabilities and risks exist even in the cloud, so understanding the security challenges and your responsibilities are the great place to start. It is easy to handle the security challenges by following the best practices.


Security challenges in Cloud arena has remained the same irrespective of volume of servers being migrated. Few of the major challenges faced by migrations teams include data ownership, data control and security, migration methodology from On-prem to Cloud. Major threat upon a failure to implement these results in business data exposure and security breach.

Following are the 3 key areas to consider while planning for the Cloud Security:

• Organization level Security policy

o Compliance /Regulation (PCI, HIPAA, SOX etc.) policy based on geographic location of data

o New business processes to be implemented

o New skills to be learned

• Security of Data protection while in transit

• Security of Data protection at rest

Unprotected data (in transit or at rest) leaves the organization vulnerable to attack. Data encryption is the only effective security measure to protect them.

Organizational level Security Policy

There has been a significant change in last few years in managing security for data centers. As it changed to a shared responsibility model between Cloud provider and the enterprise, the focus shifted towards monitoring the Cloud infrastructure and their policies. The existing security policies needs to be redefined to fit for Cloud Security. Some of the key considerations while defining the Security Governance policy:

• Redefine the existing security policy based on on-premise as well as Cloud infrastructure

• Monitoring the security practices for the cloud host. This includes audit for logs, policies, user access, keys etc.

• Establish the Data protection policies

• Decide on what data needs to be moved to cloud and what data should stay on-premises

• Use of public and private subnet

• Security vulnerability remediation

• Effective Risk Assessment

• periodic environment audit

• Train the resources on security policies and impact on not following the standards

Data in Transit

Hybrid cloud is common for many companies as their data is in on-premise as well as in the cloud. Security Services such as secure web gateways can be deployed on-premise or cloud — an approach that is especially useful in corporate locations with many employees use distributed sites and remote offices to access cloud applications. The same flexibility is available with security applications for malware prevention and advanced threat protection. Once data protection policies are in place, it’s easy to deal with all the related security and compliance issues.

Data in transit is moving of data from one network to another network or Cloud environment. Data protection is critical because the data in transit is often considered as less secure. What is primarily required when Data is in transit?

• Enable https or VPN traffic

• Encrypting the traffic by adding SSL/TLS certificate

• Monitor the traffic/data copy

Data at Rest

Data at Rest is basically referred to the data that is stored locally or in the Cloud environment. Few mandate requirements to be followed while Data in rest:

• Encrypt the AMI, EBS volumes, S3 data using KMS keys

• Maintain the encryption keys including automatic rotation of keys

• Install latest anti-virus software

• Firewall rules & policies

• Control the root access & regular user access


Security is everyone’s responsibility and following various best practices and processes will help to deploy the application/data quickly and securely in cloud environment. Few of the tips to consider are:

• Take one step at a time. Start with non-mission critical apps/data to cloud first. This avoids downtime during the cloud adoption, protect accidental exposure of sensitive data.

• Define security policy that covers on-premise and cloud environments.

• Security scan to distinguish between good traffic and attack.

• Frequent Cloud Security Audits

• Dealing with Security breaches on case by case basis and revise the security policies based on that

In summary, the application and data security are the responsibility of you whether the application is in the cloud, on-premises or both. Migrating to the cloud does remove some of the on-premise’s IT security technical needs, however more proactive measures need to be considered for Cloud infrastructure as mentioned above.

About Author

Natarajan Ramanathan (Raj)
Natarajan Ramanathan is a Principal Architect at Tech Mahindra with more than 2 decades of IT experience spread across middleware technologies, cloud infrastructure services, and project management. He is responsible for cloud assessment, cloud migrations, infrastructure cloud architecture, and web obsolescence for multiple fortune 500 customers.

Tags: Connected Platforms & Solutions
(*) symbol is mandatory field
* Email Address:


(*) symbol is mandatory field

Post a Comment

* First Name:
* Email Address:
Image Code
* Enter Image Code

Contact Us


For further information please write to

For further information please write to