Capturing data is the lifeblood of the digital economy. But, as the volume of data soars, storing it efficiently and securely is an ever greater challenge for enterprise leaders. Little wonder then that companies continue to migrate on-prem data to the cloud in droves. Enter the complexities of a cloud data migration.
Data Security For Cloud Migration
Nowadays most organizations store some, if not most, of their data in the cloud. Unsurprisingly, large cloud vendors make it as easy as possible to migrate data to the cloud and provide a raft of tools to help.
Nonetheless, the ultimate responsibility for migrating data and maintaining its security is yours. Here are seven tips for safeguarding your valuable data before, during, and after a cloud data migration:
1. Understand What Data You Have
In the past, enterprises would often treat their data storage like an attic or a basement. Store things out of sight to save space, and it doesn’t really matter what the data gathering dust consists of.
Time for spring cleaning. With data so valuable, a potential migration is an excellent time to take stock of exactly what data you have. Is it in a form that will be usable now and later? How accurately does it conform to storage and retention policies within your data governance framework?
And, perhaps most importantly, what can you safely dispose of?
There are many data management tools available to assist the process of inventorying data. Most cloud vendors will offer their own solutions to help. There’s also a range of paid services available on the market.
Make good use of these tools and avoid the temptation to hoard. Too often companies hold on to data they no longer need. Unnecessary data retention (unless legally required) increases a company’s liability in the event of a security breach.
“Chisels Not Chainsaws”
“Often when an IT team is asked to deal with too many unstructured files or too much email, it doesn’t have the vantage point to properly understand the content—so the team defaults to a proxy rule, such as ‘last accessed’ or ‘age of file’. But that’s taking a chainsaw, not a chisel, to the problem. Data retention should turn upon the content and context of the information.
For example, the two least accessed and perhaps oldest documents in your home might be the deed to your house and your life insurance policy. In this instance, it’s probably not a good idea to be disposing of your household paperwork based on the age of documents and when they were last accessed.”
– Peter Sloan, Information Governance Group
2. Know The Data Compliance Regime
Before cleaning up your data, your organization must have a solid understanding of any compliance requirements in place.
In industries such as healthcare and finance, regulatory and government bodies have strict requirements for properly safeguarding stored data (and stringent penalties for violations一just ask Morgan Stanley). Careful adherence to these rules is incumbent on any organization planning a data migration.
Of course, it’s unlikely your organization will be unaware of its regulatory requirements. But staying ahead of changes to the regulatory landscape and ensuring compliance are perennial challenges.
Common regulations that cut across sectors include:
Sarbanes Oxley, introduced in the wake of the Enron and WorldCom scandals, sets out clear rules for the retention of documents relating to financial audits.
The European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018, mandates tight standards for any organization holding the data of individuals in the EU, wherever that company operates in the world.
HIPAA (Health Insurance Portability and Accountability Act of 1996), for data relating to an individual’s health.
The Gramm-Leach-Bliley Act (Financial Services Modernization Act of 1999) places an obligation on financial service providers to explain to their customers how their information is shared.
Outside of the EU, the California Consumer Privacy Act, in effect since 2020, is widely seen as the first step toward a more comprehensive approach to data privacy in the United States.
Make sure you understand the implications of such regulations for cloud data migration. Data may need to be cleaned, or audited, or transformed in some way in order to be appropriately transferred.
3. Access Control and Deduplication
Most IT organizations operate on the principle of least privileges. This states that end users should only have access to what they need to perform their job.
This principle applies very well to cloud data migration, too. Given the sensitivities of undertaking a migration, authorized personnel should have access to the data on an as-needed basis.
Of course, once the migration is complete, end users can regain access to the data they need to do their jobs.
| As an added precaution, deploy two-factor authentication for access control during a data migration. In two-factor authentication, even authorized users use this two-step process to ensure that data remains safe. |
Data deduplication (“deduping”) is another important aspect of your migration. Deduping is a technique for compressing the volume of data for migration. This can help with shrinking the footprint needed for the new data storage. By reducing the volume of data earmarked for migration, deduplication may lower costs and improve the overall security of your data.
4. Encrypt During Transit
Data in motion is particularly vulnerable to abuse. Encrypting data during transit is a crucial means of protecting data as it moves from one location to another.
Additional tactics are available for the best possible protection of data in flight. Those tactics include network security controls and encrypted network protocols.
For large scale data migrations, the cloud vendors are able to offer concierge-style solutions, which include the physical trucking of data-bearing media to the cloud data center.
5. Assess The Impact On Your Remaining Data Center
The actual transfer of data is only part of the work. You also need to keep careful tabs on any physical devices, such as drives or storage servers, remaining in your data center. Account for these changes in your IT asset management plan.
| Whether you’re undertaking a full or partial data center decommissioning, what are your plans for the storage equipment left behind after the migration? Will you reuse it within your organization or will you break the equipment down and remarket it? |
Ensure you have a robust checklist in place for your decommissioning activities, however large or small. And make sure to account for the physical security of the remaining storage media, and any other data-bearing equipment, at all times. Ask your ITAD company for support in this area. Also ask them how they plan to maintain a secure chain of custody throughout the decommissioning process.
6. Comprehensively Wipe Your Retiring Drives
Data sanitization is not an area to leave to chance. Talk with your IT asset disposition firm about its process for wiping your storage media. Also discuss what should be your reasonable expectations of return from the remarketing of the sanitized equipment.
| It’s incumbent on your company to ensure that the process of drive retirement is properly documented. A professional ITAD company should promptly issue you with certificates of data destruction, certifying that your drives were wiped according to industry standards. |
With the right wiping technology from an ITAD company that offers robust workflows and process visibility throughout, there should be nothing to worry about when it comes to securely wiping your storage media.
7. Understand your Cloud’s Security
You’ve migrated your data to the cloud and wiped your old devices, so now you can rest easy right?
Not yet. Whenever you move data to a new location, you need to reassess security and its limitations. This will require gaining working knowledge of any new access and entitlement conditions.
Clouds are relatively safe, but they too have their vulnerabilities. One security company recently found that certain common lapses in entitlement management could render parts of the AWS cloud open to attack.
Other security vulnerabilities can unexpectedly rear their heads from time to time, as they did for Microsoft Azure. Keep an eye out for any news of vulnerabilities, and ensure that you apply any necessary patches or setting changes ASAP.
These are just some of the many considerations to think about as your organization prepares to migrate data to the cloud. Get in touch with Horizon for expert assistance on ensuring data security and maximizing returns for retiring storage media during your cloud migration.
