Cloud Migration: Preserving Security and Functionality
A Case for Object Based Micro-Segmentation
Sean Ferguson, Deepika Bhandry, Connor Thomas
April 6, 2023
In the last 10 years, the cloud computing ecosystem has seen tremendous growth, and it shows no signs of slowing down any time soon. Estimates indicate that by the end of this decade, the size of the cloud computing market will skyrocket from just under $500 Billion to over $1.7 Trillion. Given the significant advantages that cloud computing offers organizations, perhaps this should not come as a surprise. The cloud allows for far more flexibility and scalability than the traditional on-premise model. The right provider can also offer significant cost savings. However, there are some risks to consider when moving to the cloud – chief among them is the continuity of security policies in the on-premise environment that must be migrated to the Cloud realm.
Tailoring Application SecurityUnder an ideal security posture, organizations and application teams should tailor security to specific applications. Applications typically have patterns of traffic, user bases, and architectural structures that all need to be considered for the best security configuration. Continuous threat monitoring of these applications should be done so that the customers/clients feel confident that their data and infrastructure are always protected.
However, the best approach to security is to work closely with app owners, infrastructure teams, and security organizations to have security that is customized for each application. These teams should be able to understand and justify traffic entering or leaving an application.However, because of this tailored approach, migrating a security configuration from on-prem architecture to the cloud could be a daunting task. If done incorrectly or carelessly, a poorly built infrastructure and security implementation can result in vulnerabilities that were previously mitigated. Even if the time and effort is available to rebuild the previously existing security configuration, it can still be a complex, tedious, and mistake-prone process to rebuild that configuration.
Object Based Micro-SegmentationOne possible solution to this problem is using label-based micro-segmentation. Micro-segmentation is a security technique that breaks data centers and applications down to the individual workload level. As a security implementation strategy, it is ideal because it reduces the attack surface allowing for better control of individual workloads and applications rather than relying on perimeter defense, stopping threats from moving laterally through networks.
Beyond traditional micro-segmentation, using a label-based approach to create and organize rules and security configurations is highly beneficial because for organizations migrating their servers from on-premise environments to the cloud, label-based segmentation platforms allow cloud migration without the need to continually monitor traffic and create new firewall protocols from scratch. Historical configurations can be replicated in real-time leveraging all previous effort.
Implementation in the Real WorldAn example of this technology that TranSigma has previously implemented is the Illumio Adaptive Security Platform. Illumio is a world leading Zero Trust Segmentation company, which helps stop breaches and ransomware from spreading across the hybrid attack surface using micro-segmentation. As a label-based micro-segmentation technology, it allows users to take advantage of familiar IT language to group workloads, and it allows users to create an infrastructure that is simpler and more consistent than traditional technologies. Cloud computing is ever growing, and with it the challenge of transitioning from a secure on-premise network to cloud environments. Micro-segmentation and label-based security is the answer to a secure cloud network and with platforms like Illumio, it comes with an easy-to-use system that reduces the tedium and complexity of traditional security allowing for more efficient management and cost savings.
About The Author(s)
Sean Ferguson, Deepika Bhandry, Connor Thomas
Deepika is a Senior IT Consultant at Transigma. In 2018, she earned a master's degree in analytics and systems from the University of Bridgeport. Since joining the TranSigma team, her main practice areas have been in lateral movement and network security, process improvement, and technology implementation. Deepika is driven to deliver elegant solutions to difficult and important problems facing her clients.
Sean began his career at TranSigma in 2018 after earning his master's degree in business administration with a concentration in finance from Sacred Heart University. As a member of the TranSigma team, he has helped clients from the Defense and CPG industries across many functions and disciplines including Cybersecurity, Human Resources, Finance, Procurement, and Accounting. Recently, he has become the leader of TranSigma’s Celonis practice. His expertise and passion lie in implementing new and innovative technologies into organizations so companies and people can leverage the power of technology to unlock maximum potential.
Connor joined TranSigma in 2020 after graduating from the College of Emergency Preparedness, Cybersecurity and Homeland Security. As a Senior Cyber Consultant for TranSigma, Connor wants to ensure a service of top-level cybersecurity for TranSigma and its clients; always continuing to learn in his field to stay up to date on the current cyber landscape. Thanks to his work at TranSigma he has experience in the field of Vulnerability Management, Cyber Data, Lateral Movement and more. Connor enjoys using his positive personality to work with teams to accomplish next level goals in the Cyber and Tech industry.