Fourth step in cloud migration – security

This is the fifth in a multi-part series. Follow the series here.

It’s almost redundant to say, but once you’ve chosen and qualified your security framework architecture, you need to deploy it before you actually migrate workloads.

There are two different (but related) security solutions that companies migrating to the cloud consider.  One is a Web Application Firewall, and this protects web-facing applications.

The Web Application Firewall or WAF is considered a Level 7 security solution:  in addition to protecting a web-accessible workload from OWASP top-10 attacks and DDoS attacks, it also manages access, and prevents outgoing data loss. 

The NextGen Firewall F Series or NGF is considered a Level 4 network security solution:  in addition to providing secure remote access to workloads in the cloud, it provides data protection against attacks and data loss, gives granular control over users and application access, and in hybrid configurations provides end-to-end visibility of traffic to and through the cloud.

Which you need (and often, it’s both) depends very much on your migration strategy.  These solutions need to be deployed before you begin migrations, otherwise you will open yourself up for attack and other challenges as soon as you begin moving workloads.  These solutions can be deployed in-the-cloud, or in the case of the NGF an on-premises VM version may be deployed to protect both existing on-premises workloads and ones migrated to the cloud. 

In either case, you’re simply following the framework reference architecture you qualified in the previous step.  Security is a one-to-many solution, i.e., you can secure multiple workloads using the same architecture.

We’ll look at considerations for migrating and building applications in the cloud in our next post.