Pros and Cons of Moving File Storage to the Cloud

Cloud migrations are at the heart of many digital transformation efforts. Going cloud-first allows you to be more agile, efficient, and flexible. It also promotes collaboration and empowers you to build a remote global workforce. But what are some challenges people face while migrating their infrastructures to the cloud? How do you align your business objectives with your cloud initiatives? How does security fit into the picture?  

What are the benefits and challenges of moving to the cloud?

At the start of the discussion, attendees talked about the benefits and challenges of expanding to the cloud. A CISO said that the elasticity and scalability of cloud platforms are the primary reasons people are moving to the cloud. A director of data analytics added that cloud platforms offer ease-of-use and portability. However, data security is a concern. A senior technology executive remarked that they are finding it hard to set granular access control policies for their cloud resources. A CSO told the audience that mitigating security misconfigurations and human error has been a major challenge for them. Multiple executives believed it’s hard to control costs on the cloud, making it challenging to perform financial forecasting.    

Aligning business goals with cloud initiatives

A participant shared some questions you should answer when starting your cloud journey.  

• Which of your applications are mission-critical?
• Where are these applications currently residing?
• After you migrate to the cloud, how will these applications access the data they need to run efficiently?
• Which services will you be offering to your customers?

Answering such questions will equip you with the insights you need to deploy, secure, manage, and scale your cloud infrastructure.

Having a well-defined security policy for managing cloud environments is also essential. A speaker mentioned that they have compiled a list of minimum cloud security controls and implemented a way to validate configurations. When dealing with third parties, they enforce a shared responsibility model through a responsibility assignment matrix (RACI). All this has allowed them to improve their security posture.  

Insurance companies are driving adherence to security standards

A contributor stated that you couldn’t get cyber-insured these days unless you have a mature security program—the statement resonated with other audience members. To determine your eligibility for a policy, insurance companies perform audits on your infrastructure and gauge your adherence to modern cybersecurity maturity models. Failure to demonstrate a high maturity level typically means you don’t get insured. Insurance companies are pushing organizations to become more security conscious in some ways.  

The importance of having a data retention policy

A speaker commented on the importance of having a clearly defined data retention policy. The key is regularly reviewing data and identifying files/objects that haven’t been used in a long time. If a file hasn’t been accessed for X years, schedule it for deletion, unless someone can justify the need to make an exception. Indefinitely storing large amounts of data needlessly increases your attack surface and total cost of ownership.  

‍