The below originally appeared on the AWS Partner Network (APN) Blog.
As many organizations continue to modernize their applications and migrate workloads into the cloud, navigating IT and security risks can be a challenge.
Further, starting a cloud migration process without a comprehensive and contextual understanding of your assets can be daunting. However, the business benefits are tangible, as the Hackett Group’s 2022 Cloud Services Study found that migration allows for a 20% cost savings over comparable infrastructure, as well as a 66% increase in efficiency for infrastructure teams, and a 45% reduction in security-related incidents.
With all of the advantages a cloud environment can provide, let’s dive into how you can get started. In this post, we will dive into how Axonius Cybersecurity Asset Management together with AWS migration services can help lay a foundation for a customer’s cloud migration strategy.
Axonius is an AWS Partner and AWS Marketplace Seller that’s a cybersecurity asset management platform which correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action to control complexity.
Creating a migration plan with a strategic approach makes any modernization journey more effective. To help customers understand the process, AWS segments a large migration process into three sequential phases: assess, mobilize, and migrate/modernize.
Figure 1 – Three phases of a large migration: assess, mobilize, and migrate/modernize.
You must first create a case for change and this is called the “assess” phase. It includes building a business case by aligning business goals, a total cost of ownership (TCO) report containing specific cost-saving analysis, and an executive-level presentation that can be leveraged internally.
AWS can help support this phase with a Migration Readiness Assessment, which includes a question survey and interactive activities. Mapping out the scope of your migration project will help you be more confident moving onto the next two phases of migration; mobilize and migrate and modernize.
Conducted as a one-day workshop, the Migration Readiness Assessment aims to align leadership teams, provide a consensus on decision-interdependence, and identify gaps.
Figure 2 – Migration assessment flow.
Building a Comprehensive Asset Inventory
Prior to moving to the “mobilize” phase, another key component of the assess phase includes understanding and outlining all assets and their related security posture requiring migration. This is critical to minimize risk and prevent vulnerabilities when transferring sensitive data.
Weak or improperly applied identity policies and permissions, unsecured development, test or production environments, misconfigured security policies, and compliance violations all present risk when migrating.
When assessing your environment, you want to be sure to have a comprehensive and contextualized inventory answering the following questions:
- What do you have?
- Where is it?
- Who has access to it?
- Who owns it?
- What is the criticality?
- What are the dependencies?
- What compliance requirements are in scope?
- How do you prioritize it? What’s critical, secondary and tertiary?
Lack of visibility into what’s being migrated and the related security controls also presents a set of risks. A 2021 survey by DIGIT reported that out of 700 CISOs, 89% are convinced that application security blind spots have emerged from the rise of cloud-related technologies. As the saying goes, “you can’t protect what you don’t know exists.”
To minimize these common security risks, prior to migration it’s important to ensure security and IT teams:
- Have a complete and comprehensive inventory of all assets in the environment, and understand the scope of vulnerability assessment coverage and how it will be extended to cloud infrastructure as a service (IaaS).
- Map out all security and compliance requirements, and understand where and how all current assets deviate from security policy. Measure those assets against common security frameworks such as Center for Internet Security (CIS) benchmarks.
- Identify cloud-native or third-party services that will be used to discover misconfigurations, and create an efficient process in place to remediate known misconfigurations as they’re identified.
- Have complete visibility into cloud consumption and a common data model in place to easily and quickly surface conditions across any cloud providers, accounts, and services.
By connecting to 650+ data sources, Axonius can help your organization plan a secure, efficient, and effective migration with complete visibility. Axonius fetches data from the tools already in your environment through simple API connections called “adapters,” providing a credible, comprehensive inventory of all devices, users, cloud assets, software as a service (SaaS) apps, and the related security posture.
With this inventory, Axonius helps discover coverage gaps, identify risk, and validate and enforce security policy where those gaps exist.
Axonius can also surface conditions across any cloud provider in a single query and rationalize IaaS infrastructure across multiple platforms in one concise view. This allows you to identify assets that should be migrated, which ones shouldn’t be migrated, and those that can be decommissioned entirely ensuring a secure, efficient, and effective migration.
Figure 3 – AWS asset summary in Axonius.
With a business case utilizing the AWS migration services that accommodate your project and a credible and comprehensive inventory via Axonius, you’ll have a security-focused migration action plan and proposal to close gaps and accelerate the next phase of adoption.
By adequately and thoroughly assessing an organization’s current environment prior to migration, security and IT teams can ensure the cloud migration is done both efficiently and securely.
During the assess phase of cloud migrations, Axonius can assist in setting the stage with granular asset-related data by providing a complete and comprehensive inventory of everything in the organization’s environment needing to be migrated. Axonius answers the question “What do I have in my environment,” as well as questions like:
- What dependencies are tied to each asset?
- Are they compliant?
- Which assets should be prioritized?
Axonius then provides the context and tools to take action. By setting your environment up for success using Axonius and creating a strong business case utilizing AWS migration services, customers are able to navigate the security challenges many organizations face during cloud migrations with ease and confidence.