nexon_blog_cloud_security_mission_critical_applications__v1

As organisations grow and evolve in complexity, structure, customers, people and geography, our thirst for technology increases and the breadth and scale of applications in our organisations expand. Often without realising, some of these applications have become ‘business or ‘mission critical’.

How to know what’s mission critical?

You’ll know by the feeling in the pit of your stomach when you consider them being compromised or completely inaccessible and the resulting impact on operations, customers and revenues.

Every organisation will be different. For some the mission critical application could be an Enterprise Resource Planning Solution (ERP), for others, vehicle tracking, financial systems, customer management or messaging applications.

Whether they fall into Finance and HR, Production and Inventory or Sales and Customer technologies, it’s time to categorise, prioritise and secure them in a way that protects and future proofs your enterprise.

Do you know where your mission critical applications are hosted?

Organisations know that legacy applications are at high risk of compromise, which often leads them to keep those applications where they can be seen – on-premise.

This is a greater risk than ever before, with on-premise legacy applications an increasingly attractive target for cyber criminals seeking high impact attacks with panic driven financial returns from unpatched systems built on and protected by old technology. Not to mention the risk of natural disaster striking when the office block next door sets on fire, as it did in Sydney last month.

Cloud brings opportunity and productivity to the fore

The productivity benefits resulting from cloud migrations are well documented. The migration process itself, however, brings with it a backbone of horror stories from the server room where plans weren’t structured, resources weren’t unallocated and curve balls caused unforeseen issue, downtime and delays.

Migrations can be scary if they’re not planned and diligently executed by a trusted and qualified team. It’s really important to reach out and get help whenever you need it, from a team well versed in transitioning critical applications to the Cloud.

If you’re migrating to the Cloud, be clear on your strategy, migration plan, timelines and accountabilities. We definitely recommend a getting a plan A, B and C in place so that you’re equipped to handle any curved balls that invariably arise.

 

Managing the data risk

Just because you can access your SaaS data whenever you want it, doesn’t mean it’s secure. Unfortunately SaaS and Cloud vendors tend to charge large egress costs to export data and sometimes don’t offer external data protection solutions for their services. Cloud backup solutions and Data Loss Prevention technologies are the most effective way to protect your organisation against data loss and emerging threats. A robust and independent backup solution ensures regulatory compliance and keeps your insurers happy too.

Questions to ask your back-up solution provider

Understanding what you need can be a minefield. And there are some critical questions you should be asking when it comes to data backups of your mission critical applications.

Here are a few basics your backup solution provider should be able to answer:

  • Is hosting on public or private clouds?
  • How often are backups happening?
  • How secure are your data centres?
  • What assurances / Service Levels can you provide?
  • How quickly can you restore my data?
  • Do you provide instant virtualisation if systems are compromised?
  • What is the pricing model – per user or per volume of data?
  • Where is your backup data actually hosted and in how many places?
  • How does it work in with my BCP and IR plans for data restoration in the event of compromise?

What about the information security of your mission critical applications?

Leaving security of your mission critical applications to the providers isn’t really enough. As SaaS and Cloud adoption is driving competitive advantage through speed, agility, responsiveness, accuracy and resilience, it also demands a focus on keeping security front of mind.

No organisation is infallible, and that includes the people behind the code and companies coding and running your mission critical applications. Security breaches on external applications increase the likelihood of downstream compromise and how they manage their data is out of your control.

It’s time to get a plan in place. When you’re looking to secure the data contained within your Mission Critical SaaS and Cloud applications:

  • Develop and implement a Cloud Security plan, policy and architecture
  • Identify your mission critical applications and data sets
  • Understand your user base, user roles, locations and device type
  • Check for system misconfigurations and poor system hygiene
  • Encrypt sensitive data with tightly managed encryption keys
  • Regulate application downloads with security authentication
  • Embed password protection principles as an imperative

Finally, talk to a Cloud security solutions provider with the experience, diligence and care needed to keep your mission critical applications safe and your organisation performing.

We’re here to help!

Learn more about our Cloud optimisation assessment today.