EXPAND

Your Skill Set with the

CCSP
As organizations increasingly make the transition to the cloud,
cybersecurity practices are shifting to a cloud-based paradigm.
According to the latest Thales Data Threat report, 98% of surveyed organizations have some sort of
sensitive data in the cloud. In addition, these organizations are increasingly relying on multiple cloud
platforms to reap the benefits of scalability, flexibility, availability and reduced costs. However, cloud environments
are not without security challenges and vulnerabilities.

Cloud security is a key concern for organizations. The main challenge organizations migrating to the cloud face
is creating a consistent security posture across their on-premises and cloud-based resources. The reality is that
traditional security policies are not adequate to effectively and seamlessly implement robust security across a
cloud environment. Organizations, therefore, need to turn to dedicated cloud-based security solutions to address
cloud-related risks and challenges.

Cloud security is also a key concern for cybersecurity professionals as they work to broaden their cloud skills to
meet these challenges.

Qualified cloud security professionals are an essential factor for securely migrating to the cloud.
They provide valuable expertise and knowledge to all stakeholders throughout the migration process – from the
initial planning stages to the deployment and everyday operations to ensure that their organization can enhance
collaboration and innovation in the cloud.

To help organizations navigate in safe waters, we have asked Certified Cloud Security Professionals to offer advice
and insights on the steps an organization should consider when planning to migrate to the cloud securely.

20 Tips for Secure Cloud Migration 2

Contents
Section 1: Assess Your Current Section 4: Prepare and Maintain
Infrastructure and Readiness Compliance
1. In-depth analysis of requirements 13. Responsibility does not get outsourced
2. Rationalize assets 14. Get guidance from auditors
3. Classify and understand 15. Relevant legislation at
storage locations
4. Modernize
16. Assess the need for new co ntrols
Section 2: Establish a Plan
5. Security from the outset
Section 5: Prepare Your Team
17. Assess roles and responsibilities
6. Security in every component
18. Dedicated cloud team
7. Understand dependencies
19. Ensure robust knowledge and skills
8. Take a phased approach
20. Provide training
Section 3:
Consider the Security Risks
9. Understand the attack surface
10. Cloud is a unique environment
11. Risk & responsibility remains
12. Need for strong encryption

20 Tips for Secure Cloud Migration 3

Assess Your Current
Infrastructure & Readiness
Once organizations have defined their business objectives and the strategy to materialize
these objectives by migrating to the cloud, they need to review their infrastructure and
assess the feasibility. A certified security professional can become a great asset in this step
as the foundational knowledge on cloud security can blend with business objectives to
facilitate an in-depth review of the current status.

• Start with In-depth Analysis

• Rationalize the Assets
• Classify and Understand
Your Data
• Evolve Your Security

20 Tips for Secure Cloud Migration 4

Start with In-depth Analysis
Obtaining visibility into your
organization’s infrastructure, data
and applications is the foundation
There are no shortcuts:
of every security policy. You need
to have a deep understanding
Always start with an
of the application dependencies in-depth analysis of the
and perform a cost-based analysis application requirements,
to determine the real cost of dependencies and the
upgrading to the cloud versus the relations with the
expected added value.
underlying infrastructure.

Carlos Lopez,
CISSP, CCSP,
Security Correlation Engineer,
San Jose, Costa Rica

20 Tips for Secure Cloud Migration 5

Rationalize the Assets
Organizations depend on
applications to deliver services
and products to their customers.
Application Rationalisation:
Review and assess the feasibility
of moving these applications to
Understand your applications
the cloud as some apps may be landscape and identify
cloud-ready, while others will have if applications can be
to be modernized. Depending ported to the cloud. Some
on the results of the analysis, you applications can be lifted and
may need to opt-in for a hybrid
shifted to cloud, but some
deployment model, where some
require development to be
of your applications and data will
cloud native.
continue to reside on-premises, Jana Subramanian,
while others will migrate to the CISSP, CCSP,
cloud. Principal Cybersecurity Advisor,
Singapore

20 Tips for Secure Cloud Migration 6

Classify and Understand Your Data
Data identification and
classification is the first step to
effective data protection. It is
essential to identify what and
where your data is and assess their Classify and understand your
criticality and sensitivity. Once
you have classified your data, you
data. Follow its lifecycle and
can then select the appropriate protect it with appropriate
controls to safeguard them. security controls. Data has
Corporate and personal data are a very different risk profile
lucrative targets for bad actors
who always try to find gaps in data once it is out of your ‘house’
protection to steal or compromise or controlled. Do not take
data, then use it to launch other that lightly.
attacks against corporate networks
Shan Shan Au Yeung,
CISSP, CCSP,
such as impersonation or business
Group Information
email compromise.
Security Manager,
Singapore

20 Tips for Secure Cloud Migration 7

Evolve Your Security
Your security will have to evolve
together with your infrastructure.
Traditional, perimeter-based
security controls are not adequate
in a native cloud, multi-cloud or When migrating to the
hybrid environment. Assess your cloud, reassess and redesign
security policies and practices to security to meet the latest
understand which can be used to requirements and make
secure your data and applications
the solution fit for modern
in the cloud. Your security posture
will need to afford the same
integrations and cloud
effectiveness in the cloud as on- environments.
premises and address cloud risks Jonathan Bentley,
and challenges. CISSP-ISSAP, CSSLP, CCSP,
Chief Enterprise
Security Architect,
London, U.K.

20 Tips for Secure Cloud Migration 8

Establish a Plan
Following the assessment of the on-premises infrastructure, businesses need to establish a solid plan to
move securely to the cloud. Cloud security is always an ever thought and should be the foundation of
every decision. With cloud security being a shared responsibility, assess the security solutions offered by
cloud vendors, and select the controls required to secure your apps and data in the cloud.

• Security from the Outset

• Security in Every Component
• Understand Dependencies
• Take a Phased Approach

20 Tips for Secure Cloud Migration 9

Security from the Outset
Cloud security should be
designed and implemented
in your solution from day one.
Bring security to the table
Evaluate the security protections
offered by each cloud provider
from the very beginning and
and always remember that the build security in by design,
responsibility for protecting your rather than retrofitting it at
data and applications in the cloud some later point which will
lies with you. Encryption, access cost more and may lead to
controls, firewall configuration
disaster.
and API configuration should be
considered in every cloud security
migration strategy. David Hatter,
CISSP, CCSP, CSSLP,
Cybersecurity Consultant,
Ohio, U.S.A.

20 Tips for Secure Cloud Migration 10

Security in Every Component
Avoid vendor lock-in. Opt for
multi-cloud architectures as cloud Whilst you may not have
providers offer native security visibility of the complete
solutions that only work seamlessly migration, try and bake in
in their own infrastructure and as much security as possible
environment. Select a vendor- into every cloud component
agnostic, cloud-based security from the get-go. Create an
solution to protect and monitor extensible cloud architecture
every component of the cloud. that can accommodate a range
of workloads without needing
constant reworking, and can be
re-deployed easily. Invest in cloud
security monitoring, and incident Abhishek Vyas,
response, and get eyes on glass CISSP, CCSP,
for this, much of cloud is public Cloud Security Architect,
Cardiff, U.K.
by default. Don’t forget, you still
need to back up your data when
using the cloud! Ensure that
restores happen within business
tolerance!

20 Tips for Secure Cloud Migration 11

Understand Dependencies
Your in-house applications
and data have dependencies
that need to be reviewed and
Understand all
understood. Communications and
interfaces to other services and
dependencies and have
reliance on internal or external an agreed upon list of
workflows need to be evaluated minimum requirements.
and redesigned for scalability in You need buy-in from
a cloud environment. Failure to your stakeholders and
do so may result in costly service
leadership more than ever
breakdowns.
because of how major
Fernando Deanda,
a task migration can CISSP-ISSAP, ISSEP,
become. ISSMP, CCSP,
Risk Management Framework
SME & Infrastructure Manager
Texas, U.S.A.

20 Tips for Secure Cloud Migration 12

Take a Phased Approach
Cloud migration is not a one-off
exercise. It needs careful planning,
with well-defined phases and
expected outcomes. Establish
measurable deliverables and Plan the cloud migration in
closely monitor each migration
phases - embedding security
phase to ensure requirements
are met. Consult with your cloud
controls right from the
provider’s senior technical staff for design stage and evaluate
the best approaches and always the migration strategy on an
keep security at the forefront. ongoing basis.

Minghui Wu,
CISSP, CCSP,
Technology Audit Manager
Singapore

20 Tips for Secure Cloud Migration 13

Consider the Security Risks
As cloud environments blur traditional business boundaries and increase the threat
landscape, organizations need to be aware of the impending risks. Configuration errors,
weak identity and access management, poor authentication and authorization controls are
credible risks that businesses need to address to reduce the impact of potential security
incidents. With security in the cloud being the sole responsibility of the cloud customer,
certified security professionals can bring invaluable knowledge to their organizations to
effectively mitigate known (and unknown) risks and threats.

• Understand the Attack Surface

• Cloud Security is Unique
– Rethink Processes
• Risks and
Responsibility Remain
• Ensure Strong Encryption

20 Tips for Secure Cloud Migration 14

Understand the Attack Surface
Migration to the cloud will alter
your threat surface. Corporate
boundaries will blur and
new risks and challenges will
emerge. Failure to understand “Understand your attack
your attack surface will result
surfaces and risk tolerance
in security oversight and gaps
in policies and practices. Your
level. On-premises and
security controls will also need to cloud are of different
migrate to address new risk and paradigms which justify
compliance issues specific to the different approaches in
cloud. managing the resources
securely. Si Wei Cheong,
CISSP, CCSP,
Cyber Security Analyst
Singapore

20 Tips for Secure Cloud Migration 15

Understand the Attack Surface
Migration to the cloud will alter
your threat surface. Corporate
boundaries will blur and
new risks and challenges will
emerge. Failure to understand Refuse to rely on your
your attack surface will result
understanding of on-prem
in security oversight and gaps
in policies and practices. Your
security processes and
security controls will also need to procedures. Be willing to
migrate to address new risk and treat the cloud as unique,
compliance issues specific to the requiring unique processes
cloud. and procedures.
Vincent Romney,
CISSP, CCSP,
Enterprise Security Architect
Utah, U.S.A.

20 Tips for Secure Cloud Migration 16

Risks and Responsibility Remain
Data and application security in
the cloud is the sole responsibility
of the cloud customer. While
No matter which cloud
the cloud provider assumes
responsibility for the cloud, you
service provider you
are responsible for protecting entrust with your
your customers’ data in the data, services and/or
cloud. This is the foundational infrastructure, ultimately
principle of cloud security. you cannot transfer the
Failure to understand the Shared
risk and responsibility
Responsibility Model results in
of protecting and
costly data breaches.
securing your clients’ and
Kimberley Dray,
customers’ data. CISSP, CCSP,
Senior Information
Security Analyst,
Victoria, Canada

20 Tips for Secure Cloud Migration 17

Ensure Strong Encryption
When it comes to data security
in cloud environments, the key
overriding principle is encrypt
everything. We cannot stress Strong encryption must be
enough the value of ensuring
applied to all data-at-rest
strong encryption of all corporate
data in the cloud. This includes
and data-in-transit. If possible,
design and implementation adopt data-in-memory
measures to safeguard your encryption in the cloud.
encryption keys. A compromised
key opens the door to your data.

Feng Wei Ni,

CISSP, CCSP,
Security Architect,
Toronto, Canada

20 Tips for Secure Cloud Migration 18

Prepare and Maintain Compliance
GDPR, CCPA, HIPAA, PCI DSS and other sector-specific regulations mandate security and privacy
requirements to safeguard sensitive and personal data, and ensure the reliable and safe delivery
of critical services, such as energy, oil and gas, and transportation. Organizations need to have
a thorough understanding of all regulatory requirements and be prepared to prove compliance.
Accredited security professionals can act as trusted advisors to legal and executive staff
because they understand how these requirements can be met without impacting
the performance of cloud-based services.

• Responsibility Does Not Get Outsourced

• Get Guidance from Auditors
• Relevant Legislation
at Storage Locations
• Assess the Need for
New Controls

20 Tips for Secure Cloud Migration 19

Responsibility Does Not Get Outsourced
Just like you are responsible for
security in the cloud, you are also
Understand the roles and
legally bound for mitigating the
responsibilities of the
effects of a cloud-related data
breach. You cannot outsource the enterprise vs. the Cloud
impact of a data breach. Selecting Service Provider. So often
the appropriate controls to protect I hear people state that
and safeguard your applications, something is not their
services and data in the cloud problem since they are on
can help you minimize both the
a cloud provider’s platform.
potential of a security incident and
the impact of such an event.
That’s simply not true and
the enterprise gets burned
Tara Hunter,
when they later find out CISSP, CCSP,
they are always ultimately Senior Cloud Security
Engineer,
the responsible party for
Virginia, U.S.A.
their data.

20 Tips for Secure Cloud Migration 20

Get Guidance from Auditors
If your organization is operating
in a highly regulated environment
such as the healthcare, finance
If you are in a highly
or energy sectors, seek guidance
and advice from your compliance
compliant environment,
auditors. They will be happy to ask your auditors for very
assist you. A single cloud-related specific cloud requirements
security incident affecting critical before you decide to move
infrastructure might have a to the cloud. Don’t forget
crippling effect or severely impact
to ask them for scenarios
an organization.
where cloud may cause a
compliance violation.
Adele Farhadian,
CISSP, CCSP,
Owner & Managing Director,
Vancouver, Canada

20 Tips for Secure Cloud Migration 21

Relevant Legislation at Storage Locations
National and transnational
privacy and security legislation,
like GDPR or CCPA, have Know where your
defined requirements for provider will store
data portability and define data and the legal
protections for data residing in
jurisdiction it falls
their territory. Cloud providers
may store your data in physical
under. You need to be
locations different from your aware and compliant
headquarters’ location. Fully with the regulations of
understand these security and both your own country
privacy regulations to design and the jurisdictions
your security policies and where your data is Charlie Platt,
controls to ensure compliance CISSP-ISSMP, CCSP,
physically stored.
and avoid costly penalties. VP of Technology and
Information Security,
Virginia, U.S.A.

20 Tips for Secure Cloud Migration 22

Start with In-depth Analysis
Obtaining visibility into your
organization’s infrastructure, data Understand that when
and applications is the foundation
moving to the cloud,
of every security policy. You need
to have a deep understanding
enhanced flexibility comes
of the application dependencies with more exposure to
and perform a cost-based analysis attack, and also a need for
to determine the real cost of different controls. As you
upgrading to the cloud versus the consider moving existing
expected added value.
systems to the cloud, you
need to evaluate whether
the new controls, combined
Keith McMillan,
with the new risks, can be CISSP, CCSP,
adequately addressed by Technical Fellow,
the controls available to you Wisconsin, U.S.A

in the new environment.

20 Tips for Secure Cloud Migration 23

Prepare Your Team
The lack of appropriate training is a barrier to effective cloud security. In recent years, organizations
have realized the power of having security teams that possess a foundational understanding of all
things cloud – from initial planning and risk assessment to understanding compliance requirements
to implement multi-cloud security. A security team with a multi-cloud skill set will help your business
harness the power of the cloud without security headaches.

• Assess Roles and Responsibilities

• Create a Dedicated Cloud Team
• Robust Team Knowledge and Skills
• Provide Ongoing Training

20 Tips for Secure Cloud Migration 24

Assess Roles and Responsibilities
Agile and DevOps teams, the
convergence of IT and Operational
Technology (OT) and cyber-enabled Strong partnership with
Industrial Control Systems (ICS)
security, application
require the shifting of the security
mindset toward a holistic model, development and
deeply integrated into organizations’ infrastructure teams is
workflows. Security risks in the
cloud are operational risks and need critical. Due to some
to be addressed by all corporate of the security controls
stakeholders. This new mindset
requires an assessment of current moving into a different
roles and responsibilities to make OSI layer, different roles or
them consistent with flexible,
scalable cloud environments. Security
jobs will need to assume
teams need to collaborate and responsibility for security
work closely with all stakeholders to Kris Boike,
control development, CISSP, CCSP,
enforce a cloud-first security mindset.
testing and adoption. GRC Sr. Manager,
Minnesota, U.S.A.

20 Tips for Secure Cloud Migration 25

Create a Dedicated Cloud Team
A multidisciplinary cloud team
will enable a smooth and secure
transition from traditional business
functions to cloud-enabled,
Develop a cloud team. The
flexible, scalable, secure and cost-
effective operations. The team team leads the company
will oversee not only the initial through organizational and
migration to the cloud, but it will business transformations
enable innovation and adoption
of cutting-edge cloud solutions in
over the course of the
close cooperation with the cloud migration effort, and
providers’ senior technical staff. defines best practices,
Evolving together with technology standards and drives
will assure that organizations are
always up to date, resilient and change throughout the Otto Lee,
able to meet the shifting changes organization. CISSP, CCSP, CSSLP,
in the global environment. Security Assurance Lead,
Hong Kong

20 Tips for Secure Cloud Migration 26

Robust Team Knowledge and Skills
You cannot have effective cloud
security without the people
required to enforce policies and
practices. Security depends on
people, processes and technology.
Neglecting the “people” variable
of the security equation will result
Make sure you have enough
in solutions that are neither fit-for- security personnel who
purpose nor user convenient. A have robust knowledge
robust and knowledgeable cloud
and implementation skills
security team will ensure the
balance between security and user of cloud security
experience is maintained. Cloud protection.
security will become a competitive
advantage, an enabler of innovation, Yiliang Zhou,
fostering productivity and greater CISSP, CCSP,
revenues. Senior Cybersecurity
Strategy Manager,
Shenzhen, China

20 Tips for Secure Cloud Migration 27

Robust Team Knowledge and Skills
One of the barriers to effective cloud
security is the lack of appropriate
training. Organizations should invest in
training all personnel regardless of their
position. Understanding all components
of cloud security and blending this
knowledge with organization objectives
Make sure you give your
and processes will enhance work staff the appropriate
performance and promote innovation. In amount of training and
addition, foundational knowledge about
time to learn the
cloud infrastructure and security controls
will eliminate costly configuration errors technology. Some of the
and minimize the impact of potential most disastrous cloud
security incidents. An understanding migrations I’ve seen were
of cloud security risks and challenges Keatron Evans,
allows for realistic project management
a result of not having the CCSP,
to migrate securely to the cloud. right staff involved in Managing Partner,
the migration. Virginia, U.S.A

20 Tips for Secure Cloud Migration 28

Conclusion
The journey to the cloud can become problematic if it does not come as a result of careful consideration and
planning. Cloud security should be a constant consideration rather than an afterthought to help organizations reap
the many benefits of the cloud.

Certified cloud security professionals have provided their valuable advice to help you
navigate in safe waters, which is based on the technology, processes and people.

The (ISC)² Certified Cloud Security Professional (CCSP) certification is a market differentiator and has been ranked
as the most valued cloud security certification and the third most valued security certification overall in 2020. The
certification is vendor-neutral, and the acquired knowledge can be applied across a variety of cloud platforms,
ensuring the ability to protect sensitive data in a global environment.

CCSP presents many advantages to all security professionals in whatever stage of their career, including
credibility, unique recognition, enhanced knowledge and skill set, versatility, career advancement, and increased
compensation.

CCSP complements vendor-specific training and demonstrates you have the advanced technical skills and
knowledge to design, manage and secure data, applications, and infrastructure in the cloud using best practices,
policies, and procedures established by the cybersecurity experts at (ISC)².

20 Tips for Secure Cloud Migration 29

 Free Resources for Your Journey

Ultimate Guide Take Your Cloud Security 10 Reasons to Invest in

to the CCSP Career to Infinity (and Beyond) Cloud Security Training

Get the Guide Get the White Paper Get the White Paper

20 Tips for Secure Cloud Migration 30

 About
( ISC ) ² ® is an international nonprofit membership association focused on inspiring a safe
and secure cyber world. Best known for the acclaimed Certified Information Systems
Security Professional ( CISSP ® ) certification, ( ISC ) ² offers a portfolio of credentials that are
part of a holistic, programmatic approach to security.

Our membership, more than 150,000 strong, is made up of certified cyber, information, software and
infrastructure security professionals who are making a difference and helping to advance the industry.
Our vision is supported by our commitment to educate and reach the general public through our
charitable foundation – The Center for Cyber Safety and Education™.

For more information on ( ISC ) ², visit isc2.org follow us on Twitter,

or connect with us on Facebook and LinkedIn.

20 Tips for Secure Cloud Migration 31