Here’s a six minute long video of highlights from the CISO Series Video Chat “Hacking Secure Cloud Migration: An hour of critical thinking on how to keep pace with the business’ desire to move to the cloud.”

Our guests for this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor ThreatModeler.

Best Bad Ideas

Congrats to Patrick Benoit, vp, global GRC/BISO, CBRE for winning this week’s best bad idea!

Other honorable mentions go to:

“Make a LinkedIn/Facebook/Twitter, etc. announcement that your organization is migrating to the cloud, specifying which cloud you are migrating to.” – Brian Colt, information security engineer, DASH Financial Technologies

“Migrate the entire environment as open without security to ensure everything worked properly then go back and secure it later.” – Patrick Benoit, vp, global GRC/BISO, CBRE

“Migrate to cloud and delete on all onprem without migration audit” – Ajay Bhayani, director security, AmbiSure Technologies Pvt. Ltd.

“Your cloud architecture diagram is just an “in arrow”, a “cog icon,” and an “out arrow”” – Brian Colt, information security engineer, DASH Financial Technologies

“To speed up the cloud migration, mark “Mitigated” on all threats before you do anything else.” – Mitchell DeMazza, EMEA regional sales manager, ThreatModeler Software, Inc

Best Strategies

“Build cloud services into your IT asset management program.” – Brian Colt, information security engineer, DASH Financial Technologies

“Build you cloud environment and assess/validate security practices and controls before migrating. Fully patch to current all applications and components before beginning migration. Develop and deploy continuous compliance monitoring for cloud security controls. Only then migrate the application environment with only test data. Fully test, scan, and red team it. Remediate findings. Then migrate production data.” – Patrick Benoit, vp, global GRC/BISO, CBRE

“First step gap assess the onprem & potential cloud environments… Map the security controls needed before starting migration.” – Ajay Bhayani, director security, AmbiSure Technologies Pvt. Ltd.

“Good Idea: Examine all existing business applications whether to transfer, re-architecture, keep, replace or terminate them and evaluate for each group which cloud provider is best with respect to business and security requirements. Then set up a migration plan.” – Roland Mueller, Self-Employed

Quotes from the chatroom

“Once you move to the cloud, the current state will be inconsistent with policy enforcement, complex and disparate management consoles.” – Sandeep Kamble, founder and product manager, AuthSafe

“We have to build a patchwork of privacy laws in the US before there is enough motivation at the federal level to consolidate them all.” – Ian Poynter, virtual CISO, Kalahari Security

“SaaS gets really fun with global customers who have manufacturing or requirements in Russia/China/Brazil who have way crazier rationality requirements” – David Zendzian, VMware Tanzu global field CISO, VMware