Tag Archives: #Cloud #Data #Technology

Cloud Platforms, Data & Analytics, Tech, Tech Thought Leadership, Technology

Navigating the Future: Cloud Migration Journeys and Data Security

Paul Hossack, Solutions Engineer at Protegrity 

For years, businesses have been chasing innovation with cloud platforms, moving beyond the limitations of legacy technology for greater speed and agility, and sharpening their competitive edge. However, all businesses often face challenges that complicate cloud migration, driving up costs and timelines while exposing the business to data security risks. Ultimately, these challenges block businesses from experiencing the true benefits of cloud integration, and in some cases, lead to significant breaches and regulatory fines.  

Building cloud security solutions: measure twice, cut once 

The speed of cloud migration is most commonly hindered by data security concerns, budget overruns, fragmented implementations, and operational friction. These challenges – affecting the three key stakeholders within the cloud migration strategy of Data and Analytics Leaders, Security Leaders, and IT Leaders – often cause projects to run well beyond their planned timelines and budgets. In many cases, these migrations fail to deliver value because data utilisation is restricted by inadequate security, and extended timelines erode the business’s first-mover advantage. 

To overcome security challenges and protect the cloud databases, teams often adopt a DIY security approach. However, this is not as practical or scalable a solution as it seems. Cloud projects have a reputation for spiralling in scope, much like their ever-expanding namesake —often stretching far beyond the original vision teams had in mind. As the migration project rapidly increases in scale, teams are hampered by the number of security solutions required and soon realise they are investing time and resources into building custom cloud security solutions rather than moving forward with the cloud migration itself.  

To mitigate these issues, data security must be the foundation of every cloud migration project. Security cannot be treated as an afterthought or applied only to certain parts of a migration: instead, it must be unified and consistent across the entire organisation. When businesses prioritise security from the outset, they eliminate risk and operational friction, creating a secure and agile pathway to a competitive advantage in the cloud. Beginning a cloud migration journey with the foundation of data security also enables teams to be more considered and methodical in their approach; adopting the mindset of measure twice, cut once. Further, data security allows businesses to move data seamlessly across platforms, leverage any cloud, and develop cloud-native applications, all while maintaining speed, agility, and confidence. 

Navigating safety obstacles 

One of the major obstacles that businesses face is the increasing complexity of regulatory environments. Most notably, with DORA coming into effect in January 2025, businesses operating in the EU must meet new standards for technological risk management. This regulation requires businesses to demonstrate their ability to prevent, manage, and recover from cyberattacks and other operational disruptions. Failure to comply will potentially lead to considerable fines and reputational damage. Considering this, businesses must not assume that basic cloud provider security tools will be sufficient to effectively secure their sensitive data and meet the demands of regulatory scrutiny. Tools like encryption, identity and access management (IAM), and monitoring/logging provide a foundation, but they are not comprehensive solutions. Unfortunately, over-reliance on these tools can lead to compliance gaps and increased vulnerability. 

To meet the requirements of DORA and future regulations, business leaders must adopt a proactive and reflexive approach to cybersecurity. Strong cyber hygiene practices must be integrated throughout the business, ensuring consistency in how data is handled, protected, and accessed. It is important to note at this juncture that enhanced data security isn’t purely focused on compliance. Modern IT researchers and business analysts have been studying what differentiates the most innovative companies for decades and have identified two key principles that help businesses achieve this: Unified Control and Federated Protection. Unified Control establishes a centralised policy governing all data security measures, ensuring consistency and compliance across all platforms. Federated Protection implements these centralised policies across decentralised environments, allowing for flexibility while maintaining robust security. 

This clearly illustrates that comprehensive data security and governance allows businesses to grow and innovate with confidence: allowing them to take calculated risks with data security and compliance already accounted for. By using unified control and federated protection, teams avoid reinventing cybersecurity policies for every cloud migration project and instead focus their attention on fast, efficient project delivery. 

The data security (r)evolution 

Advancements in data security technologies are reshaping the cloud landscape, enabling faster and more secure migrations. Privacy Enhancing Technologies (PETs) like dynamic data masking (DDM), tokenisation, and format-preserving encryption help businesses anonymise sensitive data, reducing breach risks while keeping cloud adoption fast and flexible. However, as businesses will inevitably adopt multi-cloud strategies to support their processes, they will require interoperable security platforms that can seamlessly integrate across multiple cloud environments. Such platforms will not only enable faster, more secure migration processes but also allow businesses to achieve a rapid return on investment (ROI) that would otherwise be stunted by increasingly complex challenges. Ultimately, those that stay ahead of regulatory trends, while leveraging cutting-edge data security platforms, will be best positioned to thrive in the rapidly evolving digital landscape. 

Cybersecurity, Data, Data & Analytics, Digital Transformation, Tech, Technology, Thought Leadership

Data Resilience and Protection in the Ransomware Age

By Sam Woodcock, Director of Cloud Strategy and Enablement at 11:11 Systems

Data is the currency of every business today, but it is under significant threat. As companies rapidly collect and store data, it is driving a need to adopt multi-cloud solutions to store and protect it. At the same time, ransomware attacks are increasing in frequency and sophistication. This is supported by Rapid7’s Ransomware Radar Report 2024 which states, “The first half of 2024 has witnessed a substantial evolution in the ransomware ecosystem, underscoring significant shifts in attack methodologies, victimology, and cybercriminal tactics.”

Against this backdrop, companies must have a data resilience plan in place which incorporates four key facets: data backup, data recovery, data freedom and data security.

Ransomware is Just Business

With ransomware being a low-risk, high-reward opportunity for criminals, as it requires little effort to access sensitive information and demand ransom, it is becoming an attractive career choice for some. It is on this basis that ransomware has evolved into a fully-fledged business with more operations starting up every week.  This is also fuelled by the increasing popularity of Ransomware-as-a-Service, a model where sophisticated threat actors develop and sell ransomware platforms to other threat actors.

With this rise in threat actors targeting businesses today, IT security can no longer be a problem for IT teams alone. Every decision is a commercial decision and will carry risk. And every person within an organisation has an important role in being the first line of defence and protecting a company from a breach.

From Passwords to Exploits

People make mistakes, and this makes them an attractive target for most threat actors. According to Mimecast over 70% of cyber breaches in 2023 were caused by human error. Advanced phishing attacks are more convincing than ever, making it harder for employees to distinguish between real and fake emails. It only requires a quick click of the button by a stressed, tired or disgruntled employee for threat access to gain a password that gives full access to the organisation’s data.

As such, while employees must be adequately trained to avoid falling victim to these phishing or ransomware attacks, this is merely the first step to improving a company’s security. However, it requires further security measures to be put in place to protect the organisation and its data.

Testing, Testing

Backups are considered the primary way to recover from a breach, but is this enough to ensure that the organisation will be up and running with minimal impact? Testing is a critical component to ensuring that a company can recover after a breach and provides valuable insight into the steps that the company will need to take to recover from a variety of scenarios. Unfortunately, many organisations implement measures to recover but fail on the last step of their resilience approach, namely testing. Without this step, they cannot know if their recovery strategy is effective.

Testing is a critical component as it provides valuable insight into the steps it needs to take to recover, what works, and what areas it needs to focus on for the recovery process, the amount of time it will take to recover the files and more. Without this, companies will not know what processes to follow to restore data following a breach, as well as timelines to recovery. Equally, they will not know if they have backed up their data correctly before an attack if they have not performed adequate testing.

Although many IT teams are stretched and struggle to find the time to do regular testing, it is possible to automate the testing process to ensure that it occurs frequently.  These tools will also provide a realistic view of how resilient the environment is to threats and provide a host of scenarios that could impact the business, helping to prepare for almost any incident.

From testing to reality

While some organisations are surprised that they have been breached, according to Sophos, 83% of organisations that experienced a breach had observable warning signs beforehand and ignored the canary in the coal mine. Further, 70% of breaches were successful and threat actors encrypted the data of the organisation to prevent access to it.

However, as threat actors aren’t using enterprise-grade tools to gain access to data, enterprises are effectively at an advantage if they test and retest regularly, and back up their data effectively. A good guideline for this is the 3-2-1 rule, which states that there should be at least three copies of the data, stored on two different types of storage media, and one copy should be kept offsite in a remote location. Businesses also stand to benefit from partnering with an organisation that can protect the network to defend against threats and has the expertise to help them to recover from an attack.

News

Fivetran Named Google Premier Partner, Demonstrates Enterprise Customer Momentum with Google Cloud’s BigQuery

Fivetran, the leading provider of automated data integration, today announced that Google has named Fivetran as a Premier Partner, the highest achievable status reserved for Google Cloud partners. Google Cloud Premier Partners demonstrate top levels of technology collaboration, domain expertise, and business impact with Google Cloud.

As evidence of the growing partnership between Fivetran and Google, the overall volume of data ingested into Google Cloud’s BigQuery has more than doubled over the past 12 months following the official partnership and integration of Fivetran with Google Cloud’s Data Transfer Service (DTS) for BigQuery.

Google Cloud customers can utilise DTS to easily deploy Fivetran connectors for more than 150 data sources, including Salesforce, Marketo, Adwords, NetSuite, Postgres, Aurora and Oracle, all of which are available on the Google Cloud Marketplace. After a five-minute setup, Fivetran automatically ingests and centralises data from the selected SaaS applications into a ready-to-analyse schema in the BigQuery data warehouse. Fivetran data pipelines are fully managed and highly available with zero maintenance, so customers can focus on analytics rather than data engineering.

“Organisations are increasingly looking to the cloud for data storage and analytics, and we are delighted to partner with Fivetran to make it incredibly easy for customers to bring their data into BigQuery,” said Sudhir Hasbe, director of product management for smart analytics at Google Cloud. “This increase in data volume is indicative of the benefits that customers are seeing from BigQuery, including advanced and predictive insights, high levels of security, accelerated time-to-value, and much more.”

Using Fivetran automated data connectors, BigQuery users can see faster time-to-value by reducing the setup and maintenance overhead typically incurred when centralising disparate data sources. In contrast to traditional extract-transform-load (ETL) pipelines, which add an extra tier for pre-processing, Fivetran’s extract-load-transform (ELT) architecture ingests data directly into BigQuery for analysis. When source schemas and APIs change or update, Fivetran connectors automatically adjust to accommodate the changes.

“As one of the first external partners of Google Cloud DTS for BigQuery, Fivetran is thrilled with the success of our connectors on the Google Cloud Marketplace and honoured to have earned Premier Partner status,” said Logan Welley, vice president of alliances for Fivetran. “What’s even more exciting is the overall growth of our Google Cloud partnership as evidenced by the huge data volumes we are loading into BigQuery every day. We are humbled to see how aligned Google Cloud is with one of our core beliefs — that cloud-first, fully managed data services should not only be powerful and scalable, but also as easy and reliable as electricity.”

Once data is replicated from siloed sources into BigQuery, Google Cloud customers can use any of the analytics and data science tools from other BigQuery partners, including Looker and Tableau, as well as Google Cloud products, such as Data Studio, BigQueryML and Cloud AutoML.

BigQuery customers can use Fivetran connectors free of charge during a 14-day trial period. To get started, navigate to the Google Cloud Marketplace Fivetran page to see a list of data sources, select a source, and click enrol. Then follow the on-screen instructions, which only take a few minutes. Organisations that are not yet BigQuery customers can start a Fivetran trial and spin up a managed BigQuery instance from the Fivetran website (at no cost to the customer during the duration of the trial).

Here’s what customers are saying about Fivetran and BigQuery:

“By using Fivetran technology, Salesforce data in Google BigQuery, and the clinical and genomics data in the Compass data warehouse, we now have the ability to deliver the most valuable data to researchers to help support grants and advance personalised medicine more efficiently, saving approximately 40 hours of work per quarter.”
– Joyce Mui, Program Manager, University of Colorado School of Medicine

“I’d say I’ve got my Mondays back. With Fivetran and BigQuery, things like segmenting data are now instant. One year ago, creating these reports was pretty much all I would work on, but now I can just let it run, while I look at more efficient ways to add value. A whole new level of analytics is suddenly possible. It’s a very exciting time.”
– Ed Mancey, Head of Business Intelligence, Brandwatch

For more information, visit fivetran.com.