Running a cloud migration? Don’t let your sensitive data put you at risk


Running your IT infrastructure in the cloud is beneficial for numerous reasons – it’s cost-effective, scalable, reliable, secure…

And in a world that commands stricter governance and compliance, something that 43% of organisations say is very difficult to maintain on a continuous basis, cloud computing allows you to adjust your usage protocols and configurations quickly and easily.


Before you can enjoy all these benefits (and more), you need to first overcome the challenge of migration.

Cloud migration + GDPR compliance = not as simple as you’d think

Data is most at risk when it’s being moved. When it’s at rest in your organisation, you can apply permissions and access rights to it, lock down your systems and wrap everything in perimeter security. But the second you take it out of that highly secure and controlled environment, you’re vulnerable – and the attackers are waiting to pounce.

There are 3 main ways that your organisation is exposed during a cloud migration:

  • ‘Man-in-the-middle’ attacks: data is intercepted through malware as it passes from your current systems to the cloud.
  • Data loss: when migrations aren’t properly scoped or implemented by a processional cloud service provider, some files are prone to being lost.
  • Improperly mapped permissions: if permissions aren’t correctly carried across, you risk making your personal and sensitive information visible to those who shouldn’t have access.

You might be feeling like you want to bury your head in the sand, instead, sticking to the comfort of your legacy infrastructure that has served you well all these years. But digital transformation is becoming the operational ‘norm’ – 60% of enterprises will have abandoned their on-premises systems to operate primarily via SaaS before the end of 2019. If you want to remain competitive, you simply can’t afford to ignore cloud.

The second step to retaining control…

Previously, we talked about how identifying the information held in your data estate is the first step to regaining control.

So once you’ve revealed this information, the logical next step is to start taking action on what you’ve found. In practice, this involves copying, moving and deleting data at scale. Now, you have greater visibility over where your data resides, can optimise your storage requirements and place your sensitive data in specific, highly secure locations.

Protecting sensitive data prior to migration

An Exonar customer was decommissioning its legacy file share and email system to migrate to the cloud. The customer knew that there would be certain types of information, for example sensitive personally identifiable information (PII), stored in its unstructured data which was almost impossible to locate manually across the whole estate. However, it would need to be appropriately secured or managed before it was moved to the cloud.

The problem was that this PII wasn’t clearly marked or stored separately from the data that was fit to be moved wholesale to the cloud.The customer asked us to help them find specific information across multiple storage repositories. Using Exonar Core, we crawled and indexed their data at scale. With Exonar Reveal, we created bespoke search queries to run across all their data sources. The PII in the customer’s unstructured data, that had previously ‘gone dark’ in shared documents, spreadsheets, emails and personal drives, was revealed. The client could then contact the data owners and give them precise details of where this data was, and the required remediation actions, or determine the destination for the data after the migration.

With the peace of mind that its sensitive data was now secure, the Exonar client could finally embark on a cloud migration that enabled its digital transformation.


Three ways to avoid high-profile GDPR fines

Achieving continuous compliance is a constant mission and not something that can be ticked off, marked complete and put to bed. As such, we’ve created a guide to help, which focuses on ‘Three ways to avoid high profile GDPR fines’ and ensure your ongoing compliance with ease.

Download the guide.