Secure Cloud Migration for Public Sector Organizations

Secure Cloud Migration for Public Sector Organizations

This post is also available in: heעברית (Hebrew)

Over the past few years, many organizations have migrated a considerable part of their applications and data to public cloud platforms. The advantages of the cloud are evident: it enables much higher flexibility compared to local datacenters, its resource allocation capability allows for flexible on-demand scaling up or down, and it facilitates rapid Time to Market. 

That said, cloud migration does not do away with the need to handle cyber risks. This is especially true for public sector organizations, which may even have to change data security models if they wish to benefit from the cloud’s agility and efficiency while protecting sensitive information from threats.

Last year, Comm-IT, Israel’s leading software systems house, widened the scope of its managed multi-cloud services and launched the Cloud Pro’Active service array. This array, based on a unique methodology, offers monitoring and control services (NOC), cyber monitoring (SOC), backup, as well as services such as database support, disaster recovery (DR, DevOps, FinOps) and more.

Lior Bialik, Comm-IT’s Cloud Solutions VP and Dima Tatur, the company’s Head of Cyber and Information Security Dept., sat down with i-HLS to discuss the unique security challenges public sector organizations face, and how these organizations should manage their cloud migration.

Lior Bialik, COMM-IT photo by Niv Kantor
Dima Tatur, COMM-IT photo by Niv Kantor

i-HLS: What are the major concerns regarding cloud migration?

Bialik: There are two main concerns. First, as a public platform, the cloud is externally shared and is not under the complete control of the organization. Second, these organizations want to preserve their internal information security policies and extend them into the cloud.

Thus, it is important to note that the leading cloud platforms conform to the highest information security standards, including standards and regulations such as the medical sector’s HIPAA, the financial sector’s PCI, and the high-level standards of the ISO27001 and the SOC2. This means that in many cases, the cloud platform conforms to higher standards than those instituted by the organization while sparing the efforts involved in achieving the authorization required for this infrastructure layer.

Tatur: The organization is still required to supply the security solution required for the application or system it is establishing in the cloud. You are required to apply the same information security principles you would have applied in-house, but you can also benefit from the flexibility and information security advantages accessible on demand in the cloud. 

i-HLS: How can an adequate information security level be achieved at the public cloud?

Tatur: If you suit your cloud solutions to the required resiliency level, a good, secure, and quality solution can certainly be attained. The solution should include several elements: hardening, encrypting data in transit, encrypting data at rest, penetration testing, and an information security architecture that meets all required standards, including privacy protection regulations, such as the GDPR. 

i-HLS: What does Comm-IT offer within the framework of its services for public organizations interested in migrating to the public cloud?

Bialik: Within the Cloud Pro’Active array, we offer the largest variety of Production as a Service (PaaS) managed services in Israel, all under one roof, with up to 200 experts from various fields, operating around the clock in the different support tiers. The extended services array provides 24/7 support, control, command, and extensive management services to all business activities for organizations on the market-leading cloud platforms.

We work in accordance with ITIL methodology, which includes control over service quality and implementation of preventive processes regarding failures while operating in accordance with the strictest regulations. Our SOC MSSP service center enables organizations to manage, monitor and command cyber events 24/7.

Tatur: We work with a multi-platform SIEM – Security Information and Event Management – a system that collects and analyzes security events and indications from several platforms used by the customer.  It provides information and alerts based on Machine Learning. Simultaneously, our analysts respond to cyber events, implement best practices for our customers, and provide insights and recommendations. We regularly execute processes proactively, in order to maintain and preserve the hardening and standardization compliance required from the customer, in what we call SecOPs as a Service.

i-HLS: Which innovative technologies do you apply as part of your services?

Tatur: We have recently launched a new ‘virtual hacker’ service, based on Pcysys’ automatic penetration testing solution. The service is available with the support of our SOC MSSP experts and can provide your organization with recommendations and insights to prepare you for even the highest and most stringent information security programs.

Bialik: The new automatic penetration testing service allows us to test hardening, apply the findings and integrate them as an ongoing service. The service is provided as per customer’s request, and it allows for the continuous testing of resilience at a frequency set in accordance with your organization’s information security policy.

For more details


Subscribe to our newsletter

SIMILAR ARTICLES

IoT. Image by pixabay

image provided by pixabay

image provided by pixabay

image provided by pixabay

photo illus. artificial intelligence by Pixabay

image provided by pixabay

image provided by pixabay

image provided by pixabay