The public cloud has better security than your data center, so you're likely to see more attacks on legacy systems to gain access to cloud data. Here’s how to fight back. Credit: Djedzura / Getty Images Have you ever heard the saying “Locking the door but leaving the window unlatched”? It means that your security is only as good as the weakest link. This applies to IT as well. How does legacy system security compare to cloud security? Google away and you’ll find that survey after survey says cloud security is superior or far superior to security on more traditional systems in data centers. Why? We keep our legacy systems in our data centers, right? Doesn’t that make them more secure? Not really. During the past 10 years, R&D spending on public cloud–based security has surpassed investment in more traditional platforms by a lot, both by third-party vendors and of course, the public cloud providers themselves (hyperscalers). Money normally spent on updating and improving legacy security has been funneled to cloud-based anything. You can’t blame the security technology providers. They need to focus on emerging markets to keep revenue moving upward. However, there is an unintended consequence of this focus on cloud; namely, the lack of attention to legacy systems where as much as 80% of business data is stored today, depending on the company. In case you missed it from the title of this blog, the weakest link in the enterprise IT security chain is no longer remote systems (using public clouds to gain access to valuable business data). It’s the legacy systems with security technology that has not felt any love in about 10 years and has many more vulnerabilities than the public clouds. Thus, they become the attack vector of choice. The trouble is that while we focus on attacks coming into the enterprise from the outside, we miss attacks that leverage a connected system, or inter-system attacks. In this case, we miss easy access to the legacy platform, which is connected to the cloud-based platform but is unlikely to have the same defenses around inter-system security. Thus, legacy systems become the preferred path of hacker attacks, in an indirect way to get to cloud-based systems and data. Breaking into the legacy system is an easier way to access systems and data within public clouds. This is not new. Home computers have been attacked via smart TVs because they have more lax security. Internet of Things devices, such as robots on a factory floor, have been leveraged to gain access to other internal systems. What should you do about this? The answer could be to upgrade security on legacy systems, but that may not be possible given the shift of R&D funding to cloud-based systems. However, make sure you’re working with the fewest number of vulnerabilities, and update your security software and security configurations, including testing and audits. After that, it’s a matter of dealing with inter-system security. I recommend a “zero-trust” approach to all systems that connect to systems in the public cloud. I understand that this adds an expensive layer of complexity when carrying out inter-system communications, such as legacy-to-cloud and back again. But, considering what’s at stake, this is the only way to save our cloud data (the locked door) from the legacy systems (the unlatched window). Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos