Discover and Classify Data

How to Accelerate Data Migration to Cloud Native Stores

Dave Cole
July 21, 2020

A lift-and-shift migration approach is about migrating an application and associated data to the public cloud with little or no changes. An application and its data stores are effectively “lifted” from the existing environments and “shifted” as-is to the public cloud. As such, there are often no significant changes to make in the application architectures, data stores, data flows, or security mechanisms. This approach makes sense for a class of cloud adoption projects.

The lift-and-shift approach is but one of many use case examples for why data may be stored in the public cloud using non-native data stores, e.g. MySQL running on an AWS EC2 instance. Another use case for non-native stores is to avoid lock-in with a single public cloud vendor.

The variety of data storage technologies that can run in a non-native configuration is practically endless, as an EC2 instance is effectively a virtual server.

Data repositories on EC2 can include file systems, databases, Elasticsearch, WordPress, SharePoint, etc. From a security monitoring perspective, these non-native data stores are invisible from any centralized view, therefore making it nearly impossible to assess how much of it is out there and its associated security posture.

Hidden from view, non-native cloud data stores significantly increase the security risk of unintended exposures to the public internet. In a similar vein, there hasn’t been a good way to view and monitor data security configurations across all the instances. Nor has there been a way to unify security policies to monitor and enforce them.

So it comes as little surprise that misconfigured and unintentionally exposed data stored non-natively on EC2 are a common factor of the nearly daily disclosures of data leaks and breaches appearing on our news feeds (at least, a close second to leaky AWS S3 buckets).

The migration to cloud native services for workloads and data is often a key element of many enterprises’ long-term digital transformation strategies. A compelling driver is for improved security controls, and so the enterprise isn’t solely responsible for data security (security is a shared responsibility on public cloud, with increasing responsibilities taken by the cloud provider for native data store services). Other business benefits exist for such migrations as well including increased flexibility, improved dynamic scaling and more. Eventually, many enterprises want to migrate data from non-native cloud stores to native cloud data store services like AWS S3, Aurora, Redshift, FSx, and Managed xDB varieties.

But the challenge that stifles migration velocity is the total lack of visibility of where and what data is stored in non-native cloud data stores.

3D map with zoomed in section on different data store services.

Open Raven is a cloud native data security platform that discovers data in both non-native and native data stores across your entire enterprise AWS environment. Open Raven’s DMAP technology utilizes an agentless, no-friction and highly scalable approach that quickly discovers all your data in non-native stores running on EC2 instances, and particularly all the data that you didn’t know existed across your AWS estate. Exploring native data services is as straightforward as calling APIs. Identifying data stores on generic compute like AWS EC2 is much more difficult and requires intelligent, machine-learning fingerprinting techniques for accuracy, performance and scale. Open Raven is the first and only security solution on the market to do this for non-native data stores in the public cloud.

Once you know where and what all your data is in AWS, you can then accelerate your migration to cloud native data stores.

Don't miss a post

Get stories about data and cloud security, straight to your inbox.