Combatting Uncertainty Around Cloud Security Readiness

Posted January 28, 2019 by Sayers 

Overall, there is a weak grasp on what “Cloud Security” actually means. 


I recently spent time discussing possible challenges with cloud security at a cybersecurity conference.  As I tried to pack my research into the allotted twenty-five minutes, I quickly realized we, collectively, don’t have a good grasp on what cloud security actually means.  I think this is the indirect result of a push to realize the benefits of cloud computing, with very little consideration for the potential drawbacks. 

As security professionals, we’re often thrown into the unfortunate position of following the business strategy and doing our level-best to effectively identify and manage the resulting risks, as opposed to predicting those risk and working to enable the business strategy.  This is truly equivalent to the cliché of trying the change the wheels on a car as it’s moving down the road.


On the industry whole, we continue to expose roughly 3600 records every minute.  Since 2013, we’ve lost 13+ billion records.  Considering, there’s only 7.6 billion people on the planet, that means we’ve effectively lost every personal record at least once., and now we’re working to not lose them twice.  There’s nothing to currently indicate this trend will change.

As we consider our cloud and mobility strategy, and how we might change the trend, we’re immediately met with a marketplace of some 300 different vendors, all claiming to have the answer to our problem.  Our difficulties are exacerbated by this convoluted marketplace, and the often-indiscernible fine print offered by cloud providers.  How are security professionals effectively navigating this landscape without help?  I can only arrive at one conclusion:  We’re not effectively navigating. 

Our rapid ascent to the cloud is, at least partially, guided by a lack of understanding and clear direction.  If we continue to direct our efforts in the current manner, we won’t end our journey in a white, fluffy, cloud.  What can we do to combat this uncertainty?

We don’t make assumptions for the sake of speed.  We seek to fully understand the required alignment between our cloud providers’ offerings and our business requirements.  We effectively leverage our partners to assist us in navigating the cloud landscape, and we hold those same partners accountable for the guidance they provide.  We read our agreements, and we take note of the fine print.  In short, we tirelessly seek to understand the details.

In Summary:

  1. Don’t make assumptions for the sake of speed.
  2. Read your agreements, and take note of the fine print.
  3. Effectively leverage your partners to assist in navigating the cloud landscape.
  4. Hold those same partners accountable for the guidance they provide.
  5. Seek to fully understand the required alignment between your cloud providers’ offerings & your business requirements. 

    Addresses

  • Atlanta
    675 Mansell Road, Suite 115
    Roswell, GA 30076
  • Boston
    25 Walpole Park South, Suite 12, Walpole, MA 02081
  • Rosemont
    10275 W. Higgins Road, Suite 470 Rosemont, IL 60018

 

  • Bloomington
    1701 E Empire St Ste 360-280 Bloomington, IL 61704
  • Chicago
    233 S Wacker Dr. Suite 9550 Chicago, IL 60606
  • Tampa
    380 Park Place, Suite 130, Clearwater, FL 33759

Have a Question?

Subscribe Contact us