Combatting Uncertainty Around Cloud Security Readiness
Posted January 28, 2019 by Sayers
Overall, there is a weak grasp on what “Cloud Security” actually means.
I recently spent time discussing possible challenges with cloud security at a cybersecurity conference. As I tried to pack my research into the allotted twenty-five minutes, I quickly realized we, collectively, don’t have a good grasp on what cloud security actually means. I think this is the indirect result of a push to realize the benefits of cloud computing, with very little consideration for the potential drawbacks.
As security professionals, we’re often thrown into the unfortunate position of following the business strategy and doing our level-best to effectively identify and manage the resulting risks, as opposed to predicting those risk and working to enable the business strategy. This is truly equivalent to the cliché of trying the change the wheels on a car as it’s moving down the road.
On the industry whole, we continue to expose roughly 3600 records every minute. Since 2013, we’ve lost 13+ billion records. Considering, there’s only 7.6 billion people on the planet, that means we’ve effectively lost every personal record at least once., and now we’re working to not lose them twice. There’s nothing to currently indicate this trend will change.
As we consider our cloud and mobility strategy, and how we might change the trend, we’re immediately met with a marketplace of some 300 different vendors, all claiming to have the answer to our problem. Our difficulties are exacerbated by this convoluted marketplace, and the often-indiscernible fine print offered by cloud providers. How are security professionals effectively navigating this landscape without help? I can only arrive at one conclusion: We’re not effectively navigating.
Our rapid ascent to the cloud is, at least partially, guided by a lack of understanding and clear direction. If we continue to direct our efforts in the current manner, we won’t end our journey in a white, fluffy, cloud. What can we do to combat this uncertainty?
We don’t make assumptions for the sake of speed. We seek to fully understand the required alignment between our cloud providers’ offerings and our business requirements. We effectively leverage our partners to assist us in navigating the cloud landscape, and we hold those same partners accountable for the guidance they provide. We read our agreements, and we take note of the fine print. In short, we tirelessly seek to understand the details.
In Summary:
- Don’t make assumptions for the sake of speed.
- Read your agreements, and take note of the fine print.
- Effectively leverage your partners to assist in navigating the cloud landscape.
- Hold those same partners accountable for the guidance they provide.
- Seek to fully understand the required alignment between your cloud providers’ offerings & your business requirements.