By Bob Peterson
Look at any list of 2019 predictions for IT, and you’ll likely see expected advances in blockchain, the Internet of Things (IoT), artificial intelligence (AI), edge computing and machine learning (ML), among others.
What you don’t often see on the list is an issue that affects the very backbone of all these technologies: cloud security.
Cloud vendors have introduced so many different services, all within easy reach of end users. Services that used to be tightly meshed are now spread out across different discrete services. And many users start using the tools without understanding the risks or what they should be doing to protect their information.
That has to stop in 2019. Here’s why you should be thinking about cloud security this year and beyond.
Despite tremendous efforts by IT leaders, companies keep failing at cybersecurity. This was a common theme at the 2018 RSA Conference. Even companies with fairly robust security teams have experienced breaches – sometimes more than one.
Our continued migration to the cloud will only make security more complicated and continue to change companies' risk profiles. As we move more and more data outside our perimeters, there’s a good chance we will start seeing an increase in attacks that are harder to detect.
We can't monitor for malicious activity in the context of our business and perimeter when the data is outside of our control. Concepts like "serverless" are great from a scaling capability, but introduce a huge problem with troubleshooting, logging and forensics. Therefore, we will need to rely on providers to help or find ways to build in the monitoring capabilities.
If cloud-based storage isn’t configured correctly, you can create risks through the many options available.
While there are benefits to having so many options at your disposal, there is also added responsibility. Each of these services has its own data protection and management solutions. If your organization doesn’t have a sound grasp on how all of these solutions work to properly secure your data, ensure there a solid partnerships in place to mitigate potential risks.
Businesses need to know where their data is and what risks that data is exposed to. Unfortunately, there continues to be a shortage of good security practitioners in the field. On top of that, the public cloud is muddying the waters for many organizations. This needs to change.
We also need to do a better job of handling the massive amounts of security telemetry we receive. It’s difficult to find all the problems when there’s so much data that companies can't process it all. In the end, it will only get harder as you start pushing more and more workloads and data outside the company.
In today's technology landscape, security has to be a key component of everyone's job. There needs to be more of a push to drive cybersecurity fundamentals into the different IT roles. The role of the security team should be to set standards, educate and monitor. They can't do it all themselves.
IT environments are becoming more and more complex as organizations continue to embrace the benefits of the cloud. On average, enterprises leverage five clouds (some combination of public, private and SaaS). As such, there’s a growing urgency for more advanced security solutions.
The market is responding in kind, taking a more proactive approach to security offerings, including detection and monitoring, protection, alerting, fixing and analytics. Amazon Web Services (AWS) is a perfect example of this, as it’s beginning to introduce more security tools while also placing a greater emphasis on governance and risk management in the cloud and as "provable security.”
Large organizations may need to increase budget for risk management to better understand where their data is and how it is being protected. This is a small price to pay to reap the all the benefits that come with the cloud. But it’s a price you’ll have to pay nonetheless. There’s no time to waste.
This article originally appeared on DZone.