Cloud security is more important than ever. Here's why.

    February 25, 2019

    By Bob Peterson

    Look at any list of 2019 predictions for IT, and you’ll likely see expected advances in blockchain, the Internet of Things (IoT), artificial intelligence (AI), edge computing and machine learning (ML), among others.

    What you don’t often see on the list is an issue that affects the very backbone of all these technologies: cloud security.

    Cloud vendors have introduced so many different services, all within easy reach of end users. Services that used to be tightly meshed are now spread out across different discrete services. And many users start using the tools without understanding the risks or what they should be doing to protect their information.

    That has to stop in 2019. Here’s why you should be thinking about cloud security this year and beyond.

    You can’t manage what you can’t monitor

    Despite tremendous efforts by IT leaders, companies keep failing at cybersecurity. This was a common theme at the 2018 RSA Conference. Even companies with fairly robust security teams have experienced breaches – sometimes more than one.

    Our continued migration to the cloud will only make security more complicated and continue to change companies' risk profiles. As we move more and more data outside our perimeters, there’s a good chance we will start seeing an increase in attacks that are harder to detect.

    We can't monitor for malicious activity in the context of our business and perimeter when the data is outside of our control. Concepts like "serverless" are great from a scaling capability, but introduce a huge problem with troubleshooting, logging and forensics. Therefore, we will need to rely on providers to help or find ways to build in the monitoring capabilities.

    More new services mean more security needs

    If cloud-based storage isn’t configured correctly, you can create risks through the many options available.

    While there are benefits to having so many options at your disposal, there is also added responsibility. Each of these services has its own data protection and management solutions. If your organisation doesn’t have a sound grasp on how all of these solutions work to properly secure your data, ensure there a solid partnerships in place to mitigate potential risks.

    How to solve the talent shortage of quality security practitioners

    Businesses need to know where their data is and what risks that data is exposed to. Unfortunately, there continues to be a shortage of good security practitioners in the field. On top of that, the public cloud is muddying the waters for many organisations. This needs to change.

    We also need to do a better job of handling the massive amounts of security telemetry we receive. It’s difficult to find all the problems when there’s so much data that companies can't process it all. In the end, it will only get harder as you start pushing more and more workloads and data outside the company.

    In today's technology landscape, security has to be a key component of everyone's job. There needs to be more of a push to drive cybersecurity fundamentals into the different IT roles. The role of the security team should be to set standards, educate and monitor. They can't do it all themselves.

    Proceed with a sense of urgency

    IT environments are becoming more and more complex as organisations continue to embrace the benefits of the cloud. On average, enterprises leverage five clouds (some combination of public, private and SaaS). As such, there’s a growing urgency for more advanced security solutions.

    The market is responding in kind, taking a more proactive approach to security offerings, including detection and monitoring, protection, alerting, fixing and analytics. Amazon Web Services (AWS) is a perfect example of this, as it’s beginning to introduce more security tools while also placing a greater emphasis on governance and risk management in the cloud and as "provable security.”

    Large organisations may need to increase budget for risk management to better understand where their data is and how it is being protected. This is a small price to pay to reap the all the benefits that come with the cloud. But it’s a price you’ll have to pay nonetheless. There’s no time to waste.

    This article originally appeared on DZone.

    Other Posts You Might Be Interested In

    National Cyber Security Awareness Month: Should it be held daily?

    By Shawn Burke National Cyber Security Awareness Month has been observed every October since 2004, and while it is a worthwhile occasion, it may be time to think...

    IT security cartoon: When your security solution is actually the problem

    Security should be a high priority for every organisation. Unfortunately, there is a serious shortage of quality cybersecurity staffers on the market. Who’s...

    Micro-segmentation for private cloud: Why perimeter security is no longer enough

    The more we continue to embark on the adventure of “ digital transformation ,” the more important security becomes. A surge in ransomware incidents and cyberattacks has...