Breach attempts are on the rise, forcing cloud security professionals to play 'Whac-A-Mole' with attacks. Are you prepared to reconsider your cloud security strategy?
A more significant trend is that the majority of enterprise IT security is now performed on cloud-based platforms rather than on-premises systems. This is to be expected given the shift in processing and data storage from traditional systems to public clouds over the last few years.
With public cloud providers, you have much better security technology. When used correctly, the security features provided by cloud platforms should be more effective than traditional on-premises security. Much like other technologies, if it is in the hands of people who do not understand how to use it effectively, it backfires, resulting in authorization errors and misconfigurations.
People issues are difficult to resolve, especially given that demand for good cloud security professionals far outstrips supply. Enterprises have to choose between moving forward without the skills needed for digital transformations or stopping or slowing cloud migration until a critical mass of cloud security expertise can be acquired or built up internally.
The way cloud security and security in general are carried out is also changing. According to the report, the burden of driving cloud security has shifted, with 25% of enterprise security teams adding cloud security to their responsibilities. Another 23% of organizations delegate cloud security to teams responsible for cloud infrastructure operations. Collaboration teams and development teams are two other options.
Companies are shifting from centralized to decentralized cloud security, with many different teams handling various aspects of cloud security rather than a single holistic entity. I believe those in charge of both traditional enterprise security and cloud security are working with the same budgets and personnel.
What are the takeaways?
Getting cloud security right may necessitate going slower before going faster. Taking the time to catch up on skills and implement more effective operational models will mitigate some of the risks we're seeing in organizations that are moving too quickly.
It's not a technological issue, so don't expect better security technology to save you. The most common error is tossing tools and money at problems that cannot be solved with either.
More skills, more skills, and more skills. You require an effective skills gap analysis of your "as is" state as well as a plan for your "to be" state. Most businesses have no idea about either and, as a result, have no plan for improvement. This will lead to more security problems than if you forgot to lock the door to the data center.
We're not out of the woods yet; we just need a tune-up. Discuss what this means for your company and which changes must be made right away. This is one of those issues that should have been dealt with last week.