Moving to a post-pandemic cloud deployment? You can easily avoid these security errors Credit: OpenClipart-Vectors Those hastily moving to post-pandemic cloud-based platforms are likely to make some major security mistakes, depending on how fast they are moving. Why? This is new to most of them, there are few known best practices for cloud security, and humans get overwhelmed with the tasks of securely moving to the cloud quickly. I’ve put together a short list of some of the security mistakes I see as enterprises rush to the cloud. Mistake 1: Not gathering and reacting to operational security data in real time. The notion of SIEM (security information and event management) means gathering operational security data in a central location to manage existing or forthcoming incidents in real time. We can leverage data as a weapon: supporting audits, correlating data, and using predictive analytics, all to gain better insights as to the state of security and to proactively combat attacks. Mistake 2: Not dealing with data security at the database levels. Data security is really considered storage security by most of those who manage security in the cloud. This is a huge mistake, considering that data has special security needs, including governance and compliance policies for the data and how they link to security. Most important is the ability to manage security down to the row and object levels, ensuring that data can be protected in fine-grained ways. This typically means dealing with native database security and metadata management systems, something that most cloud security pros don’t understand. Not understanding security at the data level will likely lead to an external or accidental data loss event at some point. Mistake 3: Not having a vision for cloud security. An old boss of mine said: “You need to spend at least 10 percent of the time dreaming about what’s possible.” Those charged with cloud security need to focus on what’s next, as well as what’s now. By the time you’ve set a course and deployed a technology solution around your planning and vision, two years will have passed for most enterprises—an eternity at the pace of cloud computing security. Chances are you’re making at least one of these mistakes. If you’re not, congratulations. In the real world of cloud security, we need to be reinventing things continuously. That’s the ultimate best practice. Related content analysis Azure AI Foundry tools for changes in AI applications Microsoft’s launch of Azure AI Foundry at Ignite 2024 signals a welcome shift from chatbots to agents and to using AI for business process automation. By Simon Bisson Nov 20, 2024 7 mins Microsoft Azure Generative AI Development Tools analysis Succeeding with observability in the cloud Cloud observability practices are complex—just like the cloud deployments they seek to understand. The insights observability offers make it a challenge worth tackling. By David Linthicum Nov 19, 2024 5 mins Cloud Management Cloud Computing news Akka distributed computing platform adds Java SDK Akka enables development of applications that are primarily event-driven, deployable on Akka’s serverless platform or on AWS, Azure, or GCP cloud instances. By Paul Krill Nov 18, 2024 2 mins Java Scala Serverless Computing analysis Strategies to navigate the pitfalls of cloud costs Cloud providers waste a lot of their customers’ cloud dollars, but enterprises can take action. By David Linthicum Nov 15, 2024 6 mins Cloud Architecture Cloud Management Cloud Computing Resources Videos