Attempted breaches are on the rise and cloud security professionals are forced to play 'Whac-A-Mole' with attacks. Are you ready to rethink your cloud security strategy yet? Credit: Getty Images Don’t look now. More than 80% of organizations have experienced a security incident on a cloud platform during the past 12 months according to research from Venafi. Most concerning, almost half of those organizations reported at least four incidents during the same period. The study also shows that organizations encountered security incidents due to unauthorized access and misconfigurations. We’re back to old news: People are the most likely cause of most security issues, including cloud security. A more important trend is that the bulk of what enterprise IT security does has shifted from on-premises systems to cloud-based platforms. This is to be expected if you’re considering the shift in processing and data storage from traditional systems to the public clouds which occurred in the past few years. You have much better security technology on public cloud providers. If correctly used, the security protections the cloud platforms offer should be more effective than traditional on-premises security. Much like other technology, if it’s in the hands of people who don’t understand how to use this technology effectively, it backfires, with authorization mistakes and misconfigurations. People problems are difficult to fix, considering that demand for good cloud security pros is outpacing supply by a large margin. Enterprises are stuck with the choice of continuing forward without the needed skills for digital transformations or stopping/slowing the migration to the cloud until the critical mass of cloud security expertise can be obtained or developed within. The way cloud security and security in general is carried out is morphing as well. As the report points out, responsibility for driving cloud security has shifted, with 25% of enterprise security teams adding cloud security to their responsibilities. Another 23% of organizations give cloud security to cloud infrastructure operations teams. Other possibilities include collaborative teams or devsecops teams. Companies are moving from centralized to decentralized, with many different teams taking on bits and pieces of cloud security rather than one holistic entity. I suspect those managing both traditional enterprise security and cloud security are doing so with the same budgets and human resources. What lessons can be learned? Getting cloud security right may mean going slower before you can go faster. Taking time to catch up with skills and more effective operational models will reduce some of the risks that we’re seeing within organizations that are moving too fast. It’s not a technology problem, so don’t believe that better security technology will save you. The largest mistake is tossing tools and money at problems that cannot be fixed by either. Skills, skills, and more skills. You need an effective skills gap analysis of your “as is” state and a plan for what your “to be” state should look like. Most enterprises have no idea about either and thus have no road map for improvement. This will lead to more security incidents than if you forgot to lock the data center door. All is not lost; we just need a tune-up. Come together on what this means for your enterprise and decide which changes need to be made now. This is one of those things that should have been addressed last week. Related content analysis Azure AI Foundry tools for changes in AI applications Microsoft’s launch of Azure AI Foundry at Ignite 2024 signals a welcome shift from chatbots to agents and to using AI for business process automation. By Simon Bisson Nov 20, 2024 7 mins Microsoft Azure Generative AI Development Tools analysis Succeeding with observability in the cloud Cloud observability practices are complex—just like the cloud deployments they seek to understand. The insights observability offers make it a challenge worth tackling. By David Linthicum Nov 19, 2024 5 mins Cloud Management Cloud Computing news Akka distributed computing platform adds Java SDK Akka enables development of applications that are primarily event-driven, deployable on Akka’s serverless platform or on AWS, Azure, or GCP cloud instances. By Paul Krill Nov 18, 2024 2 mins Java Scala Serverless Computing analysis Strategies to navigate the pitfalls of cloud costs Cloud providers waste a lot of their customers’ cloud dollars, but enterprises can take action. By David Linthicum Nov 15, 2024 6 mins Cloud Architecture Cloud Management Cloud Computing Resources Videos