David Linthicum
Contributor

Why you’re getting cloud security wrong

analysis
Oct 25, 20223 mins
CareersCloud ComputingCloud Security

New data shows that many enterprises are not approaching cloud security correctly, and it’s going to lead to unpleasant consequences.

cyber terrorism dynamite on laptop explode blow up binary
Credit: Getty Images

The Cloud Security Alliance, in partnership with security company BigID, released the results of a survey of 1,500 IT and security professionals. They all weighed in on the state of cloud data security in 2022 and had some not-so-surprising data points:

  • Organizations are struggling with securing data in the cloud. No-brainer here, I’ve been discussing this for the past few years, as well as the core issues that enterprises lack talent and sound approaches to security.
  • Third parties and suppliers have equal access to sensitive data with the same rights as employees. The worry here, of course, is that sensitive data will be exposed that does damage to the company. The bigger concern is that this could be an indication of other substandard cloud security disciplines.  
  • Dark data is data assets organizations collect, process, and store during regular business activities but don’t use for other purposes. The survey points out issues that stem from staffing problems and interdepartmental politics.
  • Of greatest concern, most security professionals surveyed believe their enterprise will experience a data breach in the next year. The impending doom statements by the security industry begin to sound a bit like Chicken Little at this point. The real concern is that security professionals are concerned. What do they know? 

The full CSA report can be obtained here

Most enterprises are not getting cloud security right, which is an old story. Even though the expertise and security tools exist today, companies are not taking advantage for some reason. 

Of course, they claim budget and resource limitations as a reason they can’t keep up, and if you’re attempting to hire cloud security talent these days, you may believe them. However, it’s not as much about what you’re able to spend, but are you able to address this issue strategically—meaning do you have the political will?

While the “it depends” response is the most applicable, I’m seeing some common areas that need to be addressed. Organizations need strong leadership when it comes to any security, especially cloud security. For instance, the inter-departmental infighting that the survey uncovered needs to be done away with quickly, either through better leadership or budget changes.

Talent is the underlying factor. Although many are quick to blame the cloud computing consumption model itself, the fact remains that we have better tools than we do with more traditional systems and data storage. The gap is that we can’t seem to find people who are able to leverage these tools effectively and are force-fitting traditional security approaches, tools, processes, and talent into the cloud computing model.

So much needs to change with cloud, and there needs to be an overarching strategic framework that’s led from the top of the organization. If we’re going to point to a single issue that causing the cloud security issues, that’s it.

The fundamentals are changing, and unless somebody takes the helm and turns the ship in the right direction, we’ll see breach after breach, as many survey respondents fear. I would rather not see IT leaders have to go down with the ship before they get their cloud security act in order.

David Linthicum
Contributor

David S. Linthicum is an internationally recognized industry expert and thought leader. Dave has authored 13 books on computing, the latest of which is An Insider’s Guide to Cloud Computing. Dave’s industry experience includes tenures as CTO and CEO of several successful software companies, and upper-level management positions in Fortune 100 companies. He keynotes leading technology conferences on cloud computing, SOA, enterprise application integration, and enterprise architecture. Dave writes the Cloud Computing blog for InfoWorld. His views are his own.

More from this author