IT IS BETTER TO BE ABLE TO SEE EVERYTHING IN THE CLOUD , THAN TO ATTEMPT TO CONTROL AN INCOMPLETE PORTION OF IT .
TRENDING
Raj Samani , Chief Scientist at McAfee
“
IT IS BETTER TO BE ABLE TO SEE EVERYTHING IN THE CLOUD , THAN TO ATTEMPT TO CONTROL AN INCOMPLETE PORTION OF IT .
organisation has the right skills in place to address the security challenges .
Visibility over control
Think of this analogy – poor visibility is one of the greatest challenges to a navigator , preventing them from ever leaving their familiar and well-charted environment unless they can learn to rely on their instruments and expertise . After all , you cannot steer around what you cannot see . The leading adopters of cloud services understand this axiom and are integrating cloud visibility into their IT operations to accelerate business .
Better visibility enables an organisation to confidently adopt transformative cloud services sooner , respond more quickly to security threats and reap the cost savings the cloud provides . It is better to be able to see everything in the cloud , than to attempt to control an incomplete portion of it . Your organisation is using cloud services , even if they are not your primary strategy . From a security perspective , there are three best practices that all organisations should be actively working towards :
• DevSecOps processes : DevOps and DevSecOps have repeatedly been demonstrated to improve code quality and reduce exploits and vulnerabilities , while increasing the speed of application development and feature deployment . Integrating development , QA and security processes within the business unit or application team , instead of relying on a stand-alone security verification team , is crucial to operating at the speed today ’ s business environment demands
• Deployment automation and management tools : Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own . Automation can augment human advantages with machine advantages , creating a fundamental component of modern IT operations . Deployment automation and management tools , such as Chef , Puppet , or Ansible are examples which can be used in both public and private cloud environments
• Unified security solution with centralised management across all services and providers : Multiple cloud provider management tools make it too easy for something to slip through . A unified management solution with an open integration fabric reduces complexity by bringing multiple clouds together and streamlining workflows
Mind the gap
While visibility is crucial , the absence of adequately trained professionals can leave holes in many aspects of a modern-day security infrastructure , with one of the widest specifically involving cloud security .
The cloud is a nuanced area in technology and securely managing it requires specific knowledge . In fact , according to the same report I cited earlier , more than 25 % of organisations using infrastructure as a service ( IaaS ) or software as a service ( SaaS ) have experienced data theft from their hosted infrastructure or applications .
Furthermore , 20 % were infiltrated by advanced attackers targeting their public cloud infrastructures . All too often these attacks originate from user misconfigurations , a lack of updates or a selection of the wrong technology .
These breaches make one thing apparent – organisations are not only lacking cybersecurity talent , but sufficient cloud security talent , which ultimately puts them more at risk of an attack . Mind you , this talent gap is also delaying enterprise migration to cloud computing .
Security skills vs cloud security skills
However , it ’ s important to note that the list of skills required for successful cloud security isn ’ t precisely a carbon copy of what many expect from a cybersecurity
26 INTELLIGENTCIO www . intelligentcio . com