The cloud's dirty secret

Share this article:
Jeff Nielsen
Jeff Nielsen
Open vulnerabilities in cloud security are like the dirty, gossipy secret that everybody knows – but, we keep shoving discussions about it under the rug. According to a recent survey of nearly 13,000 executives, 62 percent don't believe they can protect data in the cloud, yet half have moved forward with cloud initiatives anyway.

Numerous other surveys, as well as Forrester's recent report, “Security and the Cloud,” show that security is the most prominent pain point with cloud computing, yet enterprise security teams often are not involved in the decision-making process or brought into the fold early in cloud initiatives. Instead, organizations often feel that because cloud computing is a new model, the strategy entails the reinvention of their security efforts. They believe that security processes must change so much for the cloud that we must wait for a new paradigm to be invented before deploying it.

As a result, many organizations have given up on securing the cloud and instead only deploy private clouds or hold off entirely because cloud security is too big a challenge for any one company to “invent” themselves. The truth is, all we need to do is apply the same established security best practices to new and more varied software layers.

Security policies, processes and best practices haven't changed. For example, the best practice of “least privilege” to provide users with only the access they need is just as relevant in the cloud. Additionally, the corresponding policies, processes and roles can remain the same as well.

What organizations must focus on to apply existing and established best practices to a larger diversity of software layers in the cloud is automating the process. The challenge is that now best practices must be applied not only to servers or desktops, but to each virtual machine, to hypervisors and more. It is time we stop waiting and start rolling up our sleeves.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

Forward progress: How the Denver Broncos really play defense

Forward progress: How the Denver Broncos really play ...

Off the field, demand for bandwidth and protection from network threats set the ball in motion for the Denver Broncos. Greg Masters reports.

Smart defense: A talk with industry veteran Gene Fredriksen

Smart defense: A talk with industry veteran Gene ...

Today's CISO must stay ahead of attackers, says Gene Fredriksen, CISO at PSCU. Teri Robinson talks one on one with the industry veteran.