Is cloud complexity your biggest security threat?

A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP

Cloud complexity is something we’ve addressed here many times, and for good reason. The rise of cloud computing has not replaced on-premises systems as much as some people had originally anticipated. To make matters even more complicated we now leverage multicloud, which typically means the use of more than one public cloud. More and more legacy systems are mixed with private clouds and/or mixed with plural public clouds, which leads to complexity that’s overwhelming enterprise IT.

The symptoms of having too much complexity around cloud computing deployments are numerous. They include diminishing uptime, unhappy end users, frustrated IT ops staff, spending that goes over budget, and, most disturbing, security vulnerabilities. All because there’s too much complexity with not enough time dedicated to think through how things can be improved.

Consider this analogy. If you oversleep a minute each day and are already too busy at home with routine things like getting ready for work, getting the kids off to school, putting the outgoing mail in the mailbox, filling up your windshield wiper fluid, etc., eventually you’re more likely to forget to lock a window or door in your house or car. You may be surprised by how many home break-ins are actually the result of an unlocked door or window.

The same thing can occur at work. The complexity gets so overwhelming that IT staffers can’t keep up with the number of systems they need to backup, update, or reconfigure. That’s when things get missed and hackers find their way in. This is the core reason that breaches occur; exploiting vulnerabilities that have been overlooked.

So, what’s my take on the biggest security threat, inside and outside of the cloud? It’s not the lack of the latest security tools, it’s not the tight budget, and it’s not the lack of skills. It’s the lack of time to pay attention to the details that will keep your systems and data safe. I expect to see the time problem become an epidemic in the next two to three years.

So, what can enterprises do to mitigate this problem? Here are a few rules of thumb:

• Keep an eye on the growth of complexity. Seems simple, but most in IT don’t consider the impact of adding so many more moving parts to an already complex IT environment. This means increased heterogeneity of platforms and data, usually without an increase in staff and technology needed to deal with it.
• Consider approaches that allow you to better scale. At Deloitte, we coined the term Cloud Complexity Management (CCM). It’s an approach, process, and pattern of technology that can be leveraged to help you grow complexity and simultaneously help you scale your ability to manage it. And without a linear increase in resources.
• Spend, spend, spend. There is always the option of tossing money at the problem. And it works…to an extent. However, money is not a long-term strategy and this approach can become costly to the point of affecting the bottom line of the company.