Three cloud security problems that you can solve today

September 20, 2018

A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP

Cloud computing security needs to be systemic, and for most enterprises, that's a bridge too far. It seems that many have lifted and shifted applications without a lot of thought around how those workloads will be secured.

But, if you're one of these enterprises you have some opportunities to solve some common problems, that like back pain, most enterprises have. Here are those common problems, and potential solutions to consider:

Problem one: Encryption does not meet legal minimums

Compliance is a major issue within cloud computing, and for most of compliance, it's about living up to rules set by a legal or industry authority.

The good news when dealing with cloud computing is that you have encryption services already built into most public cloud platforms, and you can turn those services on and off. Of course integration within the applications is another matter, but considering that most applications are able to leverage application programming interfaces (APIs) and most of these encryption services are enabled with APIs, then you should be able to make short work of it.

Problem two: No notion of identity

Identity and access management, or IAM, needs to have a repository of identities for humans and machines, and this typically means access to a shared directory service.

Good news again. Most public clouds provide a directory service that you can leverage on demand, and even integrate that directory service with any on premises directory services you may now be using, such as Lightweight Directory Access Protocol.

Problem three: Too much encryption

While the call may be to "encrypt everything" the reality is that encryption may slow some things down, and may be overkill for some data types. Moreover, there is a cost to be paid on cloud, considering that they often charge you for many encryption services.

What's important here is that you balance the need for encryption, with the requirements of the laws and regulations, with the amount of encryption that you actually need. As a rule of thumb, if you encrypt everything you're going too far. But, what you indeed do encrypt needs to be a function of what data you’re protecting.

Security continues to be a struggle for those who are new to cloud computing. The good news is that most of the security features are there to make things secure and compliant. The bad news is, the risk of attack is not going anywhere for now. Good luck.