Why cloud security should be systemic, and is often not

Deloitte on Cloud Blog

Truth-be-told, security is all or nothing. Either you have all of the doors locked, or they might as well be unlocked.

April 10, 2018

A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP

I’m frequently reminded of the need for cloud security, but often taken aback by how many people don’t really understand exactly what it is. More troubling is how many lack an understanding of its role within cloud computing and everything else connected to the public cloud that hosts corporate workloads, including traditional systems.

Truth-be-told, security is all or nothing. Either you have all of the doors locked, or they might as well be unlocked. Cloud security is only as strong as the weakest link. This causes vulnerabilities that can be exploited by hackers to cause breaches—and subsequent negative news coverage.

The simple rule is that nothing should be left unconsidered within the “domain.” If you leverage a public cloud to host 100 application workloads and data, and also connect those workloads to on-premises systems, perhaps 20+ IoT devices, and even to a public information exchange hub, you need to make certain they are all secure to the standards of the business and the data you’re protecting.

The path that most in corporate IT take is to lock up their public cloud data using whatever security tools are appropriate. Indeed, identity and access management (IAM), encryption, etc., are often employed.

The trouble comes in when you consider what’s connected. Public cloud-based workloads don’t stand alone, and they often exchange information with traditional on-premises systems, such as mainframes, or other systems that generate or consume data, such as robots on a factory floor, older EDI mailboxes, truck delivery products…you get the idea.

If you think a breach is unlikely to happen via those connections, let’s take connected IoT devices as an instance of technology that may be creating vulnerabilities. Gartner, Inc. forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion. That is unlikely to be enough, considering the number of IoT-enabled devices in use, that will be in use, and their ability to make attached cloud systems much less secure as well.

Despite the steady year-over-year growth in worldwide spending, Gartner predicts that through 2020, the biggest inhibitor to growth for IoT security will come from a lack of prioritization and implementation. Companies that leverage IoT may not follow security best practices and leverage the right tools in IoT planning. This can hamper the potential spend on IoT security by 80 percent, which means that the hackers will likely go after these connected devices, again according to Gartner.

So, what’s your call to action? Here are a few things to consider:

  • First, cloud security extends to all connections to cloud systems, be they traditional systems, devices, exchanges, whatever.
  • Second, you should create a plan to figure out your security requirements, including how you will secure all connected systems in ways that they won’t be points of vulnerability.
  • Finally, it’s important to understand that this is a consistently evolving area of technology, and that your first instance of systemic cloud security should proactively improve over time.


Interested in exploring more on cloud?

Site-within-site Navigation. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.