Why cloud security should be systemic, and is often not
Deloitte on Cloud Blog
Truth-be-told, security is all or nothing. Either you have all of the doors locked, or they might as well be unlocked.
April 10, 2018
A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP
I’m frequently reminded of the need for cloud
Truth-be-told, security is all or nothing. Either you have all of the doors locked, or they might as well be unlocked. Cloud security is only as strong as the weakest link. This causes vulnerabilities that can be exploited by hackers to cause breaches—and subsequent negative news coverage.
The simple rule is that nothing should be left unconsidered within the “domain.” If you leverage a public cloud to host 100 application workloads and
The path that most in corporate IT take
The trouble comes in when you consider what’s connected. Public cloud-based workloads don’t stand alone, and they often exchange information with traditional on-premises systems, such as mainframes, or other systems that generate or consume data, such as robots on a factory floor, older EDI mailboxes, truck delivery products…you get the idea.
If you think a breach is unlikely to happen via those connections, let’s take connected IoT devices as an instance of technology that may be creating vulnerabilities. Gartner, Inc. forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion. That is unlikely to be enough, considering the number of IoT-enabled devices in use, that will be in use, and their ability to make attached cloud systems much less secure as well.
Despite the steady year-over-year growth in worldwide spending, Gartner predicts that through 2020, the biggest inhibitor to growth for IoT security will come from a lack of prioritization and implementation. Companies that leverage IoT may not follow security best practices and leverage the right tools in IoT planning. This can hamper the potential spend on IoT security by 80 percent, which means that the hackers will likely go after these connected devices, again according to Gartner.
So, what’s your call to action? Here are a few things to consider:
- First, cloud security extends to all connections to cloud systems, be they traditional systems, devices, exchanges, whatever.
- Second, you should create a plan to figure out your security requirements, including how you will secure all connected systems in ways that they won’t be points of vulnerability.
- Finally, it’s important to understand that this is a consistently evolving area of
technology,and that your first instance of systemic cloud security should proactively improve over time.
Interested in exploring more on cloud?