adrian_ilie825 - Fotolia
Cloud adoption is still accelerating as companies rush to capitalize on flexibility, efficiency and scalability. In an Enterprise Strategy Group survey of 600 IT professionals, a 64% majority agreed that cloud infrastructure spending would increase in 2019 relative to the previous year, while just 4% predicted it would decrease. Those numbers stand to mirror in 2020 as well.
Whereas moving to the cloud was once considered a bold leap that required careful planning and calibration, the Cloud Security Alliance reported 66% of companies operate in multi-cloud environments, with some relying on dozens or even hundreds of disparate cloud platforms. In these instances, in which each platform has different security requirements and data access controls to put into place, it's easy for organizations to get lost in cloud sprawl.
For organizations coping with these challenges, it can be tempting to try to put together a blanket approach to cloud security. Unfortunately, with the distinct differences among SaaS, IaaS and PaaS, that decision will inevitably hit a dead end. Instead, you need a viable roadmap. To conquer the chaos of cloud sprawl and make sense of cloud security, companies would be wise to follow these two critical steps.
1. Determine where responsibilities lie
Companies used to fear public cloud adoption because of the notion that a public platform opens up a host of security risks. Over time, it became clear that public cloud infrastructure is actually safer and more secure than a traditional data center, and companies began moving en masse to platforms such as AWS and Azure. So, why do the breaches continue?
The majority of the time, the cloud itself isn't to blame. In fact, Gartner research suggested that, through 2025, an overwhelming 99% of cloud security shortcomings will be the customer's fault. Whether the error is a security misconfiguration, overlooked access risks or related to cloud sprawl, customers have too many clouds and do not pay enough attention to their own security responsibilities. Enterprises should start by figuring out what belongs in the cloud provider's court -- and what belongs in theirs -- and they'll be well on their way to securing their infrastructure.
2. Implement a process to audit security
There are distinct differences among SaaS, IaaS and PaaS that dictate whether responsibilities go to the customer or the provider. Particularly when relying on more than one system, an organization must make sure it knows those differences.
Because countless combinations of cloud infrastructures -- and cloud sprawl -- exist, no cloud security strategy will be one size fits all. The best way to secure corporate systems is by establishing an owner. When a single person is responsible for creating his company's strategy and auditing security requirements, small details such as data access are much less likely to be overlooked.
The cloud is driving incredible business value, but when an organization adopts multiple cloud environments, it also adopts more opportunities for misconfigurations and other overlooked details -- details that can ultimately cost a company a huge sum when a breach ends up in the headlines. To avoid the vulnerabilities that come with ignorance, don't leave anything to chance. Instead, enterprises must take a close look at their cloud configurations and start working to close the gaps.
Brian Olearczyk focuses on customer success for clients of RevCult. His perspective is informed by working with the most complex organizations in the world on data governance.