Those hastily moving to post-pandemic cloud-based platforms are likely to make some major security mistakes, depending on how fast they are moving. Why? This is new to most of them, there are few known best practices for cloud security, and humans get overwhelmed with the tasks of securely moving to the cloud quickly.
I’ve put together a short list of some of the security mistakes I see as enterprises rush to the cloud.
Mistake 1: Not gathering and reacting to operational security data in real time.
The notion of SIEM (security information and event management) means gathering operational security data in a central location to manage existing or forthcoming incidents in real time. We can leverage data as a weapon: supporting audits, correlating data, and using predictive analytics, all to gain better insights as to the state of security and to proactively combat attacks.
Mistake 2: Not dealing with data security at the database levels.
Data security is really considered storage security by most of those who manage security in the cloud. This is a huge mistake, considering that data has special security needs, including governance and compliance policies for the data and how they link to security. Most important is the ability to manage security down to the row and object levels, ensuring that data can be protected in fine-grained ways. This typically means dealing with native database security and metadata management systems, something that most cloud security pros don’t understand. Not understanding security at the data level will likely lead to an external or accidental data loss event at some point.
Mistake 3: Not having a vision for cloud security.
An old boss of mine said: “You need to spend at least 10 percent of the time dreaming about what’s possible.” Those charged with cloud security need to focus on what’s next, as well as what’s now.
By the time you’ve set a course and deployed a technology solution around your planning and vision, two years will have passed for most enterprises—an eternity at the pace of cloud computing security.
Chances are you’re making at least one of these mistakes. If you’re not, congratulations. In the real world of cloud security, we need to be reinventing things continuously. That’s the ultimate best practice.