OPINION TBT
THE CLOUD SECURITY
MYTH PERSISTS…
BUT WHY?
As this year’s London based
Techerati Conference (the new
name for Cloud Expo Europe
and associated shows) one of
the themes that appears to
have raised its head again is
the question surrounding cloud
security.
This concern has dogged the
industry for years in a variety
of forms. The real issue is that
it is not the same argument
as when this fi rst appeared, it
has evolved. Unfortunately, the
confusion is caused because it
is still being presented in the
same way as years gone by,
namely:
“Our clients are concerned about cloud security.”
The long standing reality is that cloud is often more secure than many
other solutions but the challenge of increasing technical complexity
makes the management of security more diffi cult.
This justifi es why the conversation about cloud security continues to
be entirely relevant, unfortunately, the unintended consequence has been
that the myth and misconception surrounding it has persisted.
The cloud security landscape has evolved rapidly and is becoming
even more sophisticated. Some of the biggest breaches in the last
few years have been caused by engineers and developers making
confi guration errors that have resulted in signifi cant reputational
damage. Whilst these errors are often not malicious nor intended, it
does not alter the outcome.
The technology security industry faces the recurrence of an old
challenge in an evolved form – addressing the people and process
elements of technology security.
For example, the rise of microservices means that implementing the
correct security settings is key, but signifi cant oversight to check and
verify these things can show a lack of trust in developers but also slows
down the rate of deployment and therefore negating the benefi ts of this
approach.
Given that nearly one-third of organisations inadvertently exposed at
least one cloud storage service in 2018, according to Unit 42 report, it
is clear that governance and security hygiene is a factor that continues
to need work.
Many organisations are still unclear as to where their responsibilities
begin and end within their cloud agreements, it is likely that the
perpetuation of cloud security concerns will happen, but this is not
going to be solved through a technical solution but through better
understanding of responsibilities, governance and security hygiene.
The real question is which of the cloud security vendors will lead in the
education and management of such hygiene measuring services in the
coming years.
Jez Back
Independent Technology Consultant,
Erebus Technology Consulting Services Ltd
April 2019 www.technologybusinesstoday.com
/www.technologybusinesstoday.com
/