By Palo Alto Networks VP of strategic alliances and global accounts Armando Dacal.
The race to the cloud is in full swing and there isn’t likely to be an organisation that’s serious about growth that doesn’t use cloud services to some extent. However, this sense of urgency could be causing many chief information officers (CIOs) to approach cloud security backwards, making their organisations vulnerable to attack, according to Palo Alto Networks.
The race to the cloud is in full swing and there isn’t likely to be an organisation that’s serious about growth that doesn’t use cloud services to some extent.
However, this sense of urgency could be causing many chief information officers (CIOs) to approach cloud security backwards, making their organisations vulnerable to attack, argues Palo Alto Networks VP of strategic alliances and global accounts Armando Dacal.
Organisations are trying to move fast and be nimble but it’s happening at the expense of security,” said Dacal.
The focus is on moving to the cloud as quickly and successfully as possible; but not on securing the cloud. Many CIOs are realising that, once they’ve relocated a significant part of their company’s workload and data to the cloud, they need to retrofit security solutions and processes. That approach is leaving organisations open to cyberattacks, the costs of which can be staggering both in terms of financial losses and the reputational hit that goes along with a high-profile breach.
Part of this slipshod approach to cloud security could be due to the fact that IT buyers today don’t have the same mandate, strategy, knowledge, and experience compared with IT buyers a decade ago. Line of business managers are empowered to make decisions regarding technology adoption and cloud services, and these decisions aren’t always made in full view of the CIO and the organisation’s overarching strategy.
Today’s IT buyers are no longer necessarily IT experts. This, plus a lack of clear communication between business departments, means CIOs don’t always have full visibility into what cloud services the company is consuming and how those services are being secured. Business users don’t want to be slowed down by security concerns; they just want to move functionality to the cloud. Asking the CIO to vet and secure those services can be seen as a barrier to growth. And, furthermore, too many business users assume things are natively secure, whether on premise or in the cloud, when they’re absolutely not.
Public cloud services work on a shared responsibility model when it comes to security. The cloud provider is responsible for securing the infrastructure, while the customer is responsible for securing the data and workloads they put into the cloud.
Failing to build security into all cloud deployments from the beginning is a recipe for disaster. Businesses need to ensure all parts of the organisation are communicating openly and clearly when it comes to adopting technology, whether that’s cloud or any other system. CIOs must be given a lead role in developing a strategy to adopt cloud services securely.
It’s important not to chase the benefits of speed and agility while forgetting how important security is. Businesses need a security solution that can control data in the cloud and on premises, and make sure security follows users everywhere. The solution shouldn’t slow users down but it should give them peace of mind that the workloads and data they’re using in the cloud aren’t going to compromise the organisation’s security.
Doing this effectively means building in security from the very beginning of a cloud project rather than trying to retrofit security once the project is complete.