Everyone loves insider tips. In the case of cloud computing, the tips that matter are mostly about cloud security approaches and technology.
Here are three cloud security tips that your cloud provider won't want to tell you. But I will.
Tip 1: Cloud security should be decoupled from specific cloud providers
While the cloud-native security services are handy and work well, you limit yourself when your security services come from a single provider.
It’s a multicloud world, and security needs to rise above the cloud providers you use now or in the future. If you use cloud-native security services from each provider, you’ll have security around a single cloud instance, but you won't get holistic cloud security. That means your security services will be much more complex, which increases cost and the risk of a gap or that a cloud security service will fail.
The end game is to mix different security systems, both cloud-native and not, to define the best target cloud solution that also supports multicloud. Although this approach will cost more at first, it’s a better bet considering that you’re likely to have more than one public cloud under management that will also need to be secured.
Try to abstract security services and security management at a high enough level that the cloud providers can be plugged in and out with minimal effort.
Tip 2: Don’t go nuts with encryption
Although you can encrypt data at rest and in flight, it does not mean that you should always use encryption. Yes, it does add that extra layer of security, but it also costs more CPU time and can hinder performance. The result is more cost and latency.
Pick and choose the data you need to encrypt. Although we all have regulations that push us to encrypt some types of data, such as personally identifiable information (PII), nowhere is it written that you have to encrypt everything. Be circumspect about the data that needs to be locked up.
Tip 3: Focus on your talent, not the tools
I’ve watched it happen over and over again: Not having the right people on the job leads enterprises to make bad tech choices—and a failure to do the security operations needed to keep things secure.
Splurge on the right people before you splurge on technology. They’re a better investment.