Cloud security secrets your cloud provider doesn’t want you to know

The first question most cloud security architects ask when tasked with designing a cloud security solution is: What cloud are you using? Then they typically select a set of technologies, such as IAM (identity and access management) and encryption, that are native to that specific cloud brand.

This may have been a sound approach just a few years ago, but today we live in a multicloud world where security needs to remove complexity as well as risk. Here are three cloud security secrets the public cloud providers won’t tell you:

Cloud-native security solutions offered by the big providers are not helpful if you have a heterogeneous multicloud solution. The security technology may work great for a specific cloud provider’s own product, but there is either no support or limited support for other public clouds—and most of us are using multicloud.

You have two choices. If you leverage whatever system is native to each public cloud, you’ll have to manage two or more security systems. Or you can find a common security solution, such as a security manager, that can deal with the different security issues for each cloud provider and abstract you from the complexity, which is likely to be a risk unto itself. The latter is the option I choose and is what works best for most enterprises.

Security can hinder performance and cost way more money each month if not engineered into the applications and data stores correctly. Cloud providers benefit from selling compute and storage services, and if your security solutions eat up more CPU cycles than they should then it’s time to re-engineer those solutions and how the applications use them. 

I’ve seen security and application tuning efforts reduce monthly costs by 80 percent, and at the same time increase performance of those applications four-fold.

Copyright © 2020 IDG Communications, Inc.

Source link