Everyone believes they have the magic cloud security solution, but many problems require bigger thinking. Credit: Grasetto / Chakis Atelier / Getty Images As a cloud architect, I am amazed that cloud security is still so hard. We’ve had identity access management (IAM) for more than a decade. Now we have deep encryption services, key management, and most recently, zero trust and secure access service edge (SASE). Note that zero trust and SASE are terms defined by Forrester Research and Gartner, respectively, and not by groups of security solutions providers. Despite all this security technology, security solutions have become more complex and difficult to operate as cloud deployments themselves become more complex. As the technology and technology concepts (such as SASE) add more big ideas to the problem, the growth of cloud, Internet of Things, edge computing, and now work from anywhere quickly outpaces our ability to provide workable and cost-effective security. Our deployments become less secure rather than more. Don’t get me wrong, I tell my clients all the time that enough time and money will solve all security problems. But no enterprise has unlimited money or time. The challenge is to define a framework of technology that can provide cost-effective, nearly optimized security solutions with the understanding that full optimization is impossible. The framework also needs to be flexible and remove operational complexity. SASE and other big idea solutions are just conceptual at this point. Security providers promote SASE as the answer, but the actual solutions are still evolving and implementations are few and far between. According to Gartner Analyst Nat Smith, SASE is more of a philosophy than a checklist of features. So, just what is SASE and will it save us? SASE combines SD-WAN capabilities with security and delivers them on demand. Security policies are enforced on and tailored to each user session, based on the identity of the connecting entity, context (behavior of the device), compliance policies, and an ongoing assessment of risk for each session. Not to knock SASE or zero trust or anything else in the works, but I figure we need 20 bad ideas in order to pick a few good ones. We’ve already had some stinker ideas, so SASE and zero trust could turn out to be the winners. Just keep in mind that we’re not at a point where security products and/or concepts will show up in your cart as a predefined set of solutions. Today we must still cobble together security technology that may or may not be optimized for our cloud and/or enterprise security deployments. This means we still need to rely on the skills of the cloud security architect along with a handful of decoupled security technologies that we hope will do the trick. We’re sitting in a perfect storm: Too many security problems have yet to be solved, and the cloud deployment rate continues to explode. Something is waiting to happen. It’s time for some bigger thinking from nontraditional sources. To weather this storm, a certain amount of leadership needs to come from the masses, thought leaders, and solutions providers. And it needs to come soon. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos