Cloud security seems like something specific to a cloud provider, but emerging approaches and technologies are changing the game Credit: Thinkstock The first question most cloud security architects ask when tasked with designing a cloud security solution is: What cloud are you using? Then they typically select a set of technologies, such as IAM (identity and access management) and encryption, that are native to that specific cloud brand. This may have been a sound approach just a few years ago, but today we live in a multicloud world where security needs to remove complexity as well as risk. Here are three cloud security secrets the public cloud providers won’t tell you: Cloud-native security solutions offered by the big providers are not helpful if you have a heterogeneous multicloud solution. The security technology may work great for a specific cloud provider’s own product, but there is either no support or limited support for other public clouds—and most of us are using multicloud. You have two choices. If you leverage whatever system is native to each public cloud, you’ll have to manage two or more security systems. Or you can find a common security solution, such as a security manager, that can deal with the different security issues for each cloud provider and abstract you from the complexity, which is likely to be a risk unto itself. The latter is the option I choose and is what works best for most enterprises. Security can hinder performance and cost way more money each month if not engineered into the applications and data stores correctly. Cloud providers benefit from selling compute and storage services, and if your security solutions eat up more CPU cycles than they should then it’s time to re-engineer those solutions and how the applications use them. I’ve seen security and application tuning efforts reduce monthly costs by 80 percent, and at the same time increase performance of those applications four-fold. Training counts more than technology. I’ve investigated a lot of breaches during the past few years. For many, it’s not a lack of security tools and technology, it’s a lack of understanding how to use them correctly. Money spent on training actually reduces risk by a factor of 1000. For each dollar you spend on training, you remove $1,000 of risk (cost of risk) for the implementation. What’s more, this is not around cloud-native security training as offered by the cloud providers, this is for common security architectures and solutions that span all public clouds and on-premises systems. The theme is to think independently and question why things are currently done this way. Cloud security will only improve in a culture that challenges the status quo. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos