COVID-19 has been a boon for cloud computing. However, the haste to move to cloud is causing some enterprises to neglect security. Here’s what you need to look out for. Credit: Thinkstock Oh, what a cloud year 2020 was. Cloud spending grew by 37% in the first quarter of 2020 alone as many quickly understood that COVID-19 would leave them vulnerable if they were still using traditional data centers. Seeing a hockey stick in revenue and enjoying the urgency to drive processes remotely and securely, cloud service providers had an unexpectedly successful year. Core to this was a rush on public clouds and those who knew how to migrate and build cloud applications. Despite the fact that everyone was working out of their bedrooms, enterprise IT, consulting firms, and the cloud providers themselves were able to keep up with demand and accelerate the movement to the cloud, for the most part. Although the adoption of cloud computing—either fear-based or otherwise—is perhaps a silver lining to the pandemic, it has caused some new risks as well: Security planning has taken a back seat to being expedient. Haste has meant that many cloud migration and development projects don’t fully address security dependencies before deployment, and teams have to circle back to fix issues. Different development and migration groups are working autonomously, picking whatever security solutions they feel are best of breed without coordinating with the other teams or a centralized governance group. Those who attack enterprise systems, including those in the cloud, are well aware of these emerging vulnerabilities and are doing their best to figure out how to exploit them. 2021 and 2022 could see larger and more damaging data breaches making the news cycles, cloud or not. The fact remains that you have better security tools and processes in the cloud, and they are cheaper and easier to set up. It’s been that way for some time, as security technology providers spent their R&D dollars in support of the rapidly emerging public clouds. However, all the greatest security tools in the world won’t help you if you don’t know how and when to deploy them. What’s occurring now is a “rapid cloud deployment” strategy for many larger enterprises. Good application and database design, performance engineering, and choosing cloud-native features for better user experiences are being left behind for speed. That will get you complaints from users and larger cloud bills. But lack of security will kill you. The answer is, “Don’t forget security for each stage of migration and/or deployment.” The reality is most enterprises are making this critical error in varying degrees, from needing a few tweaks to having to gut all their cloud security. My suggestion is fundamental: Security should be centralized, both in authority and selection of standard technology throughout the enterprise. This means that one organization is charged with working with all migration and deployment teams to ensure that security is not only a repeating pattern, but that most are leveraging cloud security technologies that will work and play well together across cloud brands and from traditional systems to the cloud. The danger here is that these “cloud security overlords” will be dummies and won’t provide the correct support and coordination. Those who show up with only PowerPoint presentations, for instance, and no lists of tools and specific guidance on how to use them are not at all helpful. This one goes to you CIOs, CTOs, and even CEOs. Your jobs are on the line with this kind of risk; it’s time to get these vulnerabilities under control with some noninvasive security governance. Just avoid hiring or promoting those who will make things worse or more confusing. By paying a bit more attention, moving to the cloud to remove pandemic-related risks could be a security upgrade as well. Your choice. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos