Some enterprises have too much security, but many don’t have enough. Where do you rank? Credit: Thinkstock It’s 5:00 a.m. sometime in 2018. The phone rings. It’s the cloudops team reporting a potential breach where gigabytes of customer data may have been compromised. You spend the next year toughening up cloud security, allocating four times what you spent in the previous year. The board of directors is happy to fund the additional tools and people. As we say: “You can’t have too much security.” But what if you can have too much security? When do you need to hit the accelerator, and when are you going too fast already? It’s a matter of where you exist on the cloud security spectrum. All enterprises are different. Each company stores and manages different types of data sets. They have different applications and processes in place. The ones in specific industries, such as healthcare and finance, have compliance restrictions that can be a nightmare. The notion is simple. Everyone has different security needs, and differences in data they are protecting. Thus, they should be on different parts of the security spectrum. For instance, in my earlier example, if the breached company were a tire manufacturer, spending four times the previous year’s security budget may be overspending, or not aligning with where it sits on the spectrum—just being reactionary. Yes, I’m making sweeping generalizations. Most tire manufacturers don’t deal with personally identifiable information the way that healthcare organizations do. Nor do they have to keep up with stringent auditable logging, as is required by most banks. Moreover, the data is probably fairly innocuous considering that the database information is about customers that are just a bunch of tire retailers—data that could be easily found on the website. Also, they don’t pay with credit cards, so none of that information is stored. The essence of cloud security is that there are no one-size-fits-all solutions. Cloud security architects need to work from the requirements to the solutions, not the other way around. I’m also asserting that those picking cloud security approaches and technology need to understand where they exist on the cloud security spectrum. Else, they’ll spend too much money, or more likely not enough. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos