Public cloud computing (IaaS, PaaS, SaaS) has often been a foundation for many onprem to cloud workloads replacements. More recently however, public cloud computing is teaming up with other technology trends like IoT/OT adoption, 5G proliferation, and work from home (WFH) momentum to accelerate the pace of digital transformation initiatives.
Unfortunately, one of the primary conclusions of the Oracle and KPMG research is that there is a consistent mismatch between the scale, velocity, and temporal nature of cloud computing and rigid cybersecurity programs that continue to underscore the level of preparedness businesses have with regards to their cloud security programs.
KPMG’s Cloud threat report series (5th report) with Oracle, highlighted the cloud security readiness gap as it relates to business executives and CISOs.
Public Cloud Security Challenges
Simply moving on-premises workloads to a public cloud doesn’t automatically make these workloads more secure. Leading public cloud IaaS providers have extensive native security capabilities that, if properly leveraged, result in workloads that are better-protected than those in traditional enterprise data centers.
Organizations should neither underestimate cloud risks and take cloud security for granted nor overestimate cloud risks and allow unwarranted fears about security to inhibit their use of public cloud services.
Multiple news stories have demonstrated that information can leak out of clouds. However, these examples demonstrate that it is almost always users, not the cloud provider, who fails to manage their controls to protect their data. Clouds are secure, but organizations are often not using them securely.
10 Best Practices to Improve Cloud Security
The pervasive cloud security readiness gap is not a surprise as many organizations have numerous cloud security issues in areas like, Application security, Data security, Shadow IT, Identity and access management (IAM), shared responsibility security model and on top of them all Cyber attacks as well.
Gartner recommends engaging certified cloud partners early on in your cloud planning process, to ensure that loopholes are identified early and plugged in before it turns out to be a disaster.