According to the 2020 Thales Data Threat Report – European Edition, European companies have a false sense of security when it comes to protecting themselves. Only two-thirds (68 percent) see themselves as vulnerable, down from 86 percent in 2018. This confidence contradicts the findings of the survey, where 509 executives revealed that slightly more than half (52 percent) of their European companies were hacked or failed a compliance audit in 2019.
Core to this issue is the belief by 40 percent of respondents that the complexity of their business environments makes their data much less secure. It’s no secret that multicloud adoption is the main driver of cloud complexity, with 80 percent of businesses using more than one IaaS cloud provider.
Cloud complexity has been identified during the past few years as an issue that arises with multicloud deployments. Most enterprises are aware of operational problems that arise when dealing with two or more IaaS cloud providers at the same time, but most have not yet linked complexity with security issues.
As always, it’s one thing to declare a problem, and another to find solutions. Here are a few suggestions:
- Invest in security management layers. These could be one or more security systems that can work across cloud providers. Although these layers are not magic solutions, they do remove those who operate security systems (secops) from the need to deal with the native cloud security of multiple providers. This reduces complexity and the likelihood that a complicated deployment will lead to security holes that aren’t discovered until it’s too late.
- Consider the cloud complexity trade-off before going to complex cloud deployments. Although it’s good to pick best-of-breed technology for your application and data deployments, I see many Global 2000 enterprises managing five or more cloud providers. This creates a complexity nightmare with its obvious negative impacts, and that includes security. Multicloud deployments are fine, but you need to consider the operational costs and risks of using more than two public clouds.
- Consider security during the architectural planning phases. The days of security being the last step in a deployment are long gone. Security planning should be systemic to everything you do.
Cloud complexity will be with us for the next several years as we learn more about the challenges of operating plural clouds. I suspect the complexity/security relationship will get more attention when complexity is determined to be the root cause of some high-profile data breaches.