Home > Cybersecurity > Cloud Security Best Practices
Now more than ever, organizations need to prioritize a “cloud first” approach to enable their businesses to transform with agility, at scale. But every new public cloud instance has the potential to create a security storm. The default settings for a new cloud instance are unlikely to satisfy even the most basic security requirements of any business operation.
According to Accenture, while the cloud offers new opportunities to modernize services and transform operations, less than 40% of enterprises are achieving the full expected value from their cloud investments.
Security and compliance risks remain the biggest barriers to cloud adoption. Combined with difficulties in proactively addressing the complexity of secure configuration and a lack of skills, these challenges can be major obstacles to a journey that prioritizes the cloud.
What should business leaders do?
Cloud security can enable better business outcomes by being:
“Certainly, everyone wants to be secure, and companies should always sin by excess, not by omission,” comments Ryan Wickham, managing director of Infrastructure Services at the consultancy. “But ‘it’s important to try to do this in a way that doesn’t affect application performance and ultimately the user experience”, he adds.
Gartner projects that by 2025, 99% of cloud security failures will be the fault of customers, not vendors. Errors that often can be attributed to misconfigurations. With the average cost of a cloud breach rising, it is clear that cloud cybersecurity must be addressed thoroughly and quickly.
Many enterprises do not understand the shared responsibility model of the cloud. In addition, variations in tools, features, and policies among cloud providers can complicate things.
According to a recent report on the state of cloud-native security, 73 percent of enterprises still struggle to properly define the security responsibilities of their cloud security provider and their own. The same report also noted that three-quarters of companies surveyed have cloud security tools and solutions being overrun by threats.
In the opinion of the Accenture team, security professionals must ask the right questions from the start: Buy versus build? How much native? How to choose the right models and partners? How to ensure secure interoperability between cloud and legacy? When to replicate security controls instead of abstraction, and how to drive consistency in security operations?
These are all questions that need to consider in advance of the journey to the cloud. And while mitigating risk and protecting data in the cloud is a priority, security must be incorporated consistently. Often, it is added only at the end of the journey and ends up impacting business results.
Make no mistake, migration to the cloud is complex. It needs a formal strategy and strong governance. But the rewards are many and worth it: your company can enable security features and controls in minutes instead of hours, and act without friction. You can be more proactive in preventing malicious security incidents. And scale up quickly by applying automation and self-healing processes to reduce manual steps.
Still, in the opinion of the Accenture team, the following four steps can guide any journey that prioritizes the cloud and introduces security at speed and scale from the start.