Are we putting too much blind faith in the cloud to deliver ournbusiness?
nnCloud services are an incredibly useful tool for the average organisation.nThey have brought corporate-style IT to businesses without having to commitnmillions of dollars to infrastructure budgets or vast amounts of in-housentechnical knowledge, and the pay-as-you-go model suits companies that don’tnwant (or can’t afford) to spend vast sums on hardware and hosting. Costsnbecome operational expenditure and can scale up (or down) with the businessnneed.n
nnWe would be remiss if we didn’t also acknowledge the positive role thatncloud services played in allowing businesses globally to implement remotenworking models quickly and viably. This little argument that cloud servicesnrepresent agile and rapid solutions to a variety of business needs.n
nnHowever, the extent of our reliance raises the question this world of cloudnservices too good to be true?n
nnCloud is Here to Stayn
nnIt’s unlikely that our burgeoning use of the cloud is likely to lead to andisastrous end, on a widespread scale. That said, if we’re not careful, wenstand every chance of ending up with a result that is at best slightlyndetrimental and at worst quite costly in time, money and security.n
nnOne problem is that cloud solutions are quick to get up and running in theirnbasic form. That basic deployment is often not good enough for us asnsecurity professionals, as we must care about implementing IT properly tonensure resiliency and security. Cloud services are particularly good forntrying stuff out – with minimal initial investment you can do all these funnAgilenthings like running upnnMinimum Viable Products (MVPs)nnandnnfailing fastnnwithout massive financial risk in infrastructure disruption. But as a wisensecurity specialist once said: there’s no such thing as an MVP in security.nIt’s simply not acceptable to put an MVP live without it having properncontrols to prevent security breaches; this doesn’t necessarily mean we havento have it fully integrated with our directory service and our plethora ofnsecurity tools while it’s still in the pilot stage, but the securityncontrols must be significantly more than minimal.n
nnEven if we secure our cloud services properly, though, there is anothernissue – and again it’s down to the fact that stuff in the cloud can be verynfast to sign up to, and potentially inexpensive. And this is the real threatnthat the cloud poses to our ability to do business and grow thenorganisation: trying to do everything because the barriers to entry are wayntoo low.n
nnExtracting Valuen
nnThere is a general trend in IT for organisations to fail to get value fromnthe technology they buy. There’s the old cliché about none of us ever usingnmore than a small percentage of the features of our office desktop suite,nbut the same applies to rather a lot of the technology we use. Many cloudnservices fall into this category. Part of this is down to cloud suites thatnhave a seemingly infinite number of extra features that you can add to thenbasic service for just a few dollars a month each. The other part can benattributed to our tendency to adopt a variety of systems across a number ofntechnology areas (we in the security world aren’t immune from this either –nhow many of us have started with the Microsoft 365 world then gone out andnadded a SIEM, a SOAR, email protection, web filtering, Data Loss Preventionnetc?).n
nnFalling into the trap of using too many products increases the threat to ournorganizations. If it’s security systems, we run the risk of never using anynof them to the level at which it provides actual benefit, because we don’tnalways have either the staff to use them properly or the time/funding forntraining the staff we do have. In general IT the story is similar: peoplenare spread across an excess of systems that the organisation never gets truenvalue from the tech. In both security and mainstream IT, the more tech wenbuy the less value we tend to get from it – and the more time we waste. It’snoften better to have fewer systems and use them fully than to scrape thensurface of the features of a myriad of platforms and services.n
nnWe described cloud services as “potentially inexpensive”, and that in a lotnof cloud suites the add-on extras cost “just a few dollars a month each”.nAll of which is fine, but anyone who has ever used cloud systemsn(particularly Infrastructure as a Service solutions) will be familiar withnthe term “Bill Shock” – where what looks like a small per-gigabyte chargenfor storage and a modest per-month fee for each virtual server CPU suddenlynleads to an eye-watering invoice at the end of the month once these modestncharges have been multiplied by all the gigabytes and processors being used.nAdd to this the variety of other different “inexpensive” cloud servicesnavailable and there’s a significant financial impact that can hit annorganization.n
nnUnless we’re sensible and careful about its use and cost, a cloud servicencan become a barrier to our business’ success. If we spread ourselves toonthinly by falling for the simplicity of the cloud then we risk beingndistracted from actually doing business and securing our IT assets, with anside order of a financial overspend on hand to burn us too.n
n- n
- n Find out more about ourn n CCSP certificationn n heren n
- n n Cloud Security Skill-Buildersn n grow what you know with short-format learning designed to fit your busyn schedulen n
- n n Download the CCSP Ultimate Guide heren n to get everything you need to know about the world’s leading cloudn security certificationn n