Several times lately, CIOs and CISOs have asked me why the security toolset they get for “free” from their cloud service providers isn’t enough. Sure, it might not be the best … but isn’t it good enough for the program’s success?
It’s true that we don’t often need the Cadillac.But cloud programs are failing at high rates, and the number-one listed reason is security challenges. Teams are trying to use that SaaS or IaaS/PaaS cloud service provider-native security and finding after initial designs that it’s full of holes, or that it’s very difficult to operate across the enterprise. And trying to bolt on additional security to highly automated cloud deployments is not nearly as easy as it was in steadier-state traditional data center configurations. We as solution engineers are failing our development, business and security teams by not addressing the number-one factor in cloud transformation failure with tools that will better support their success in delivering secure cloud implementations.
Figure 2: Top concerns perceived to impact that lack of full program goal attainment
The CSPs and enterprise software providers just aren’t considering full architectural requirements for security, at a time when architecture overall—and security architecture in particular—is more important than ever. And they don’t have that perspective: Operating a complete end-to-end security architecture and program isn’t the perspective of these software companies’ product teams. Enterprise security is still needed, but new perspectives, ..
Support the originator by clicking the read the rest link below.
