Moving to a post-pandemic cloud deployment? You can easily avoid these security errors Credit: OpenClipart-Vectors Those hastily moving to post-pandemic cloud-based platforms are likely to make some major security mistakes, depending on how fast they are moving. Why? This is new to most of them, there are few known best practices for cloud security, and humans get overwhelmed with the tasks of securely moving to the cloud quickly. I’ve put together a short list of some of the security mistakes I see as enterprises rush to the cloud. Mistake 1: Not gathering and reacting to operational security data in real time. The notion of SIEM (security information and event management) means gathering operational security data in a central location to manage existing or forthcoming incidents in real time. We can leverage data as a weapon: supporting audits, correlating data, and using predictive analytics, all to gain better insights as to the state of security and to proactively combat attacks. Mistake 2: Not dealing with data security at the database levels. Data security is really considered storage security by most of those who manage security in the cloud. This is a huge mistake, considering that data has special security needs, including governance and compliance policies for the data and how they link to security. Most important is the ability to manage security down to the row and object levels, ensuring that data can be protected in fine-grained ways. This typically means dealing with native database security and metadata management systems, something that most cloud security pros don’t understand. Not understanding security at the data level will likely lead to an external or accidental data loss event at some point. Mistake 3: Not having a vision for cloud security. An old boss of mine said: “You need to spend at least 10 percent of the time dreaming about what’s possible.” Those charged with cloud security need to focus on what’s next, as well as what’s now. By the time you’ve set a course and deployed a technology solution around your planning and vision, two years will have passed for most enterprises—an eternity at the pace of cloud computing security. Chances are you’re making at least one of these mistakes. If you’re not, congratulations. In the real world of cloud security, we need to be reinventing things continuously. That’s the ultimate best practice. Related content analysis Strategies to navigate the pitfalls of cloud costs Cloud providers waste a lot of their customers’ cloud dollars, but enterprises can take action. By David Linthicum Nov 15, 2024 6 mins Cloud Architecture Cloud Management Cloud Computing analysis Understanding Hyperlight, Microsoft’s minimal VM manager Microsoft is making its Rust-based, functions-focused VM tool available on Azure at last, ready to help event-driven applications at scale. By Simon Bisson Nov 14, 2024 8 mins Microsoft Azure Rust Serverless Computing how-to Docker tutorial: Get started with Docker volumes Learn the ins, outs, and limits of Docker's native technology for integrating containers with local file systems. By Serdar Yegulalp Nov 13, 2024 8 mins Devops Cloud Computing Software Development news Red Hat OpenShift AI unveils model registry, data drift detection Cloud-based AI and machine learning platform also adds support for Nvidia NIM, AMD GPUs, the vLLM runtime for KServe, KServe Modelcars, and LoRA fine-tuning. By Paul Krill Nov 12, 2024 3 mins Generative AI PaaS Artificial Intelligence Resources Videos