Cloud security and IT security in general often overlook complexity. It’s not taught in security courses, and most experts don’t consider it in risk analytics. Credit: SQBack / Getty Images It’s a fact that most enterprises put security teams and tools in a silo. It drives me nuts when I see these bad habits carried over to cloud computing security. I covered this topic three years ago, and for the most part, it’s unchanged. Many of today’s security breaches are due to human error. A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches. The cost? A half-million dollars per breach. The cause? Most of the time, too many moving parts for security teams to keep secure. They lose track, things are misconfigured, and the breach occurs. Simple. Complexity is not new; it’s been creeping up on us for years. More recently, multicloud and other complicated, heterogenous platform deployments have accelerated overly complex deployments. At the same time, security budgets, approaches, and tools have remained static. As complexity rises, the risk of breach accelerates at approximately the same rate. Most IT shops don’t consider complexity a significant metric to track when researching cybersecurity or cloud security. It’s often neglected because most security is a siloed set of processes. The architecture teams look at security as a black box where stuff is tossed over a wall and somehow magically becomes secure. We’ve needed to integrate security with development, architecture, and operations for a long time. Some organizations practice devsecops (development, security, and operations) and integrate these concepts, bringing everyone’s expertise to bear on all problems. In an ideal world, security is never somebody else’s problem because the lines of demarcation between development, architecture, security, and operations do not exist. Everyone works together across all development, design, and deployment aspects. Security is systemic to everything, which is the correct way to view it. When security is everywhere, it also becomes a factor when defining core cloud and non-cloud architectures, including the amount of complexity introduced and how to effectively manage it. This includes addressing increased security risks through security operations. Many approaches, concepts, and technologies can be used to manage and lower risk while simultaneously increasing the value delivered to the business. As we enter 2023, it’s a bit disconcerting that we still live with security risks due to rising complexity or siloed approaches. The culture in many enterprises perpetuates our inability to manage things. Too many in IT still say, “You stay in your corner of IT while I’ll stay in mine.” This is no way to do cloud computing or cloud security and expect to succeed. Let’s look in the mirror and see what we can improve as we go into the new year. Related content analysis Strategies to navigate the pitfalls of cloud costs Cloud providers waste a lot of their customers’ cloud dollars, but enterprises can take action. By David Linthicum Nov 15, 2024 6 mins Cloud Architecture Cloud Management Cloud Computing analysis Understanding Hyperlight, Microsoft’s minimal VM manager Microsoft is making its Rust-based, functions-focused VM tool available on Azure at last, ready to help event-driven applications at scale. By Simon Bisson Nov 14, 2024 8 mins Microsoft Azure Rust Serverless Computing how-to Docker tutorial: Get started with Docker volumes Learn the ins, outs, and limits of Docker's native technology for integrating containers with local file systems. By Serdar Yegulalp Nov 13, 2024 8 mins Devops Cloud Computing Software Development news Red Hat OpenShift AI unveils model registry, data drift detection Cloud-based AI and machine learning platform also adds support for Nvidia NIM, AMD GPUs, the vLLM runtime for KServe, KServe Modelcars, and LoRA fine-tuning. By Paul Krill Nov 12, 2024 3 mins Generative AI PaaS Artificial Intelligence Resources Videos