This article is part of our State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
The following is an interview OpsCompass CTO, John Grange recently had with Alan Boehme, Chief Technology Officer, H&M Group.
JG: What is the state of cloud security today?
AB: The cloud has been around for well over ten years, and security has evolved to a state where it is enabling us, companies, and the world to make it viable and growing as the preferred way of doing business.
In the last five-seven years, we have seen a dramatic increase in investment by large companies and startups alike. Because of this increased focus improvements in security are evolving at a rapid pace. In addition to the increase in VC spending, researchers from universities and R&D labs from corporations are spending increasingly more of their time on cloud security.
JG: What are the most common challenges organizations face when it comes to cloud security today?
AB: Many corporations have internal policies and processes on data security that are still based on old operating models with assumptions about how data is used within a company. It’s these policies that sometimes impact an organization’s ability to become a cloud first company. The major cloud providers have been very successful in providing security for themselves, and by leveraging much of what they have put in place can be leveraged by large corporations.
In the beginning, Corporations assumed that internal policies and processes could be extended or adapted but instead it stunted the uptake of cloud computing. The Cloud Security Alliance (CSA) – an association with smart people from around the world – wanted to see the growth of cloud computing take off, so it created best practices and started offering training to corporations on how to take advantage of the technology and process best practices.
JG: What lessons can be learned from the biggest cloud-related breaches of 2020?
AB: It all comes down to people. If you look at the founding members of the CSA board, we have always recognized that human error is a major contributor to security failures. Whether it’s improper configurations, other areas that have inadvertently not been locked down appropriately, many of these breaches were people related.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
- Create a culture of security within the organization;
- You need a common understanding of what is required;
- Properly train and educate employees on best practices by the CSA;
There is safety in numbers to work and share. The CSA has thousands of professionals it works with to help them pick up best practices.
JG: What’s the future of cloud security?
AB: In the future, data is going to be more and more distributed, clouds will be more distributed. As data security and synchronization moves out to the nodes, we will need to redefine some of the concepts we have become used too.
How are we going to secure all this in a future world that is nothing more than a mesh? That is going to be the evolution of where cloud computing is going to have to go, therefore cloud security is going to have to change. One day when our data goes into the cloud and the compute and storage happens to occur in Space we will truly be implementing distributed “above the cloud” computing. In order to help us deal with this expansion and future on planet and off-planet threats, we are going to turn to quantum computing which is going to offer us new and exciting opportunities both from business perspectives, and security perspectives. It’s all coming faster than many of us acknowledge.