It's the perfect time for organizations to commit to improving their cloud security as cyber attacks and breaches on the rise and attack surface continually growing. With this in mind, CloudBolt CEO Jeff Kukowski shares the top-three cloud security resolutions IT leaders should commit to:
Prioritize consistency as much as vigilance.
While cybersecurity requires vigilance, it’s not enough to just be aware – you also have to be consistent in your efforts to secure your cloud resources.
According to our recent CII report on cloud security, 79% of IT leaders also questioned whether their companies apply consistent cloud security policy enforcement, while 69% of responding companies’ developers said they spend less than a single hour per week ensuring the cloud resources they provision are secure.
Any inconsistency in policy enforcement means you’re not 100% secure, and when it comes to cloud, “almost secure” is the same as “not secure at all.”
Close the skills gap.
Our security report found that 68% of respondents think their companies’ security skill sets across all clouds is only “somewhat mature,” and another 20% say “neutral” – not exactly resounding assurance.
Moreover, 72% of respondents admit their companies moved to the cloud (and specifically, multi-cloud) without properly understanding the skills, maturity curve, and complexities of making it all work securely. In 2023, execs must make it a priority to close that skills gap and start implementing highly operationalized and consistent cloud security practices.
Automatically build security into workloads upfront.
Too many companies assume that sufficient security is already built into tools like Prism, Terraform, and cloud-native tools. But the unique nuances of settings and required knowledge between each major cloud create opportunities for human error.
In 2023, enterprises must have automation and standardization in place across all their technologies so that proper security processes, protocols and best practices can be built into cloud workloads up front. It’s concerning that only 6% of respondents said that their companies automatically build security into every workload. But this needs to become standard practice; you can't have adequate security when you still have humans performing manual steps to configure workloads.