CloudBolt CEO Jeff Kukowski shares his top-three cloud security resolutions that IT leaders should commit to.
Consistency, vigilance
First, he says to prioritise consistency as much as vigilance. “While cyber security requires vigilance, it’s not enough to just be aware – you also have to be consistent in your efforts to secure your cloud resources.”
He cites statistics from the company’s recent CII report on cloud security, which revealed that a whopping 79% of IT leaders questioned whether their companies apply consistent cloud security policy enforcement, while 69% of responding developers claimed they spend less than one hour a week ensuring the cloud resources they provision are secure.
“Any inconsistency in policy enforcement means you’re not 100% secure, and when it comes to cloud, almost secure is the same as not secure at all.”
Close the skills gap
The report also found that over two-thirds (68%) of respondents believe their companies’ security skill sets across all clouds are only “somewhat mature,” and another 20% say “neutral” – figures that hardly inspire confidence.
Furthermore, 72% of respondents admit their organisations moved to the cloud (and specifically, multi-cloud) without properly understanding the skills, maturity curve, and complexities that make it all work securely.
“In 2023, execs must make it a priority to close that skills gap and start implementing highly operationalised and consistent cloud security practices,” says Kukowski.
Security, from the ground up
Too many entities assume that sufficient security is already built into tools like Prism, Terraform, and cloud-native tools. But the unique nuances of settings and required knowledge between each major cloud create opportunities for human error, he explains.
“In 2023, enterprises must have automation and standardisation in place across all their technologies so that proper security processes, protocols, and best practices can be built into cloud workloads up front,” says Kukowski.
It’s a major concern that a mere 6%of respondents said that their companies automatically build security into every workload.
“But this needs to become standard practice; you can't have adequate security when you still have humans performing manual steps to configure workloads,” he ends.
Share