Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

The New Enterprise Cloud Wars are a Security Risk

DZone's Guide to

The New Enterprise Cloud Wars are a Security Risk

While the big guys battle it out for large clients, smaller companies are sometimes left with only multicloud to save costs, sometimes sacrificing security.

· Cloud Zone ·
Free Resource

Insight into the right steps to take for migrating workloads to public cloud and successfully reducing cost as a result. Read the Guide.

The battle to convince businesses to move everything to the cloud rages on, but the effects of innovation in one realm may very well lead to the death of innovation in another. As the large clouds—IBM, Azure, Oracle, Google—continue to fight it out and battle for domination in the cloud storage and computing space, smaller cloud companies are coming up in attempts to help large multinationals go to multiple shared public clouds in a more economical way. Not everyone has FireEye’s capability to go all in with one provider.

Today, businesses are enticed by small companies with onboarding offers they can’t refuse, especially in the lean, bootstrapped startup realm. Now, instead of running with a few clouds, companies are splitting themselves across an average of 91 cloud services, separating lines of business to take advantage of credit offers by smaller cloud companies seeking to compete with the bigger players. There's just one problem—they're saving money at the expense of security, and getting hacked can cost more than just data loss. A security breach can mean the end of a business and thus a killer of innovation.

The Subprime Cloud Crisis

In the traditional format of yesteryear, data and IP was hosted securely in a data center. From a security perspective, everything was copacetic, because boundaries on data centers were clearly defined. This approach slowly gave way to the hybrid cloud, where the traditional data center was augmented with the addition of a cloud like AWS. While this created a more complex security environment than before, it was still manageable. 

Nowadays, however, businesses have been enticed with sign-on deals by smaller clouds and have split their assets among numerous providers. Unfortunately, many security efforts have failed to keep pace. What we have now is essentially the subprime loan crisis of the internet security world. When a business can't afford to pay for a single, secure cloud provider, they instead divvy up their various lines of business to separate cloud providers to buy time, especially in the beginning of a startup. Having X amount of time as a runway to get their product off the ground is pitted against the time they have before their rates go up, when their signing bonus expires. In these cases, security is an afterthought.

The Dynamic Death of Innovation

The problem here is that individual cloud providers act as if they were utility companies. Their liability is limited—read up on the responsibility gap. Cloud providers simply provide a service and security measures fall to the consumer. While several cloud infrastructures may offer all the proper tools to provide a secure system, it is still in the consumer’s domain to acquire the technical knowledge or ability to configure systems properly.

And this isn't just a problem for small startups—it affects companies both big and small. When Verizon was breached, for example, it was through a misconfigured AWS S3 bucket. Did Amazon take the blame? Certainly not. Instead, it stated that it gave Verizon all the proper tools to secure the S3 bucket, and the company simply failed to do so.

What ends up happening is that a line of business gets compromised like this and the parent brand is harmed. People get a bad taste. And this becomes the cause of death for innovation. A startup that is attempting to take advantage of cost-savings could accidentally subject itself to security threats that, if and when breached, hacked or exposed, could doom the company.

The Invisible Solution of Visibility

The solution is not, however, to bite the bullet and pay the big bucks for a single cloud storage provider, as some bigger companies can afford to do. Rather, we need to find a way to provide a secure way for companies to spread their lines of business across multiple public clouds as they see fit. The solution lies in an easy and consistent way to provide visibility across extremely distributed data center inside a single analytics platform, and that technology already exists.

TrueSight Cloud Cost Control provides visibility and control over multi-cloud costs including AWS, Azure, Google Cloud, and others.

Topics:
cloud ,cloud security ,multicloud management ,security ,visibility ,startups

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}