Do ‘cloud-first’ strategies create a security-second mindset?
Too often, I hear system administrators tell me that their organization’s cloud-first strategy is jeopardizing security. With each new software-, infrastructure, and platform-as-a-service adopted by line-of-business users or within enterprise IT, security seems to be an afterthought.
The challenge with most cloud-first strategies is that they incorporate both hybrid cloud (private and public) and multicloud (heterogeneous cloud infrastructures from multiple vendors) environments; in almost all cases, these infrastructures lack consistency in management interfaces, access controls, and third-party tool support. So, not only do cloud-first strategies increase your organization’s attack surface, they can be difficult to manage and secure.