Sorry, but there's no universal cloud security solution

Cloud security in a box is a myth; in reality, each cloud project comes with its own set of unique problems to solve

Sorry, but there's no universal cloud security solution

I often hear about cloud-based security solutions that solve all security problems. It’s a simple fact that such an animal does not exist.

Why? Because the problem domains are just too different. Therefore, security requirements are different as well. If you try to push the same security solution across all workloads, you'll find it doesn’t work across them all -- and that's if you're lucky. If you're not lucky, you won't know until it's too late where the solution doesn't work.

Your applications are built with very different programming engines, databases, and middleware, and all those attributes help determine the type of security solution you should use. That brings in (necessary) complexity, which makes using "standard" security tools and processes an impossibility most of the time.

Also, compliance requirements differ vastly across companies and systems. People who are in health care understand this only too well, as do those in finance. Even organizations that do not have to deal with strict regulation may find that the "security solution in a box" misses things that can cause problem later, including how it deals with personally identifiable information and other regulated data.

Today’s best model for security includes the use of identity and access management (IAM), which is based largely on the requirements of the workloads. IAM systems are very configurable, so they can be different things to different cloud workloads. That's a good thing, but it means you’ll have to do a lot of customizing because nothing will work out of the box.

It’s not all bad news. There are standard security configurations that you can use around similar workloads. But you must understand the problem and solutions patterns, then try to find some commonality to have any realistic hopes of applying a "standard" or "out of the box" security solution to that subset.

You should expect to deal with dozens of security tools and models to get security right for your cloud projects -- just as you should for your on-premises technologies. There’s no free lunch.

Copyright © 2016 IDG Communications, Inc.