Just Eat’s cloudsec chief Stu Hirst says we need to acknowledge the innovators at the frontline of cyber security
If the past decade in enterprise IT was owned by cloud, then the next ten years will arguably be defined by our attempt to secure it.
The degree to which cloud has absorbed applications and data is well-documented. While companies are consolidating with hybrid deployments, according to some estimates, 91 percent of organisations have moved some portion of their workloads to the cloud.
As this new territory grows, so too does its attack surface. Organisations need to be armed and ready, yet many are getting into sloppy habits, particularly when it comes to basic data storage practices. Between June 2018 and May 2019 over 2.3 billion files were found on misconfigured or non-secured cloud storage technologies. As cyber security company Forcepoint has framed it, as more companies become “cloud smart,” a large number appear to remain “cloud dumb,” at least when it comes to security.
The oversight is partly because we naturally focus on the ways a new tool can make our lives easier without first considering its side-effects. True, it’s not only a matter of failing to get the basics right. Like with any new technology, it has taken time for us to grasp the multitude of ways that the cloud can leave companies exposed. Compounding this problem is the pace at which cyber hackers conjure up new means of attack.
How can cloud security professionals stay ahead of the game? For Stu Hirst, principal cloud security engineer at Just Eat, it’s about admitting that it’s fine to not immediately know all of the dangers and the ways they can be curbed. One of the main lessons he has learned in his nine years as a cyber security professional is that it’s “perfectly OK to not know the answer at a point in time.” To stay ahead, Hirst says he is constantly researching the latest cloud security developments and workshopping solutions to problems.
It’s not surprising that cloud security pros are playing catchup. IT security has always been a cat and mouse process. But it nevertheless took a while for some companies to appreciate how traditional security responsibilities would be shaken up when cloud arrived on the scene.