When Kindervag was an analyst
Posted: Thu Feb 06, 2025 3:48 am
Five Hard Truths About the State of Cloud Security in 2024
02.05.2024
John Kindervag, the godfather of the Zero Trust concept, spoke to Dark Reading about the challenges in cloud security.
While cloud security has certainly come a long way since the Wild West days of cloud adoption, the truth is that most modern organizations still have a long way to go before their practices are truly mature. And that's costing them dearly in terms of security incidents.
Vanson Bourne’s Cloud Security Index 2023 found that nearly half of the breaches that organizations experienced in the past year were caused by cloud computing. The same study found that the average organization lost nearly $4.1 million due to cloud breaches last year.
at Forrester Research, he helped conceptualize and popularize the Zero Trust security model. He is now the chief evangelist at Illumio, where he continues to champion the Zero Trust model, educating the public as a key way to rebuild security in the cloud era. According to Kindervag, organizations must embrace these hard truths to succeed.
1. You won't become more secure just by cameroon mobile database to the cloud
One of the biggest myths about the cloud, Kindervag says, is that it is inherently more secure than most on-premises environments.
“There is a fundamental misconception that the cloud is inherently more secure, that you become more secure simply by moving to the cloud,” he says.
The problem is that while hyperscale cloud providers may be very good at securing infrastructure, the control and responsibility they have over the security of their customers is very limited.
“A lot of people think they’re outsourcing security to a cloud provider. They think they’re transferring risk,” says Kindervag. “In cybersecurity, you can never transfer risk. If you’re the custodian of the data, you’re always the custodian of that data, no matter who’s storing it for you.”
That's why he's not a big fan of the oft-repeated phrase "shared responsibility," which he says suggests a 50-50 division of labor and effort. He prefers the concept of an "unequal handshake," coined by James Staten, his former colleague at Forrester.
"The main problem is that people think there is a shared responsibility model, but in reality it is an unequal handshake," says Kindervag.
02.05.2024
John Kindervag, the godfather of the Zero Trust concept, spoke to Dark Reading about the challenges in cloud security.
While cloud security has certainly come a long way since the Wild West days of cloud adoption, the truth is that most modern organizations still have a long way to go before their practices are truly mature. And that's costing them dearly in terms of security incidents.
Vanson Bourne’s Cloud Security Index 2023 found that nearly half of the breaches that organizations experienced in the past year were caused by cloud computing. The same study found that the average organization lost nearly $4.1 million due to cloud breaches last year.
at Forrester Research, he helped conceptualize and popularize the Zero Trust security model. He is now the chief evangelist at Illumio, where he continues to champion the Zero Trust model, educating the public as a key way to rebuild security in the cloud era. According to Kindervag, organizations must embrace these hard truths to succeed.
1. You won't become more secure just by cameroon mobile database to the cloud
One of the biggest myths about the cloud, Kindervag says, is that it is inherently more secure than most on-premises environments.
“There is a fundamental misconception that the cloud is inherently more secure, that you become more secure simply by moving to the cloud,” he says.
The problem is that while hyperscale cloud providers may be very good at securing infrastructure, the control and responsibility they have over the security of their customers is very limited.
“A lot of people think they’re outsourcing security to a cloud provider. They think they’re transferring risk,” says Kindervag. “In cybersecurity, you can never transfer risk. If you’re the custodian of the data, you’re always the custodian of that data, no matter who’s storing it for you.”
That's why he's not a big fan of the oft-repeated phrase "shared responsibility," which he says suggests a 50-50 division of labor and effort. He prefers the concept of an "unequal handshake," coined by James Staten, his former colleague at Forrester.
"The main problem is that people think there is a shared responsibility model, but in reality it is an unequal handshake," says Kindervag.