Using the cloud to protect the cloud
Security solution offers single place to get holistic view of threats across multiple environments
By Ramon Peypoch, Special to ThirdCertainty
Businesses are increasingly moving data through cloud-based architectures to take advantage of the economies of scale they provide. One study estimates that 60 percent of enterprise workloads will run in the cloud by 2018, and that 38 percent of enterprises already have adopted a cloud-first policy.
While this helps organizations extend and scale their IT resources for geographic expansion, acquisitions and other growth milestones, it also widens their IT security gap.
Cloud visibility challenge
Indeed, the state of cloud security has matured considerably, but visibility into cloud activity is the No. 1 cloud security problem today. The extent of a security team’s visibility into network activity in the cloud typically consists of a few flow logs or infrastructure access control logs from a cloud service provider.
Related podcast: Redefining the network perimeter for the cloud age
Moving traditional security to the cloud can work in a limited number of cases, but it requires significant re-architecture, design changes and often a net loss of security functionality. Security should not be the thing that an organization gives up to benefit from the economies of scale and productivity enabled by the cloud. Let’s look at the challenges first.
Organizations leveraging public cloud services need security policy and enforcement controls including privileged access, authentication and authorization. Cloud Access Security Broker products address some of these requirements, but they lack a true view into an organization’s network traffic on a public cloud.
Old solutions don’t work
The traditional, appliance-based products that security teams have deployed at the perimeter of their network to detect threats won’t get the job done out-of-the box in the cloud. These products can scan inbound traffic but once data travels to or from the cloud, traditional security loses sight of it.
Furthermore, analyzing traffic in a traditional enterprise network is fundamentally different from doing so in the cloud, whether it’s public or private. In a traditional enterprise network, it is relatively easy to monitor and analyze network segments owned by the organization. Security analysts might have access to traffic recording devices with full packet capture, or full content data.
This data contains all of the raw traffic flowing between computers and devices on the network and other destinations, yielding highly granular visibility into the traffic. In the cloud, someone other than the enterprise often owns the network and traffic instead flows through dynamic, virtual server environments.
Infinite space is double-edged sword
In these environments, change is continuous and it is not uncommon for workloads and infrastructure to change millions of times per day. Plus, one of the cloud’s greatest benefits—its limitless capacity—also is a security challenge. Being able to consume massive amounts of data means also having to monitor it.
The answer to securing the cloud is the cloud. Modern solutions leverage sensors that can be placed wherever business workloads flow regardless of the underlying owner of the network. Security analysts now can unify their analysis of cloud and on-premises infrastructure in a single view.
This cloud-based approach also makes it possible for enterprises to pursue a single, unified strategy for securing operations across traditional, cloud and industrial control systems environments. Organizations of all sizes can benefit from the uncompromised visibility, detection and incident response capabilities enabled from this holistic view of security.
More stories related to cloud security:
Businesses must remember shared cloud security requires shared responsibility
Be selective about what data you store and access from the cloud
6 tips to avoid a cloud security horror story