Evolving your security operations strategy to fit the cloud
- Published: Friday, 28 April 2017 12:48
Your cloud infrastructure security will be managed by your cloud provider but the applications, workloads, and data are your responsibility. Oliver Pinson-Roxburgh looks at four areas that should be considered.
The decision to move to the cloud may seem an obvious one. It’s faster, more scalable, and more agile. However, security remains a concern, and rightly so. The foundational infrastructure delivered by cloud providers is secure, but guaranteeing the protection of the applications, workloads, and data you run on top of it is your responsibility: and it isn’t one to be taken lightly.
A traditional on-premises security operations strategy simply won’t cut it anymore. In its place, you need a cloud-specific security strategy to protect your critical data from an ever-growing variety of advanced threats. Outlined in this article are four elements for any security manager to consider when making the jump to a cloud system.
The speed of the cloud is a huge asset, but it also can be a major issue when it comes to security. Traditional security approaches aren’t suited to the speed of the cloud, where development and deployment happen simultaneously. Perimeter security tools will often focus on securing applications after a development cycle is completed, and once the updates are deployed: which doesn’t work with cloud innovation, where development is a constant. Consequently, you need to shift your security operations strategy in order to meet the accelerated development process. Your cloud-based applications can then be continuously developed and deployed, while also conforming to the regulatory requirements that help keep your organization both secure and compliant.
In the world of traditional security, cyber security architectures rely on network and application assumptions about static IP addresses, fixed perimeters, and choke points. This type of security doesn’t translate naturally to cloud environments. In the cloud, security perimeters are in constant flux and with traditional security solutions unable to keep up with the changes, it results in security gaps and a much larger attack surface that generates thousands of possible security events, each requiring investigation. To address the challenge of constantly moving elastic security perimeters and the high volume of security events generated, you need to design your security operations strategy around detecting vulnerabilities and identifying attacks in real time without getting bogged down and sifting through a flood of noise and false positives.
Threat profiles within the cloud are constantly changing. It’s of the utmost importance to keep pace with the threat landscape as it evolves and continue educating yourself on the newest attack methods. Tools and training cannot be a one-time investment, and conversely, requires constant attention to keep cyber security threat detection tools up to date, patched, and working in an integrated fashion; on top of constantly retooling and training to keep pace with the increasing frequency, sophistication, and diversity of global threats. Your security operations strategy must include teams that are equipped with the latest tools, threat intelligence, security content, training, time, and budget to stay ahead of new security threats.
Finally, there is a shortage of 1 million workers in cyber security in the US alone. 62 percent of organizations say that it takes over three months to fill open information security positions within their organization, or that they can’t fill those positions at all. Even if all candidates in the hiring pool had the specific expertise required to be knowledgeable about cloud and hybrid security threats, there simply aren’t enough experts out there to provide the 24/7/365 real-time monitoring required to solidify the security of your applications, workloads, and data. It’s a numbers game you will ultimately fail to win, so you must account for that when planning your cloud security strategy.
What’s abundantly clear is that companies developing in the cloud need to adjust their security operations strategy to fit new and emerging requirements.
Before the cloud, the main question of cyber security was what was the best way to build out your security operations team. But for the cloud, the question is about whether it even makes sense to build it in-house or not.
Today, it’s virtually impossible for most companies, except for the largest, to build out their own security operations center /centre (SOC), and manage recruiting and retaining staff. For most organizations it’s simply too expensive, costing millions of dollars per year to maintain, and, for all the reasons above, companies are often not prepared to deal with the new demands of cloud security.
That’s why most companies now are considering a security-as-a-service solution. Rather than building cloud security capabilities themselves, they’re buying cloud-native solutions along with round-the-cloud coverage by certified security analysts to identify, verify and escalate real threats. By using a fully managed security-as-a-service, cloud security management is simplified into a single service. Security-as-a-service solutions provide companies with cloud-based security and compliance reporting, backed by security experts to manage those solutions 24/7/365, allowing companies to focus on what they do best—instead spending their time worrying about security.