Thursday, August 9, 2018
Use of the cloud is growing — but so are the problems that industries are facing to make it a safe tool. Gartner predicts that, by 2021, more than half of global enterprises already using the cloud today will adopt an all-in cloud security strategy. Given the tool’s rapid growth, companies are sometimes finding more challenges than solutions. Being ahead of the curve is the best way to ensure that cloud usefulness is maximized. Here are a few areas cybersecurity professionals should keep a close eye on to ensure they’re staying on top of common challenges.
In a recent Fuel webinar, Tufin’s Ron Kehoe explained the findings of the Enterprise Security Group’s (ESG's) research survey on the state of network security. He noted that organizations are having a tough time finding a way to measure compliance. According to Michael VanDenBerg, managing director of cyber services at KPMG, compliance issues can become a barrier that stops strategic cloud initiatives in its tracks. Many wonder if data uploaded to the cloud will remain compliant with legal and regulatory obligations such as HIPPA or FISMA.
At the same time, a number of organizations are concerned about what type of data will be used in the cloud and how it will be protected. For example, a company might have an established policy that says a certain type of data needs to be encrypted in transit. “You need to dig into what the real risks are,” VanDenBerg says. “Can they be satisfied through other means or do I need to wait for them (the cloud service provider) to offer encryption for this part?”
In a tool so vast and ever-expanding as the cloud, it's vital for companies to know what is happening with their data and whether or not it's secure. Organizations “probably have their arms… around what is inside their data center and their traditional environment. But when we expand that out to the cloud, gaining visibility is challenge No. 1,” Kehoe says.
Indeed, many IT and cloud security teams don’t know exactly what to monitor, when to monitor, overall reporting requirements, and so forth. Research from Splunk found that traditional on-premise networks are where visibility is clearest. However, it is at its lowest in next-generation technologies, including cloud environments. As a result, only 2.5 percent of respondents reported having full visibility across the entire IT infrastructure. Ixia’s Cloud User Survey also found that a whopping 88 percent of respondents noted that poor visibility into their public clouds has already caused them to suffer negative outcomes.
One way to increase visibility? Automation. There is a need for automation in dynamic cloud environments. Continuous automation and assessment gives organizations complete visibility. And with increased visibility, teams can mitigate the most common vulnerabilities quickly to reduce the organization’s threat surface, and then focus on issues that require more time to fix.
Adding cloud computing can help with efficiency, cost, and many other things. On the downside, it could create a disconnect between different teams. Twenty-one percent of respondents from the ESG survey said cloud computing exacerbates communication and collaboration problems between the security operations team and other IT groups. Kehoe says that’s “because they aren’t speaking the same language.” Organizations need to have procedures in place so effective communication happens regularly. If the IT team is isolated from the rest of the company, for example, and there is no procedure for informing employees of a possible problem, such as an issue with the cloud, the situation can become a bigger problem than it needs to be. Companies should make sure they communicate the proper procedures and expectations to all employees.
The good news is the problems that cloud computing present are not insurmountable. On the contrary, they appear to be growing pains as the world adopts a new tool. Companies that stay abreast of new changes and focus their efforts on compliance, increasing cloud visibility and clear communication can avoid the most common of these pitfalls. In the months and years to come, the ones that adapt will find that the cloud's benefits shine when the proper precautions are taken.
Check out these Fuel blog posts for further reading: