Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?Cloud computing has moved beyond the early adopter phase and is now mainstream. Here's how to keep data safe in an evolving ecosystem.
By now, most of us in IT are well aware of the technical and business advantages that moving to a cloud-based data center provides: the ability to dynamically scale network capacity as demand changes, reduction in capex costs associated with implementing, maintaining and staffing a physical data center, and being able to let employees share data anytime, anywhere and on any device.
These are compelling benefits. But there is still a lingering hesitancy among some organizations considering a move to the cloud. In my experience, most concerns boil down to two factors: a reluctance to put trusted data on a network that’s not on the premises, and confusion around the costs and complexity of moving to the cloud. Let’s take a closer look at the pluses and minuses surrounding these issues. If that’s what’s keeping an organization from the cloud, I have three points to share that should help them clear up the “cloudiness” (pun intended) and shine light on the possibilities.
When It Comes To Security, The Cloud Is Ready
If there is one roadblock that keeps IT teams leery about the cloud, it’s cybersecurity. And while cybersecurity will always be a concern, when it comes to the cloud, the industry is well-prepared. Leading public cloud providers, like Amazon AWS and Microsoft Azure, have made significant investments in securing their cloud environments and both companies offer robust security resources to cloud customers via the Microsoft Azure Trust Center or Amazon’s AWS Cloud Security.
Cloud providers are also building an expansive ecosystem of security technology partners who can provide cybersecurity solutions for the public cloud and Software-as-a-Service. These solutions, if implemented as a cohesive platform and not an ad hoc collection of security devices that don’t work well together, can provide a consistent and seamless security experience to both cloud-based and physical networks through consistent visibility, policy, and enforcement across the network regardless of a user’s location. Another plus is the Cloud Security Alliance, an industry consortium of companies that provides excellent resources to help cloud adopters address security concerns and stay up to date on the latest developments in cloud technology
Are You Ready for the Cloud?
Specifically, have you or your security team completed the necessary due diligence to identify the specific security functions required by your cloud solution? For example, AWS supports several native services that provide log and network flow information, such as CloudWatch and CloudTrail. Tools like these are powerful and highly configurable, provided you know how to use them and what you want from them.
Many enterprises may want to consider a third-party provider to do the integration work. This type of third-party approach will provide security, visibility, support, and long-term operational scale. When selecting a cloud integration partner, look for partners with certifications in cloud technology from vendors and industry organizations alike; Amazon, HP, and Microsoft. All offer certifications for their cloud platforms, and industry groups like the Cloud Security Alliance and the SANS Institute also offer cloud security training and certification.
You May Already Be in the Cloud (Even If You Don’t Know It)
Businesses need to move fast these days, and departments within an organization may take it upon themselves to adopt cloud technologies without bringing IT into the loop. It’s a long-standing trend known as “shadow IT,” and it’s causing headaches as IT departments try to stay on top of which applications are operating on their network. For organizations that feel that shadow IT isn’t a concern for their organization, I would point you to a survey Brocade conducted last year in which 83 percent of CIOs surveyed said they had experienced some level of unauthorized provisioning of cloud services within their organizations. It would seem the old cliché “If you can’t beat ‘em, join ‘em” is especially relevant to the cloud.
One way to get employees to leverage cloud services in the appropriate way is to publish policy templates for cloud platforms. Sales team wants to implement Salesforce via the cloud? No problem, provided the service is used by employees in ways that comply with existing security policy.
Hybrid Cloud Can Hedge Your Bets
Not everything has to go to the cloud, and maybe it shouldn’t for now. However, there are advantages to hosting certain computing or service functions in the cloud. The cloud is highly iterative, and new technologies and capabilities are being added to cloud infrastructures every day. For example, cloud platform providers are routinely enhancing the security telemetry features of their platforms to provide customers with real-time data that can be used to improve security. Additionally, many of the technologies used to secure physical data centers like next-generation firewalls, and threat intelligence subscriptions can easily be applied to new cloud-based networks to seamlessly protect data as it moves between physical and cloud-based data centers.
With a hybrid cloud implementation, organizations can hedge their bets: keep existing hardware-based network and datacenters in place and support new applications or satellite offices via the cloud as a way to gradually embrace a full public cloud implementation. This approach is sound, provided you’re using a traditional security platform that supports cloud integration. Sticking to a single security platform in a hybrid scenario is important for consistent visibility, policy enforcement and automated reprogramming of security technology regardless of location, existing network or new public cloud segments. Trying to add cloud technology from vendor A to an existing security platform from vendor B could result in gaps in the overall security posture, especially visibility that could be exploited to penetrate network defenses.
Cloud computing has moved beyond the early adopter phase and is now mainstream. Any organization that isn’t taking advantage of the benefits the cloud provides runs the risk of falling behind competitors that have.
Frank Mong is senior vice president of product, industry and solutions for Palo Alto Networks. In this role, he is responsible for directing product marketing, industry (vertical) marketing and overall solutions (platform) marketing for the company's entire portfolio.
An ... View Full Bio