Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/25/2017
02:30 PM
Frank Mong
Frank Mong
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?

Cloud computing has moved beyond the early adopter phase and is now mainstream. Here's how to keep data safe in an evolving ecosystem.

By now, most of us in IT are well aware of the technical and business advantages that moving to a cloud-based data center provides: the ability to dynamically scale network capacity as demand changes, reduction in capex costs associated with implementing, maintaining and staffing a physical data center, and being able to let employees share data anytime, anywhere and on any device.

These are compelling benefits. But there is still a lingering hesitancy among some organizations considering a move to the cloud. In my experience, most concerns boil down to two factors: a reluctance to put trusted data on a network that’s not on the premises, and confusion around the costs and complexity of moving to the cloud. Let’s take a closer look at the pluses and minuses surrounding these issues.  If that’s what’s keeping an organization from the cloud, I have three points to share that should help them clear up the “cloudiness” (pun intended) and shine light on the possibilities.

When It Comes To Security, The Cloud Is Ready
If there is one roadblock that keeps IT teams leery about the cloud, it’s cybersecurity. And while cybersecurity will always be a concern, when it comes to the cloud, the industry is well-prepared. Leading public cloud providers, like Amazon AWS and Microsoft Azure, have made significant investments in securing their cloud environments and both companies offer robust security resources to cloud customers via the Microsoft Azure Trust Center or Amazon’s AWS Cloud Security.

Cloud providers are also building an expansive ecosystem of security technology partners who can provide cybersecurity solutions for the public cloud and Software-as-a-Service. These solutions, if implemented as a cohesive platform and not an ad hoc collection of security devices that don’t work well together, can provide a consistent and seamless security experience to both cloud-based and physical networks through consistent visibility, policy, and enforcement across the network regardless of a user’s location. Another plus is the Cloud Security Alliance, an industry consortium of companies that provides excellent resources to help cloud adopters address security concerns and stay up to date on the latest developments in cloud technology

Are You Ready for the Cloud?
Specifically, have you or your security team completed the necessary due diligence to identify the specific security functions required by your cloud solution? For example, AWS supports several native services that provide log and network flow information, such as CloudWatch and CloudTrail. Tools like these are powerful and highly configurable, provided you know how to use them and what you want from them. 

Many enterprises may want to consider a third-party provider to do the integration work. This type of third-party approach will provide security, visibility, support, and long-term operational scale. When selecting a cloud integration partner, look for partners with certifications in cloud technology from vendors and industry organizations alike; Amazon, HP, and Microsoft. All offer certifications for their cloud platforms, and industry groups like the Cloud Security Alliance and the SANS Institute also offer cloud security training and certification. 

You May Already Be in the Cloud (Even If You Don’t Know It)
Businesses need to move fast these days, and departments within an organization may take it upon themselves to adopt cloud technologies without bringing IT into the loop. It’s a long-standing trend known as “shadow IT,” and it’s causing headaches as IT departments try to stay on top of which applications are operating on their network. For organizations that feel that shadow IT isn’t a concern for their organization, I would point you to a survey Brocade conducted last year in which 83 percent of CIOs surveyed said they had experienced some level of unauthorized provisioning of cloud services within their organizations. It would seem the old cliché “If you can’t beat ‘em, join ‘em” is especially relevant to the cloud.

One way to get employees to leverage cloud services in the appropriate way is to publish policy templates for cloud platforms. Sales team wants to implement Salesforce via the cloud? No problem, provided the service is used by employees in ways that comply with existing security policy.

Hybrid Cloud Can Hedge Your Bets
Not everything has to go to the cloud, and maybe it shouldn’t for now. However, there are advantages to hosting certain computing or service functions in the cloud. The cloud is highly iterative, and new technologies and capabilities are being added to cloud infrastructures every day. For example, cloud platform providers are routinely enhancing the security telemetry features of their platforms to provide customers with real-time data that can be used to improve security. Additionally, many of the technologies used to secure physical data centers like next-generation firewalls, and threat intelligence subscriptions can easily be applied to new cloud-based networks to seamlessly protect data as it moves between physical and cloud-based data centers.

With a hybrid cloud implementation, organizations can hedge their bets: keep existing hardware-based network and datacenters in place and support new applications or satellite offices via the cloud as a way to gradually embrace a full public cloud implementation. This approach is sound, provided you’re using a traditional security platform that supports cloud integration. Sticking to a single security platform in a hybrid scenario is important for consistent visibility, policy enforcement and automated reprogramming of security technology regardless of location, existing network or new public cloud segments.  Trying to add cloud technology from vendor A to an existing security platform from vendor B could result in gaps in the overall security posture, especially visibility that could be exploited to penetrate network defenses.

Cloud computing has moved beyond the early adopter phase and is now mainstream. Any organization that isn’t taking advantage of the benefits the cloud provides runs the risk of falling behind competitors that have.

Related Content:

 

Frank Mong is senior vice president of product, industry and solutions for Palo Alto Networks. In this role, he is responsible for directing product marketing, industry (vertical) marketing and overall solutions (platform) marketing for the company's entire portfolio. An ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1114
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2012-1592
PUBLISHED: 2019-12-05
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2019-16770
PUBLISHED: 2019-12-05
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609
PUBLISHED: 2019-12-05
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.