Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

1/25/2017
02:30 PM
Frank Mong
Frank Mong
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?

Cloud computing has moved beyond the early adopter phase and is now mainstream. Here's how to keep data safe in an evolving ecosystem.

By now, most of us in IT are well aware of the technical and business advantages that moving to a cloud-based data center provides: the ability to dynamically scale network capacity as demand changes, reduction in capex costs associated with implementing, maintaining and staffing a physical data center, and being able to let employees share data anytime, anywhere and on any device.

These are compelling benefits. But there is still a lingering hesitancy among some organizations considering a move to the cloud. In my experience, most concerns boil down to two factors: a reluctance to put trusted data on a network that’s not on the premises, and confusion around the costs and complexity of moving to the cloud. Let’s take a closer look at the pluses and minuses surrounding these issues.  If that’s what’s keeping an organization from the cloud, I have three points to share that should help them clear up the “cloudiness” (pun intended) and shine light on the possibilities.

When It Comes To Security, The Cloud Is Ready
If there is one roadblock that keeps IT teams leery about the cloud, it’s cybersecurity. And while cybersecurity will always be a concern, when it comes to the cloud, the industry is well-prepared. Leading public cloud providers, like Amazon AWS and Microsoft Azure, have made significant investments in securing their cloud environments and both companies offer robust security resources to cloud customers via the Microsoft Azure Trust Center or Amazon’s AWS Cloud Security.

Cloud providers are also building an expansive ecosystem of security technology partners who can provide cybersecurity solutions for the public cloud and Software-as-a-Service. These solutions, if implemented as a cohesive platform and not an ad hoc collection of security devices that don’t work well together, can provide a consistent and seamless security experience to both cloud-based and physical networks through consistent visibility, policy, and enforcement across the network regardless of a user’s location. Another plus is the Cloud Security Alliance, an industry consortium of companies that provides excellent resources to help cloud adopters address security concerns and stay up to date on the latest developments in cloud technology

Are You Ready for the Cloud?
Specifically, have you or your security team completed the necessary due diligence to identify the specific security functions required by your cloud solution? For example, AWS supports several native services that provide log and network flow information, such as CloudWatch and CloudTrail. Tools like these are powerful and highly configurable, provided you know how to use them and what you want from them. 

Many enterprises may want to consider a third-party provider to do the integration work. This type of third-party approach will provide security, visibility, support, and long-term operational scale. When selecting a cloud integration partner, look for partners with certifications in cloud technology from vendors and industry organizations alike; Amazon, HP, and Microsoft. All offer certifications for their cloud platforms, and industry groups like the Cloud Security Alliance and the SANS Institute also offer cloud security training and certification. 

You May Already Be in the Cloud (Even If You Don’t Know It)
Businesses need to move fast these days, and departments within an organization may take it upon themselves to adopt cloud technologies without bringing IT into the loop. It’s a long-standing trend known as “shadow IT,” and it’s causing headaches as IT departments try to stay on top of which applications are operating on their network. For organizations that feel that shadow IT isn’t a concern for their organization, I would point you to a survey Brocade conducted last year in which 83 percent of CIOs surveyed said they had experienced some level of unauthorized provisioning of cloud services within their organizations. It would seem the old cliché “If you can’t beat ‘em, join ‘em” is especially relevant to the cloud.

One way to get employees to leverage cloud services in the appropriate way is to publish policy templates for cloud platforms. Sales team wants to implement Salesforce via the cloud? No problem, provided the service is used by employees in ways that comply with existing security policy.

Hybrid Cloud Can Hedge Your Bets
Not everything has to go to the cloud, and maybe it shouldn’t for now. However, there are advantages to hosting certain computing or service functions in the cloud. The cloud is highly iterative, and new technologies and capabilities are being added to cloud infrastructures every day. For example, cloud platform providers are routinely enhancing the security telemetry features of their platforms to provide customers with real-time data that can be used to improve security. Additionally, many of the technologies used to secure physical data centers like next-generation firewalls, and threat intelligence subscriptions can easily be applied to new cloud-based networks to seamlessly protect data as it moves between physical and cloud-based data centers.

With a hybrid cloud implementation, organizations can hedge their bets: keep existing hardware-based network and datacenters in place and support new applications or satellite offices via the cloud as a way to gradually embrace a full public cloud implementation. This approach is sound, provided you’re using a traditional security platform that supports cloud integration. Sticking to a single security platform in a hybrid scenario is important for consistent visibility, policy enforcement and automated reprogramming of security technology regardless of location, existing network or new public cloud segments.  Trying to add cloud technology from vendor A to an existing security platform from vendor B could result in gaps in the overall security posture, especially visibility that could be exploited to penetrate network defenses.

Cloud computing has moved beyond the early adopter phase and is now mainstream. Any organization that isn’t taking advantage of the benefits the cloud provides runs the risk of falling behind competitors that have.

Related Content:

 

Frank Mong is senior vice president of product, industry and solutions for Palo Alto Networks. In this role, he is responsible for directing product marketing, industry (vertical) marketing and overall solutions (platform) marketing for the company's entire portfolio. An ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3571
PUBLISHED: 2019-07-16
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.
CVE-2019-6160
PUBLISHED: 2019-07-16
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVE-2019-9700
PUBLISHED: 2019-07-16
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
CVE-2019-12990
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
CVE-2019-12991
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).