Quick Hits

Monitoring Security In Cloud Environments

Using cloud networks can cause the loss of security visibility. Here are some tips for getting it back
[The following is excerpted from "Monitoring Security In Cloud Environments," a new report posted this week on Dark Reading's Security Monitoring Tech Center.]

The cloud is no longer outlying technology. Indeed, any organization that isn't using cloud computing technology is probably considering it. The benefits can be enormous: flexible, on-demand access to superior resources -- but only when and where needed -- usually with lower unit costs and reduced complexity.

But concerns over the security of data held in the cloud remain a barrier to adoption. The news of PRISM, a surveillance program that gives the National Security Agency access to users' data held by major websites, has further increased cloud paranoia and fears over data privacy. Forrester Research estimates that the impact of PRISM on the cloud computing industry could be as much as $180 billion.

PRISM aside, security has lagged behind advances in other cloud features, even though numerous laws and industry standards mandate the safeguarding of information. Issues such as reliability, uptime and disaster recovery have seen significant improvement, but initiatives to address monitoring, auditing and corporate governance have been less noticeable. For example, security monitoring is far less developed than operational performance monitoring.

The perceived loss of visibility into events is a resistance point for many administrators because they can't see what's happening or whether safeguards are working. Understandably, many administrators question how they can achieve an adequate level of security monitoring for data in the cloud comparable to that of data stored on-premises when a third party owns the hardware and network.

Despite these reservations, the pressure to adopt some form of cloud computing technology often becomes overwhelming. Given the exponential increase in data and the number and variety of connected users and devices in use today, often the only way to meet customers', employees' and partners' expectations of personalization and access to real-time information is by harnessing cloud services.

A first step is to decide which type of cloud environment best suits the organization's security requirements and capabilities. To ensure that data is correctly protected in cloud environments, organizations need to understand what data is going to be cloud-based, how access to it can be monitored, what types of vulnerabilities exist and how to demonstrate that controls are in place to meet regulatory obligations.

Cloud computing can ease certain security issues while increasing others, but it will never eliminate the need to follow traditional security principles -- data in the cloud still needs the same treatment as that located on-premises.

Classifying data assets is essential to knowing what level of security is required in the cloud, so it's worth revisiting and updating security policies so that they reflect changes made to the existing infrastructure to incorporate cloud technologies.

For detailed descriptions of cloud monitoring technologies -- and some strategies for building cloud environments that improve security visibility -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.