Not everything about a company’s existing security strategy has to change for the cloud. “Using the same security strategy--for example, deep content inspection for forensics and threat detection--for cloud as on-premises is not a bad idea by itself. Companies pursuing this are typically looking for consistency between their security architectures to limit gaps in their security posture,” says Tom Clavel, senior manager of product marketing at Gigamon.
“The challenge is how they get access to the network traffic for this kind of inspection,” Clavel adds. “While this data is readily available on-premise using a variety of ways, it is unavailable in the cloud. Plus, even if they get access to the traffic, backhauling the firehose of information to the on-premise tools for inspection, without the intelligence is extremely expensive and counter-productive.”
The cloud’s visibility issues
One complaint that the VansonBourne respondents had was that the cloud can create blindspots within the security landscape. Overall, half said the cloud can “hide” information that enables them to identify threats. They also said that with the cloud, they are also missing information on what is being encrypted (48 percent), insecure applications or traffic (47 percent), or SSL/TLS certificate validity (35 percent).
A hybrid cloud environment can hamper visibility even more, as it can prevent security teams from seeing where the data is actually stored, according to 49 percent of the survey respondents. Siloed data, some held by security operations and some by network operations, can make finding data even worse, 78 percent of the respondents claimed.
It’s not just data that security teams have limited visibility into. Sixty-seven percent of the VansonBourne respondents said that network blindspots were a hindrance to them protecting their organization. To gain better visibility, Clavel recommends that you first identify how you want to organize and implement your security posture. “Is it all within the cloud or extended from on-premises to the cloud? In both cases, make sure pervasive visibility to your application’s network traffic is central to your security strategy. The more you see, the more you can secure,” he says.
“To address the visibility needs, identify a way to acquire, aggregate and optimize the network traffic to your security tools, whether they are an intrusion detection system (IDS), security information and event management (SIEM), forensics, data loss prevention (DLP), advanced threat detection (ATD), or to all of them concurrently,” Clavel adds. “Finally, add SecOps procedures to automate visibility and security against detected threats even as your cloud footprint grows.”
These blindspots and low information visibility could create GDPR compliance issues. Sixty-six percent of respondents say lack of visibility will make GDPR compliance difficult. Only 59 percent believe their organizations will be ready for GDPR by the May 2018 deadline.
Sign up for CIO Asia eNewsletters.