With rapid cloud growth and next-generation cloud technologies gaining traction, hybrid cloud continues to gain popularity and adoption among enterprises. The findings of “Cloud Services Market Global Report 2017” by Market Research Reports corroborates this trend, with hybrid cloud adoption rising from 58% to 71% year-over-year in 2016.
While hybrid cloud platforms help businesses modernise, transform and innovate, they also bring new risks. Getting to the cloud quickly is worth far less if it means cracking a hole in your security. That could lead to loss of customer data and the associated damage to the company’s reputation.
How best can you protect your data and intellectual property across a hybrid cloud?
The growing threat landscape
Organisations are struggling to cope with the increasing sophistication of today’s threat landscape. Security teams, already overtaxed and understaffed, are being asked to increasingly identify and prevent new threats. And they are struggling to keep up. Gartner has predicted that 60 percent of digital businesses will suffer major security failures by 2020.
The rise of the hybrid cloud adds further complexity to strengthening a security posture. The use of smartphones, tablets and remote working has already stretched the network perimeter; hybrid cloud models are further accelerating this trend and blurring the line of where the secure network begins and ends. Agile development and DevOps means applications and sensitive data are constantly changing, requiring frequent updates of telemetry and data collection strategies. Today, applications and workloads are run from a range of on-premise, private cloud, and public cloud databases—each one potentially provided by a different vendor, and located almost anywhere in the world.
Securing cloud services with traditional tools and practices has grown unwieldy, requiring the integration and management of 20 or more different security products. In practical terms, success with this approach is far from assured because of the time and cost associated with manual forensics and a dearth of skilled labour.
How can any security team ensure that its corporate security policies and industry regulations are applied appropriately across such a diverse and fast-changing environment?
Hybrid cloud takes centre stage
There are two key challenges to overcome when protecting against threats in a hybrid cloud environment. First, organisations need complete visibility of workloads and user activity across the entire hybrid cloud footprint – including those on-premises, in cloud services such as IaaS, PaaS and SaaS and also in unsanctioned ‘shadow IT’ environments. Second, they must put in place a mechanism to process and analyse the massive amount of telemetry and other data this sprawling estate will generate. Furthermore, the organisation is expected to overcome these challenges without growing their team or securing additional budget.
In short, organisations need a unified, complete set of data that requires less human effort to interact with and analyse.
Cloud rises to the challenge
Fortunately, cloud technology brings a solution. New cloud services can ingest massive amounts of operational and security telemetry, analyse it in real time using purpose-built machine learning and react to findings using automation. These services offer a step-function improvement in core security operations centre (SOC) functions such as security information and event management (SIEM), user and entity behaviour analytics (UEBA), cloud access security brokers (CASB) and configuration and compliance management – as well as in the context of identity for user activity.
Developing at cloud-scale has allowed providers to deliver a big-data platform that includes SIEM, UEBA, CASB, compliance and context-based identity, thereby unifying information that was traditionally available only in separate silos (if it was available to the SOC at all). Highly-tuned machine learning regimes and automation identify and respond to threats with greater confidence, making automated remediation a practical possibility. This inclusion of purpose-built machine learning dramatically improves security and creates a solution designed to proactively identify issues or raise the questions you never considered.
As a result of this next-generation approach, highly-skilled SOC analysts can move from spending too much of their time on rote identification of routine issues to focusing on protecting the organisation against the sophisticated advanced persistent threats (APTs) prevalent today.
The unified approach can also provide a critical control point for use of hybrid cloud, enabling visibility of cloud services across multiple providers as well as on-premises IT. This saves significant time and reduces human error as organisations continually rebalance workloads across their estate.
A next-generation security solution enables four security functions to scale:
1. Visibility: All workloads are made transparent, no matter where they are in the dispersed, hybrid estate. This overcomes the key challenge of our modern non-perimeter world—and helps give visibility into all cloud environments in use—even the unofficial, unsanctioned ones!
2. Compliance: Configuration management, tokenisation, transaction, and activity monitoring can be implemented for compliance purposes across the entire estate, incorporating both industry-standard and organisation-specific rule sets.
3. Threat identification: A next-generation SIEM with built-in user and entity behaviour analytics (UEBA), CASB feeds and identity context up-levels the capabilities of the SOC to detect suspicious or malicious activities, and identify risky user behaviours before a breach occurs.
4. Automated Remediation: Most organisations under-leverage automation because they lack confidence in their analytical conclusions. By providing conclusions based on machine learning, automated response becomes more trusted and a higher percentage of SOC action, increasing overall SOC efficiency just in time to deal with the increased set of threats.
With the added complexity that comes with managing a hybrid cloud environment, more sophisticated capabilities are required to protect the entire cloud/IT footprint and prevent security gaps from arising. Vendors are responding with next-generation solutions that unify data and apply purpose-built machine learning.
With India’s increased focus on digitization, enterprises need to approach information security in a more integrated, proactive manner. Deploying the right solution is the first step in this journey.
The author is Director, Solution Specialist, Oracle India.
Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).