Cloud Hosting

With more remote workers, there is a greater need for cloud computing services. With more cloud computing, there is a greater need for cloud security. An Exabeam study found that companies are moving their security tools to the cloud, but that raises the question: Are they right tools for cloud security? Or are companies under-investing in their cloud security systems?

Many organizations waste billions of dollars on cybersecurity each year. This is due to a combined lack of strategic planning from leadership and an ongoing shortage of security talent, said Matthew Rogers, CISO at Syntax, in an email interview. However, investing in security products without knowledge of how to utilize them provides very little value and results in wasted budgets.

You cant secure what you dont know about. Your cloud environment will have different security challenges than your on-premises network. Because of the move to remote work, the attack surface has expanded significantly, Rogers pointed out, and an increased reliance on mobile and IoT devices has also increased the number of entrance points for cybercriminals.

Moving a high-risk internal asset that previously had only been exposed to a few hundred devices to the cloud now exposes it to billions of devices, greatly magnifying the companys security risk, said Rogers.

Beyond the larger attack surface, Vishal Jain, co-founder and CTO at Valtix, said there are three areas of urgent concern:

While many organizations are actively looking to consolidate their security tools, they still need to pick solutions that operate with cloud awareness.

The trend on the operational side is towards service-based tools like cloud security posture management (CSPM) for compliance, and network security-as-a-service (SaaS) for runtime protections, explained Jain in an email interview. He said these security services are winning out over legacy firewalls since they match cloud-native design patterns with API-based integrations into modern services like Datadog for monitoring, Twilio for messaging/alerts and Slack for DevOps integration. They also provide relevant cloud-specific information to SOC and incident response (IR) teams.

Also, he added, security orchestration and automated response (SOAR) tools are getting better with plugin integrations, but these cant be effective if the traditional policy enforcement tools are not providing relevant contextual data. Yet, there are still a lot of people who think that the best way to approach security problems is to throw money at it getting the most expensive or comprehensive security solutions, without ever looking to see if it is the right security tool for them and their cloud operation.

IT leaders investing in cloud security systems need a plan for execution in place to see any return from the investment, said Rogers. Organizations must train their employees on remaining secure, especially while working remotely, as this lack of understanding of the technology only further wastes the companys investment in security.

Because there are so many complex tools and such a broad lack of understanding, organizations often fail to implement their cloud security plans successfully. Rogers advised organizations take these steps to ensure optimal cloud security while still efficiently allocating their budget:

Companies are in a massive cloud-driven shift thats changing everything from app development to deployment and operations. IT and security teams must have the right solutions to meet their needs but that also are the right investment to protect their assets in the cloud.

Recent Articles By Author

The rest is here:
Making the Right Cloud Security Investments - Security Boulevard