Two races are being run, on parallel tracks. The average speed of all participants on the first track consistently exceeds that of all competitors on the second. This image roughly summarizes the contrast between the ongoing rush, by organizations of all sizes, to migrate their data, applications, and services to public cloud environments such as Amazon Web Services (AWS) or Microsoft Azure; and the lagging efforts by these same organizations to ensure that their IT assets are secure in their new cloud settings.
The drivers of the rapid migration to the public cloud are, by now, well understood. In a recent Unisys survey of 200 U.S.-based business and IT executives, the primary reasons given for moving to the cloud were cost reduction (63 percent), faster access to computing capacity (62 percent), and the need to replace end-of-life technology (44 percent). Fully 67 percent of respondents said they plan to have at least half of their IT resources in the cloud within the next two years.
Yet while IT and business executives are aware of the benefits of cloud computing, and motivated to deliver them to their organizations, they are concerned about the security of their IT resources in the cloud. Forty-two percent of the Unisys respondents named security as the most challenging aspect of cloud management. And in a new Ponemon Institute survey, 54 percent of respondents said their companies do not have a proactive approach to managing security, or complying with privacy and data-protection regulations, in cloud environments.
What makes the effort to secure IT resources in the public cloud so problematic? According to the Ponemon respondents, it’s a variety of challenges posed by the nature of the cloud as a computing environment:
• The inability to apply conventional information-security techniques (70 percent of respondents)
• The inability to directly inspect cloud providers for their security compliance (69 percent of respondents)
• Difficulty in controlling or restricting end-user access (53 percent of respondents)
• Shadow IT – 49 percent of cloud services are deployed by departments other than corporate IT
• Distributed responsibility – 47 percent of corporate data stored in cloud environments is not managed or controlled by IT
Other challenges include the need to share sensitive information in the cloud – securely – with third parties (such as business partners, contractors, or vendors); and legal or regulatory requirements that confidential or sensitive data be safeguarded in the cloud, just as in on-premise settings. Small wonder, then, that IT and security professionals feel hard-pressed to maintain control of their data, and assure compliance, in cloud environments.
Some of the tools available for pursuing security in the cloud, such as encryption and tokenization, are familiar from conventional computing environments. Fortunately, they are being augmented by purpose-built solutions developed either by cloud providers, such as Amazon, or by independent solutions providers, including Observable Networks.
Amazon, in the past year, has introduced several cloud security innovations that enable its AWS customers to monitor, measure, and respond to their traffic in a VPC (virtual private cloud) environment. AWS VPC Flow Logs collect network-flow metadata, which can be used to log or analyze all of the IP traffic in a VPC environment. Amazon Inspector is an automated security-assessment service that analyzes the behavior of applications deployed on AWS, to help identify potential security issues.
At Observable, we have extended the capabilities of our Dynamic Endpoint Modeling solution to integrate with both of these Amazon offerings, as well as AWS CloudTrail, so that our customers can monitor their AWS footprint along with their on-premises assets, within a single, highly accurate service. Together, these solutions are bringing IT organizations closer to the goal of uniformly protecting data, services, and applications now resident in the cloud and IT resources on conventional networks.
With Dynamic Endpoint Modeling, you can provide coverage for your AWS VPC environments. Observable is proud to be an official partner of the Amazon Web Services Partner Network. Dynamic Endpoint Modeling helps improve the security and compliance of applications deployed on the AWS Cloud. This means Observable you can simplify their security efforts and gain increased visibility into AWS applications.
Stay tuned for the next post in this series, where we’ll show how an IT/security manager identifies and responds to a potential threat in his organization’s cloud environment, in real time.
Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.
Detect Threats Faster – Start Your Free, No-Risk Trial