THE MULTI-MILLION DOLLAR QUESTION: WHO OWNS CLOUD SECURITY?

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

by Bricata

Security is paramount in the enterprise…or is it?

In the last year or so, a number of enterprises have recently put new tech projects, including security, on hold, except for the cloud. The pressure from the business to migrate to the cloud has become so intense, all other projects have been halted.

In some of these shops, the plan is to stop everything else they are doing long enough to set the cloud in motion, and then come back to revisit security. This is the sort of stuff that keeps CISOs awake at night and its an example of what some market watchers mean when they say the CISO must “learn to lead without authority.”

Cloud presents security issues, that as an industry, we still need to work through collectively. In other words, security needs to be baked into the strategic IT plan – it can’t be an afterthought any longer.

1) Security concerns with the all cloud approach 

This is the most flexible option and is very attractive to the business. You let someone else worry about the infrastructure, including security, and focus on your business.

Yet security professionals know, it’s not always so simple; the old adage, “trust but verify” comes to mind. As such, security professionals want access to layer 2 and layer 3 in order to ensure the intrusion prevention and detection system (IPDS) measures implemented to match the organizational standards.

There is some research on this notion too. According to an article in CSO Online, a recent study found “62 percent of respondents expressed a desire for their security operations centers (SOCs) to control network traffic and data to ensure adequate protection in a cloud environment. Half of them would settle for awareness of network traffic and data.”

Obviously, the layer limits the response options. For example, you can’t block known threats if the traffic you see is a mirror. Yet the distinction may not matter because most cloud providers are reluctant to disclose their security protocols to outside personnel, even customers.

Consequently, the customer and the security team are dependent on an abstraction of security the vendor presents.

To read the entire post, please click here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
7 Followers
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive IDPS solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying Hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with a modern IDPS platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel