According to RightScale’s 2018 State of the Cloud Report, 81% of enterprises have a multi-cloud strategy. If that percentage includes you, it is almost certain that you have experienced one if not all the following roadblocks. To help your teams build a comprehensive security strategy, it’s important to understand what impact these roadblocks have on your organization.
The following is an excerpt from the whitepaper: Addressing Enterprise Cloud Security Challenges Head-On: A Practical Guide.
Five Major Cloud Security Roadblocks and Their Impact on the Enterprise
In the public cloud, business units have the freedom to create instances and operate applications whose resources naturally come and go. This organic cloud adoption makes it challenging to obtain and maintain visibility – a major concern for cybersecurity professionals. In this scenario, traditional security practices are often circumvented or engaged too late in the deployment cycle. Legacy practices often require manual intervention and lack support for cloud and cloud-native security controls altogether.
Impact: You can’t secure what you can’t see, so the infosec team cannot identify and address risks in their cloud environment
When you deploy applications in the cloud, it adds an additional layer of complexity to the already difficult practice of meeting compliance. For example, businesses who are beholden to the Health Insurance Portability and Accountability Act (HIPAA) must understand where any Protected Health Information (PHI) data is being stored, moved, or accessed. Most existing tools do not analyze compliance of security controls across physical networks and hybrid cloud platforms. Furthermore, traditional practices weren’t designed for highly dynamic cloud environments.
Impact: Without an understanding of cloud-native security controls, compliance cannot be properly measured and enforced.
The shift to DevOps practices, which are typically automated, has made businesses more competitive and agile. But to many security teams, there is concern that automation means “loss of control” – especially in the cloud. In fact, automation, when implemented correctly, can help your team avoid misconfigurations and proactively detect security risks.
In the Cloud Security Spotlight, 62% of cybersecurity and IT professionals name misconfiguration of cloud platforms as the single biggest threat to cloud security. This data points to the error-prone nature of manual processes and the need for automation. When implemented correctly, automation provides proactive detection and correction of security issues before they get into production.
Impact: Without automation of security policy changes across the hybrid infrastructure, an organization cannot ensure security in the cloud.
Conflict Between Development and Security Priorities
DevOps teams by nature want to move as fast as possible to meet business requirements. This is often in conflict with your security team who reviews all changes to ensure they adhere to security policy before they go into production. For most organizations, agility is a higher priority than security, but 90% of respondents surveyed by Enterprise Management Associates (EMA) say the inability to maintain synchronized or standardized policies is a significant factor in security or operations incidents.
Impact: When DevOps and security teams operate in silos rather than collaborate, it can lead to security risks.
Hybrid IT is the reality at many enterprises today, but it can add complexity, especially due to the need for different security practices. While existing security tools and practices in the enterprise may be sufficient for legacy IT infrastructure and applications, they do not apply for cloud-native, agile projects. Securing the modern enterprise requires the ability to manage security policy across traditional and cloud-native environments.
Impact: Trying to enforce traditional security methods and procedures in the hybrid cloud or cloud-native environment reduces both agility and security.
Digital transformation is driving enterprises to the cloud. When traditional security practices fail to measure up to native cloud, you need a new paradigm. To protect the enterprise, IT and security leaders need a deeper understanding of the roots of cloud security challenges and how to address them via increased visibility, automation and control.
By adopting cloud-native and DevOps practices and placing a focus on security policy, IT security can help the enterprise restore the balance between agility and security. If your organization has cloud-native applications as well as on-premises resources, the way to tighten security posture across hybrid IT is to enforce a central security policy.
If you would like to learn more about cloud-native security controls, please read the full whitepaper: Addressing Enterprise Cloud Security Challenges Head-On: A Practical Guide.
*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity & Agility with Network Security Policy Orchestration authored by Colby Dyess. Read the original post at: https://www.tufin.com/node/2265