Like anyone who works with their hands, cybersecurity experts need the right tools for the job. As we’ll see in this blog and the series to follow, cloud-based threats need cloud native tools to combat them. Traditional security tools don’t provide the same level of functionality in the cloud as they do on premises.
According to GlobeNewswire, 82% of respondents to a 2020 study said their tools either provided limited functionality in the cloud or didn’t work at all. How is cloud security different, and what needs to be done to implement it?
These questions are critical because businesses are migrating their workloads to the cloud more and more. Almost a quarter of respondents to a May 2020 survey expected to move all of their applications to the cloud over the next 12 months. In addition, 68% of chief information officers (CIOs) considered “migrating to the public cloud and/or expanding private cloud” to be their top IT spending driver in 2020.
Common Myths About Cloud Native Tools
Despite the eagerness for migrating to the cloud, many organizations don’t completely understand the process of doing so. Approximately one-third (32%) of respondents surveyed consider migrating security tools to the cloud to be too difficult or too risky. Even so, nearly half (46%) of respondents say they would rather migrate on-premise products to the cloud rather than replace them with cloud security tools.
But since classic tools don’t cut it, that’s getting cloud protection all wrong.
Traditional Network Security Versus Cloud Security
Protecting the cloud is different from protecting on-premises data by nature. With the latter, the enterprise has sole responsibility for defense. They own the base IT landscape. This means they must put physical controls in place to prevent malicious actors from gaining access to their data center(s).
This full control means organizations can configure their systems and networks in any way they like. That has its pros and cons. In an effort to protect the resulting network layers, they could end up investing in disjointed and costly tools. They could also find themselves paying for more employees or external consultants who have the expertise to deploy those tools and keep their data safe.
On the other hand, the enterprise doesn’t have complete control over their defenses in the cloud. They’re bound by the shared responsibility model. We’ll talk about this more later, but for now the key is that it requires a partnership with an outside provider. That cloud service provider (CSP) protects the infrastructure that runs the services in its cloud. Meanwhile, it’s up to each enterprise to put defensive controls in place that secure their infrastructure configurations, applications and/or data.
Knowing what’s required of each group under the shared responsibility model and where cloud native tools fall can be confusing. A 2020 study found just eight percent of respondents fully understood this model across all cloud services — down from 18% a year earlier. As a result, organizations might miss out on some cloud native tools, such as application programming interface-driven automation and specialized security options, that they might not find for their on-premises assets They might also overlook their duties, such as the need to find a trusted provider that allows for compliance with relevant rules.
Fighting Cloud-Based Threats With Cloud Native Tools
Enterprise can’t achieve good defense in the cloud using only classic tools. Many of those tools don’t work in cloud landscapes. Also, they assume a level of control that enterprise doesn’t have in the cloud. That’s why they need to turn to native cloud security tools.
It’s a bit more nuanced than that, however. You can’t choose just any cloud-based solution. You need to fully understand your defense needs.
To help in that regard, the next blog post in this series will provide some background on the shared responsibility model. We’ll discuss how defensive roles vary depending on what cloud deployment model you’re using. As we’ll find out, you can then discover a cloud-based security solution that works for you.
David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...