Security Cloud Courses About
imgs/hero.webp

Changes in the Cloud Discussion

(t) Trend Micro logoOriginally posted on the Trend Micro blog.

Cloud adoption is finally becoming mainstream. Over the past few months, the nature of the discussions has been shifting from theoretical, to architectural, and now to every operational challenge. This is exciting.

It means we’re finally moving past “should we?”—past “can we?”—and in to “how do we?” territory. What I’m seeing now is a lot of organizations facing the realities of having their IT infrastructure split between on-premise and cloud environments.

Common issues I’m hearing;

  1. How do I efficiently monitor all of these environments?
  2. Can I make sense of what’s happening regardless of where it’s happening?
  3. Is effective incident response possible across environments?  

Monitoring

Network security monitoring is usually at the heart of your on-premise security practice. We’re just now at a level of comfort with the challenges of monitoring a data center.

The most glaring difference between on-premise and cloud monitoring is the lack of context. When an event is raised on-premise, we know a lot about it. We can usually trace the network activity from the edge to the destination with multiple confirmation points along the way.

Moving to the cloud, a lot of that information is missing. The systems in between source and destination are operated by someone else. We can get glimpses into what’s happening, but we usually lack the depth of context for the event that we’re used to.

This is an issue we need to address.

Analysis

If we can get the monitoring data we need, we’re hit right away with another challenge… how do we make sense of it?

Not only have we lost some of the context of an event, but we usually end up with lower confidence levels in the data we do have. This is due to the fact that we no longer get multiple points of confirmation for each piece of data.

This is an issue we need to address.

Incident Response

Having struggled through collection and analysis of the data, can we effectively respond to an incident that crosses multiple environments?

On a good day, executing your incident response process is a challenge. How do you accommodate multiple environments and providers? Now you have to gather data from multiple sources, coordinate multiple (most likely distributed) teams, and somehow restore service as quickly as possible.

This is an issue we need to address.

Let’s chat

I’ll be speaking more about the operational challenges in hybrid environments and in the cloud at a few different events in the next couple of months.

You can catch me at IBM Pulse in Las Vegas on Tuesday, 25 February at 11:15 a.m. I’ll be giving a session (IAM–2883A – room 304) called, “Keeping the Skies Clear: Intelligently Monitoring and Protecting IT Assets across the Cloud.”

If you’re at the con, swing by. If not, follow this space (and me on Twitter, @marknca) as I dive into these issues with you.