The principles of data protection are the same whether your data sits in a traditional on-prem data center or in a cloud environment. The way you apply those principles, however, are quite different when it comes to cloud security vs. traditional security. Moving data to the cloud introduces new attack-surfaces, threats, and challenges, so you need to approach security in a new way.
Organizations typically have a mix of traditional IT and cloud services, so security solutions need to protect both. The security controls in place for the data center may not be suitable for new challenges introduced in the cloud. Big data, the new skills required of security teams, and compliance and regulatory requirements all add to the complexity and cost of cloud security solutions.
The good news is that there are security solutions available to address the challenges. Ideally, you want a solution that minimizes the load on your security team, as well as the training time required to support the solution. It also needs to address the new cloud security threats, while still protecting traditional systems. Understanding the differences between cloud security vs. traditional security is key to finding the right security solution.
Cloud Security Threats
Cloud and traditional IT environments need to protect against many of the same threats. Even though the threats may be the same, new solutions are needed to protect resources in the cloud. The cloud may introduce new threats, as well.
Containers, Microservices, and Serverless
Applications in the cloud often run serverless, as microservices, or in containers. Traditional security solutions are not equipped to handle these newer technologies. Threats can and do go undetected.
The cloud is the dynamic and elastic in nature. The frequent, sudden, and hyperscale changes seen in the cloud would cripple many traditional security solutions.
Hybrid and Multi-cloud
Another unique challenge is hybrid and multi-cloud architectures. Monitoring and analysis of traffic traversing multiple clouds from different providers are difficult with on-premises security solutions.
It makes sense that the best way to address security threats in the cloud is with a cloud-native security solution. These solutions are built in the cloud with the capabilities to handle today’s varied architectures.
Why Cloud Security is Different
Cloud-native security solutions, built specifically to protect cloud resources, excel where traditional on-premises security solutions struggle. Here’s a breakdown of how cloud and traditional security solutions address major challenges:
Monitoring of both on-premises and cloud resources. On-premises resources across different locations can be monitored without having additional security appliances at each site.
Monitoring of on-premises resources, but only limited monitoring of cloud resources.
SaaS model eliminates the need to deploy hardware or software. Saves time on change management, facility, provisioning, etc. Runs on an established platform, so deployment issues are rare.
Security appliances must be procured, shipped to each site, installed, and configured. Given the new infrastructure and initial configuration, deployment issues are common. Gartner says that over 50% of SIEM deployments fail.
Time to Value
Rapid deployment, built-in and updated content, updated use cases, simplified user experience gives you to get started on security in just few hours or days.
Typical project lifecycle—procure, ship, install, configure, tune—causes slow time to value. Long cycles for updating, managing, and running the use cases, etc. Most deployments run more than 9 months and you cannot usually see value in the first year.
Handled by cloud service provider (CSP). The vendors usually update the platform every day and update features and bugs more frequently. It is typical for cloud vendors to have 12 releases a year where software/ appliances will be updates once a year.
Handled by in-house IT and security teams. This is a big point of failure. We see more customers looking for cloud solutions after they go through a maintenance cycle and stop seeing value.
Total Cost of Ownership and ROI
No long term contracts
Easy to replace vendors if there is no fit
Low risk solutions
Payback is typically 6-9 months
Subscription cost covers almost 70% of the TCO
Big budgetary investments
Long planning and deployment cycles
Multiple groups from security, IT, facilities, ops, DevOps, to LOB, and apps are all involved
Licensing cost is only 9% of the TCO. HW/SW/facilities and other hidden costs are involved.
Tough to predict the pricing for the next quarter/ year
Updates and Patches
Cloud vendors take care of updates and patches through the shared responsibility model
Low risk of vulnerabilities for unpatched systems
Requires periodic maintenance windows and planned outages
Unpatched systems are a big threat for security
Capacity planning and elasticity
No planning needed for capacity
Elastic scaling takes care of unplanned capacity planning
Seasonality, peaks, and burts are handled effortlessly
HW, SW, and licensing needs to be planned for over capacity for occasional bursts or peaks
Your TCO is designed on seasonal peaks
Extreme bursts lock you out of tools when you need the most
Why Traditional Security Fails Today
Traditional on-premises security provides analysis and insight using a Security Information and Event Management (SIEM) system. Most of the SIEM systems running today were not designed with cloud technologies in mind. In fact, the 2018 Global Security Trends in the Cloud report shows that 93 percent of respondents say current security tools are ineffective for the cloud.
“. . . many assert that several traditional categories such as security information and event management (SIEM)—which create cumbersome silos of data, analytics, and workflow—should be completely rethought for the cloud.”
The main function of a SIEM system is to aggregate and correlate log data, mostly from other security systems such as firewalls and intrusion prevention systems. Rules are set up to generate alerts when certain conditions are met. Security teams can then take action based on the alerts.
Security teams that monitor SIEM systems often face alert fatigue, having to react to high volumes of alerts. Even with logic built into the systems to reduce and prioritize alerts, analysis of the alerts can be an arduous and exhausting process.
Being rule-based, the system also needs to be configured and tuned to get the most urgent alerts to the top priority level and to reduce false positives. That, of course, also falls on the shoulders of already stressed security teams.
Properly configuring SIEM rules takes a lot of planning based on an in-depth knowledge of the topology being monitored. Any change in topology means going back to the drawing board. Rule-based systems work fairly well in a static environment. Cloud environments are anything but static.
Why Cloud Security Is Essential
The cloud computing characteristics that are driving the move to the cloud are exactly the reasons a new security model is needed. Cloud environments are constantly changing—by design.
According to the National Institute of Standards and Technology (NIST) definition, cloud computing uses “computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” This has manifested itself today in the form of containers, microservices, and serverless computing.
These newer technologies provide the hyperscalability and elasticity of cloud computing. Services are spun up and taken down to meet demand and transient events. Traditional security cannot react to these changes in an effective way.
Cloud security is different by necessity. It is designed to understand and react to the dynamic aspects of cloud computing. It can ingest data from containers that traditional security methods would never have known existed. Cloud security is the only way to effectively secure resources in cloud computing environments.
What the Cloud Needs to Be Secure
In order to be secure, the cloud needs cloud-native security solutions that meet these criteria:
- Visibility into containers, microservices, and serverless
- Ability to monitor and analyze transient and elastic workload data
- A holistic view of the entire threat surface
- True software-as-a-service (SaaS) security solutions
There are many security solutions delivered from the cloud today, including SIEM, firewall, IPS, and others. It is important, however, to differentiate those that are cloud-native from those that are really just “lift-and-shift” traditional security solutions that have been moved into the cloud.
For example, running firewall software on a virtual machine in the Amazon Web Services cloud is not a cloud-native solution. It is a traditional firewall running on an infrastructure-as-a-service (IaaS) platform.
SaaS for True Cloud Security
Cloud-native security runs on a true software-as-a-service model. One of the benefits of SaaS is that the software vendor is responsible for the entire service stack, from the hardware through to the application.
By contrast, IaaS uses a shared responsibility model in which the cloud vendor is only responsible up to the virtual machine. You are responsible for everything from the operating system up to the application. That means that as transient demand changes occur, you would have to manually provision additional resources to match the demand of your cloud resources, a task that humans could never keep up with.
Visibility into containers and microservices
Traditional security solutions do not have to ability to view activity within a container and events across containers and microservices. This leaves you blind to threats. Cloud security is aware of containers and microservices, being purposefully built to see the threats against them. A cloud security analytics platform provides insight that a traditional SIEM solution would miss.
Cloud-native Capabilities for Elasticity and Scalability
Cloud computing environments are dynamic, with frequent transient events. In order to keep up with changes in scale and demand, cloud security must be just as agile, having the same elastic and scalable capabilities.
The Sumo Logic security analytics platform delivers on the promise of cloud security. Sumo Logic uses a true SaaS model. Sumo can view activity within containers and across microservices. There are apps and integrations for many specific cloud services such as Docker containers and Amazon EC2 Container Services for deeper insight into those services and applications.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.