Back to blog results

June 29, 2016By George Gerchow

New York State of Mind: Architecting the Cloud

Every time I go to NYC I get a sudden surge of energy along with some edginess. During my first meeting ever in NYC I had a guy tell me, “You have 15 bleep bleep and bleep minutes to show me some value or your bleep is out the door.” I love this attitude because you know EXACTLY where you stand. The city that never sleeps sets the tone and pecking order when it comes to trends. I say usually because for the last two or three years, the good people of NYC have seemed a bit behind in technology and cloud services.

Last week I was lucky enough to do present at the “Architecting the Cloud” Symposium for IANS in New York and as I prepared for the session, my first thought was, “make sure you bring them along slowly.”

Here is what I learned from the 50 or so people in attendance across a wide range in verticals including, healthcare, finance, retail, telecommunications and government:

– Most of the folks there are adopting SaaS (Office365, Salesforce, BOX)

– Many are using Amazon Web Services (AWS) for at least a few use cases like DR or Development work

– Almost everyone is looking at Microsoft Azure as a viable option

– Several people mentioned bifurcating workloads between providers

– People are looking for good MSSP/MSP’s to help with the transition between BiModel 1 & 2

– Traditional tool sets are not working for Cloud Computing (DLP, SIEM, Deep Packet Inspection)

– Cloud Access Security Brokers (CASB) is hot, the Symantec Acquisition of Blue Coat (Elastica) is just the beginning

– Is User Behavior Analytics (UBA) real and who is doing it well?

To add some more detail, it is hard to stand up solutions that work both on premise and off premise. It is also extremely difficult to ingest data from multiple sources that are on the cloud. Security professionals are combining potentially competitive solutions like ELK and QRadar. ELK to gather logs via API’s from AWS then porting them into Radar for analysis. Problem being, two vendors = finger pointing and lack of scale.

This problem is not unique to NYC, as SaaS-based apps and IaaS start taking over, logs, scale and automation are still an issue in the security space.

Why is this so hard of a problem to solve? And why would anyone buy more on-premise infrastructure to manage cloud-based workloads? At Sumo Logic it seems like we have a real opportunity to change the game as we shift our focus to Security Analytics. Am I correct in thinking that this is what the world wants us to do?

Also what MSSP’s/ MSP’s do people like out there? I have a few thoughts and while the feedback at the Symposium was valuable, it was mostly negative.

So like the good people of NYC, please be direct and straight forward with your comments. I expect to hear back from you bleeping people soon.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

George Gerchow

George Gerchow

As Sumo Logic's Chief Security Officer (CSO), George Gerchow brings 18 years of information technology and systems management expertise to the application of IT processes and disciplines. His expertise impacts the security, compliance, and operational status of complex, heterogeneous, virtual and cloud computing environments. Mr. Gerchow's practical experience and insight from managing the infrastructures of some of the world's largest corporate and government institutions, make him a highly regarded speaker and invited panelist on topics including cloud secure architecture design, virtualization, configuration management, operational security and compliance. George was one of the original founders of the VMware Center for Policy and Compliance and he holds CISSP, ITIL, Cisco, and Microsoft Certifications. Mr. Gerchow is also an active Board Member for several technology start ups and the co-author of Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and is a Faculty Member for IANS - Institute of Applied Network Security https://www.iansresearch.com/

More posts by George Gerchow.

People who read this also enjoyed