Who is Nordcloud?
We are a multi-cloud managed services provider (MSP) that works strictly with Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. We’ve been working with enterprise public cloud leaders in Europe since 2012 and our goal is to provide fully managed public cloud transformation to our customers. This comes in many forms, including infrastructure automation, and application development and managed services that take an IP-driven approach to public cloud provisioning, optimization and ongoing management.
Currently, we serve 100+ customers across Europe, including Austria, Germany, the UK, the Nordic regions, Poland, and more, and have deployed over 500 projects to date.
As the CTO, my primary responsibility is to determine what new offerings we will provide to our customers and how we will help them execute their cloud and DevOps migration strategy.
The Digital Roadblock
Half of our business comes from finance and manufacturing industries, and we are increasingly hearing from our customers that their current security operations, and on-premises SIEM tools are failing them in today’s digital world.
At Nordcloud, we are experts in the cloud transformation journey, and taking a security-first approach is a major part of our service offerings. Our customers need the right software to implement their digital transformation efforts, faster than their competition. But it’s a long and complex process — it can take anywhere from a year to 18 months to figure out the right strategy and to find the right choice partners for the digital journey.
What we often find is friction in organizations between development and security teams, which is compounded by a shortage of cloud and security talent within the enterprise. They want to run their security operations center (SOC) in the cloud because that’s the future, but there is a misalignment across the business that makes it challenging.
Public Cloud Requires a Different Approach to Security Operations
Digital transformation is about competing with software. Internally, we became an all-cloud shop because legacy IT wasn’t able to process modern day software fast enough. So we decided to build our own cloud-based SOC as a model for our customers. In a sense, we’ve become a prime use case for our customers.
Why are we investing in this? It’s because the traditional SOC process is mostly noise: expensive, time consuming and error prone. It’s not a fully repeatable process and relies too heavily on the skillsets of humans.
This is problematic for a few reasons:
- Limited value in actually capturing hackers. This is because the investigation process is flawed and it’s hard to hire qualified people for this. As an end-user company, you won’t be able to hire the security pros you need, and so your best option is to outsource it with an MSSP.
- Wrong approach for public cloud. A public cloud has standardization — you know exactly what you’re deploying. This reduces the cost of customizing your security monitoring. Instead of running just the same infrastructure checks you can run application and industry specific alerting.
- Security scaling problem. Public cloud has made writing software cheaper than it used to be, because you can focus solely on code and forget about managing infrastructure. That makes room for more projects but it also means that there becomes more responsibilities and tasks for your security operations as a whole, including pentesting, alerting, etc., and it is challenging to scale with humans alone.
Most of our customers are enterprises and only 2-5 percent of them have all of their workloads in the cloud (the good ones have 10 percent). The remainder of them are in the middle of their journey. This is the right time to significantly improve your processes compared to running on-premises. Changing the way of working for 10 applications is much easier than for 500 applications. In security, this means implementing DevSecOps approaches, automating mitigations tasks and in particular, focusing on application security.
The Sumo Logic Advantage
This is where Sumo Logic comes into play. We’ve been a loyal Sumo Logic customer ourselves at Nordcloud for a long time, mostly leveraging the platform for traditional log management.
However, more recently, we’ve been using their security analytics and the overall platform to create a centralized view of all application, cloud and security data in a single dashboard. They provide strong security alerting, indexing and correlation features that allow us to build a customized SOC so that we can begin to show how this effective model can also serve our customers.
Our goal is to deliver a nearly 100 percent alert-based approach security operations. While one can never achieve perfect coverage, the combination of public cloud, our security services and advanced features of Sumo Logic enable us to offer a SOC service that delivers significantly more infrastructure and application security that is available today.
Attackers are more motivated than ever because they’ve realized how lucrative it can be, so there’s more pressure than ever for businesses to innovate and improve how application and cloud security is delivered.
The nature of today’s threats is such that to alert and to investigate them you need developers, and you need development and security aligned, collaborating and using the same tooling in order to be effective across the entire delivery lifecycle, and in this instance, that tooling is Sumo Logic.
We are excited about our partnership with Sumo Logic, and the potential to jointly innovate, collaborate and grow together. We also look forward to leveraging their machine data analytics platform and cloud SIEM solution in the coming year to continue delivering on our core goals, with hopes to launch new alerting and threat modeling features in the near future.
Want to Know More?
If you’re interested in hearing more about Nordcloud’s vision as well as how we’ve implemented Sumo Logic to help achieve our goals, I will be giving at talk at Sumo Logic’s booth during AWS re:Invent in Las Vegas from Nov. 26-30, 2018. Stop by booth #840 on Tuesday, Nov. 27 from 10:30-11 am PT to hear the presentation and to ask questions. Look forward to seeing you there!