The world is quickly moving to cloud computing and virtual infrastructure as a strategy to accelerate IT delivery and drive business agility. This movement is shifting the ground underneath security teams in a big way.
These teams now need an answer to what seems like a simple question: "What cloud servers are being attacked and how will I know?" Unfortunately, the answer to these questions isn’t so simple, and traditional security tools can’t help much. The elastic, dynamic nature of virtual infrastructure makes it extraordinarily difficult for security teams to have the visibility they need to enforce consistent policies, detect vulnerabilities, and react quickly to abnormal behavior.
The bottom line is that you can’t secure what you can’t see. So gaining real-time visibility becomes paramount, especially for organizations looking to leverage all kinds of cloud infrastructure. This situation becomes more complex the more “clouds” the organization leverages, be it public, private, or hybrid, all combined with internal data centers (which aren’t going away any time soon). And that doesn’t include the complications from M&A activities, shadow IT, and more.
So what’s the problem with traditional network security tools delivering visibility in cloud environments? For one, they impose a heavy footprint on each workload so they don’t scale well. And they don’t automatically deploy on systems that are spun up. As a result, organizations end up picking and choosing which servers receive a full set of security coverage. This leaves the majority of their cloud servers vulnerable to attack with no way to see it coming. To gain complete visibility would require endless hours of manual effort, a heavy burden on virtual server performance and a logistical nightmare of multiple tools.
So how should security teams choose a visibility solution that’s right for a company's unique infrastructure needs? There are lots of solutions on the market today; the best will incorporate these key attributes:
- Seamless integration with existing tools: Your security platform should be able to leverage existing investments in security infrastructure. For example, if you have SIEM tools already in place, look for a solution that has a built-in API that enables easy integration. Better yet, looks for a platform that comes with pre-built integrations.
- Works Across All Infrastructure: Your security solution should be designed to run in any environment, from bare metal to virtual machines, and to public or private cloud environments. Only by baking in security at this fundamental level can modern enterprises get the "single pane of glass" visibility they need to make real-time, efficient decisions about their security posture.
- Small Footprint : There are many agent-based security solutions on the market, but many have large footprints (upwards of 256MB), which limits scalability. Look for a solution where the agent does not incur a "tax" on the virtual server on which it is running. An agent that is 3MB or less is ideal; anything over that has the potential for incurring extra cost in terms of performance and real dollars. If an enterprise is spending more than 1 percent of its total CPU resources on security, costs will rise as organizations end up having to purchase more cloud capacity to secure its infrastructure.
- Non-Intrusive: Make sure the agents can be installed, deployed and that they operate in a non-intrusive model. This means that the agents should be able to run in "read-only" mode where they are simply reporting, not enforcing policies. This is very useful for gaining quick visibility into your infrastructure. And to facilitate automation, the agents must be deployable through scripts or orchestration tools—even on live systems, all without reboot. This reduces manual effort related to deployment in elastic infrastructure.
- On Demand: Next generation security solutions need to be deployed quickly, particularly in the dynamic environment of elastic cloud computing. Traditional security tools often take weeks or even months to install, configure and deploy, which introduces unacceptable delays in standing up new systems. So look for a solution that is on-demand, deploys in minutes and enables quick configuration of best practice security and compliance policies.
- A licensing model that fits virtualized infrastructure: Your cloud infrastructure security solution should have a modern, "pay-as-you-go" licensing model that mirrors the way you’re already paying for your IaaS. This kind of model moves cost from capital expenditure to operating expenditure, which often is easier to get approved, simpler to forecast and requires less up-front commitment.
- Comprehensive solution: CSOs we talk to often tell us they are suffering from "tool fatigue." There’s no shortage of point solutions on the market today and many large enterprises have at least one of everything. Unfortunately, it’s nearly impossible to get all these tools to work together seamlessly to provide a comprehensive, consistent security and compliance posture without holes. Look for a solution that provides a comprehensive set of features, all pre-integrated so you won’t have to do that work yourself.
To sum up, if the CSO or compliance officer can’t quickly and accurately see what’s going on across their entire infrastructure, they run the risk of not knowing when they’re being attacked or compromised. Continuous visibility, backed up with comprehensive security functions, is the first step towards improving your security posture, especially when you’re dealing with the dynamic, elastic nature of modern cloud computing environments.
The good news is that there are now effective solutions on the market that can help solve the visibility challenge while at the same time enable the movement into all kinds of virtual and cloud infrastructure.