Report: Cloud Requires New Approach to Security Operations
Three quarters of businesses using public cloud apply the same security operations strategy to workloads regardless of the infrastructure they reside on, according to research sponsored by Alert Logic and released on Tuesday.
The study, Evolve Your Security Operations Strategy to Account for Cloud, shows many security teams appear to be adapting slowly to increasingly complex service delivery models.
Forrester Consulting recently surveyed 100 cloud security infrastructure-decision makers in the US and UK on behalf of Alert Logic about the impact of cloud adoption on security operations. It found that 51 percent of companies are increasing security spending as a result of cloud adoption. Forty-nine percent are instituting new policies and controls for cloud security, and 46 percent are re-evaluating security operations and controls for all environments.
A CIO survey released by Nomura in March showed that security and cloud computing are among the biggest drivers of IT spending increases.
“Cloud computing enables businesses to invest more time in innovation and less time managing IT infrastructure,” Ben Matheson, Alert Logic CMO said in a statement. “In the same way, many businesses are finding that supplementing or outsourcing their security operations with cloud security vendors that offer cloud-native technologies and fully managed services is an increasingly strategic option.”
More than half (53 percent) of companies surveyed have their own in-house security operations center (SOC). The challenges most often faced by those companies bringing security operations in-house are managing security content such as signatures and whitelists, and identifying multi-vector attacks, at 44 percent each, respectively. High costs were cited by 41 percent, followed by a trio of skills-related challenges: “building out threat intelligence skills” (40 percent); making sense of data (33 percent); and staffing the SOC (33 percent).
Both business and technical skills are necessary to support a SOC, according to the study, and a number of items from each set of skills were identified, led on the business side by risk management expertise (46 percent), and on the technical side by network security (42 percent), just ahead of virtualization and cloud infrastructure experience, threat intelligence and analytics, and application/infrastructure security.
Four out of five respondents said they would seek help from a security expert for threat intelligence anaylsis, public cloud security, security operations, network security, and data privacy and compliance.
Security is becoming less of an obstacle to public cloud adoption, according to a study released earlier this month by HyTrust. Combined with the challenges of one-strategy-fits-all security operations and finding the right skills, this may be a reflection of confidence that the security solutions are out there, rather than what they actually are.
Source: TheWHIR