If you missed Part 1: read it HERE
More than security from the cloud, the concept of unified security takes the method another step forward in terms of best practices—the ability to deploy a holistic security initiative, AND one that seamlessly collaborates with the other components; that shares input across the enterprise so that a clearer understanding of vulnerabilities can lead to effective preventive policies and actions.
They say the whole is greater than the sum of its parts. And that is the core of unified security…take the most important parts of a security program (SIEM, Log Archiving and Monitoring, Identity and Access Management and Single Sign On), centralize and combine their capabilities to generate real time answers to the most important enterprise IT questions
Last week we explored the first 5 benefits in deploying a cloud-based unified security program (see Part 1 here). To review, here are 10 through 6
10. Right size as the situation dictates
9. Make compliance easier
8. Easier, faster to deploy and find ROI.
7. Better safeguard against BYOD
And now, the following are the final 5 benefits of implementing unified security from the cloud
5. Control applications and who gets to use them: Not all users are equal. And therefore the privileges afforded them should not be the same. But simply setting permissions is not enough to stop potential abuse. It might control on-premise applications behind a firewall, but there are plenty of cracks in the perimeter when it comes to the inclusion of web-based applications. This is why administration must go hand-in-hand with enforcement. Identity management handles the former; creates the policies and the provisioning of users based on their role within the organization and application password management. Leveraging Active Directory (or any other database source), IDM creates the framework for a variety of different types of users from various levels of internal employees to customers. But just like a skyscraper, the framework of steel holds up the building, but it requires the glass and concrete to make it habitable. This is job of access management. It takes all the rules, roles and privileges and creates a unique channel for each user. Incorporating a single sign on portal, it limits what a user can access. This includes multi-factor authentication (especially for BYOD issues!). There are several combined point solutions that can accomplish this function, however the true best practice comes with the additional transparent visibility promoted by a layered and holistic report. SIEM and system log collection add the necessary context to provide the actionable insight in terms of who is accessing what resource, when, how often and do they have proper authentication. The bottom line is IT exerts greater control over application management while expanding the security protection well beyond the network firewalls.
4. Know what’s happening faster, more completely: One of the chief advantages of the unified security cloud is the ability to see and respond to potential issues in real time. Having all the tools in place and still relying on periodic review of events is how most companies get in hot water. It’s a practice that might satisfy continuous monitoring compliance, but doesn’t provide the intelligence for immediate prevention. Because of its portability and virtual footprint, it can be easily deployed over a greater number of devices, servers, data caches and applications. In this wider configuration (and based on its layered correlation), unified security promotes an understanding of the broader (and more detailed) implications of enterprise activity. It achieves this through situational context and expanded visibility via coordinated capabilities across multiple silos. In short, the consolidation of information from across the diverse enterprise creates a more compete picture of what is happening. In that this is a cloud-based initiative, such a configuration is much more attainable due to fast and easy deployment/expansion, low TCO and assisted administration.
3. Real time actionable information: In coordination with the above item, the product of coordinated, centralized and layered levels of security is the ability to do something about threats before they become a wider problem. Networks and servers under your control are constantly under a barrage of activity. Most of it, legitimate logins or website views, are harmless; or at the very least, neutral. But amongst all the white noise you need to systematically divine the true persistent threats and immediately take action to prevent their spread. 24/7/365 continuous monitoring provides the source material by collecting all the logs, automated situational context analysis separates the good, the bad and the ugly (based on your company’s unique definition of what constitutes a threat requiring immediate action, escalation, or further scrutiny) and policy and workflow implementation provides the guidelines of what to do next. As a collaborative process, this centralized approach provides the most important ingredient…speed. And with speed comes the ability to make faster decisions. And with unified security you see both the bigger picture and the relevant smaller details so that fast decision can be the best one against any particular threat.
This is more than SIEM and log management working together. This is a process that also must include the information provided by identity and access management. Without the input of authorization and validation, incoming traffic only has half the detail it needs to determine whether the user not only has the proper credentials, but is using them in a patterned way. In other words, if an account is hijacked, the hacker might have the right credentials, but because the IP address is coming from the Ukraine and the previous access of that account was from the home office, a red flag should be raised. It also monitors the all-important privileged user which typically has the proverbial keys to the kingdom. So traffic patterns combined with adaptive behavior is simply another way unified security adds more value and a more accurate portrait of potential network vulnerability.
To put a more specific dollar figure on actionable intelligence, the Ponemon Institute just released a study that discovered the lack of live cyberthreat intelligence costs enterprises an average of $10 million over 12 months; Furthermore, If respondents had actionable intelligence about cyber attacks within 60 seconds of a compromise, they could reduce this cost on average by $4 million (40%). However, in this same study, more than 60 percent were unable to stop exploits because of outdated or insufficient threat intelligence. Many in this survey said it takes over a day to identify a compromise. That is simply too long. In that unified security from the cloud can identify potential threats as they happen, it becomes an essential value.
2. One single, centralized management component: Imagine juggling 5 balls. These five balls represent the various security channels that constantly need to be reviewed and managed. Now imagine them as grenades; if one gets dropped, it could explode. This is metaphorically closer to what may happen if any of these tools gets ignored for too long. Obviously it is a positive step to have all the right tools; even the right tools communicating in some fashion. However, the cloud creates a means to unite the five balls into a single sphere. Understanding that the enterprise is now an unstructured entity without traditional boundaries, the strategy to control activity, users, applications and information must evolve. But as the strategy becomes more complex, so does the administration of that strategy. The time and expertise required to audit, report, adjust and maintain levels of adequate protection can overwhelm even the most prepared of organizations. For some it adds cost to the assumption that security is already perceived as a cost center and diverts manpower and resources away from revenue generating tasks. This is typically why so many companies toe the line of what is required and not what is necessary. (that’s like saying C grades are acceptable)HOWEVER, unified security creates the centralization that removes the compound administrations for multiple solutions. Most of the security reporting and management is controlled through a single dashboard—that includes audit reports for compliance.
Additionally, most enterprises lack a unified view across these silos and this leads to longer audits, unclear controls and policies, and vulnerabilities related to unauthorized access. For instance, some SaaS applications simply do not provide the audit logging needed for basic forensics. The centralization combines asset discovery, vulnerability assessment, threat detection, behavioral monitoring, security intelligence, identity management, and access control
1. Full integration affords more protection, less cost: It’s easy enough to build a unified solution…in theory. However, to incorporate and integrate all the various point solution tools, comprehensive policies, cover all the devices, endpoints and applications, network activity and devise all the configurations, collaborations and compliance requirements might take years and millions of dollars.
There is no debate that the on premese tactic is expensive and resource heavy. Which is why only the most well-heeled companies follow this best practice. But the cloud makes enterprise functionality and its protections available to any sized company in any industry. The cloud model offers obvious cost savings. In many cases, you can deploy a fully functional unified security program for the same cost as what others pay for just support and maintenance every year. But cost savings extend beyond the product licensing. Cloud based security also provides the administrative and management components to bring the necessary expertise without having to hire any additional employees or expensive consultants. A unified deployment offers greatest security value because of its modest costs, its far reaching enterprise-power capabilities, the provision of immediate results, and it operational efficiencies that actually improve performance.
But if security is stilled weighted by a risk versus reward investment, the cloud offers the most comprehensive, feature-rich, and proven-effective option for any company looking to increase organizational control, identify and close vulnerability gaps maintain compliance, and protect its most valuable assets. Cloud-based security, especially a holistic and unified approach, is no longer the alternative to on-premise, but a means to create a proactive advantage without sacrificing resources.