The Holistic Application of Cloud Security (a white paper excerpt)

The following is an excerpt from the  executive summary of CloudAccess’ latest white paper titled “Applying Security Holistically from the Cloud: A Paradigm Shift of Applying Situational Awareness in SIEM deployments. To view the entire white paper (for free) simply visit: fill out the form and  put “white paper” in the message box.

The landscape of a typical business no longer reflects ones that were operating 10 years ago. The advancements in communication, collaboration, information and/or currency exchange/processing and the speed in which they are done have truly created new opportunities to the modern enterprise. But these benefits have also opened up a Pandora’s Box of challenges-especially to the overall security of an enterprise whose reach is no longer just the extent of their firewall.

The network perimeter is gone. By means of suppliers, customers, vendors, employees and other users gaining access to intellectual property, transiting personal and financial data on a network from a variety of secure and non-secure end points, the old notion of network security is antiquated and dangerously narrow. In some respect it’s like herding cats. But putting the issue into clearer context it is like herding cats knowing there is a hungry coyote lurking just beyond your view.

But this is not about ringing alarm bells and screaming the house is on fire. You are well aware of the issues that are unique to your own organizations. This paper looks to present a new way of looking at security strategies; one that can cost-effectively implement a holistic means to upgrade the protection of IT and IP assets; one that conforms to the idea of the perimeter-less network, and one that provides the functionality, necessary controls and flexibility of an enterprise in motion.

This paradigm shift is security developed, deployed and managed from the cloud. In terms of a holistic approach, we are speaking specifically to integrating such purposes managed across an entire enterprise including SIEM and Log Management. The shift can also be seen as movement out of the operational and into the strategic thinking of organizations.  In short, a truly holistic security strategy will connect the multiple, and often independent, silos of data across the enterprise and create a centralized means of monitoring and control.

For many security specialists and IT professionals alike, these general solutions and features are well-known in terms of their ability to protect networks from bad guys, careless users and (at times) from themselves. However, for companies not in the Fortune 500, these options read more like a wish list—or a selection of a few solutions applied, but not fully realized because of staffing restraints or other priority business need factors. Thing of it is, before cloud-based security, these solutions caused CFO to dig deep into a capital expenditures budget and still required a great deal of manpower to develop, deploy and manage from the IT staff. The chief benefits of cloud-based security (and to some degree cloud-computing) are the abilities to optimize resources, minimize costs, and expand functionality.

Too many companies fall short in their approach to security. Not by lack of competence, but IT departments are typically hamstrung by a variety of issues that prevent full realization of an integrated holistic approach. These issues are not limited to budgetary hurdles, but span a variety of cost-related, conceptual, process, personnel, and technical concerns including:

If CIO/CSO/CTO or relevant Directors and VPs are true to themselves, they will recognize one or more of the above list is currently reducing the potential effectiveness of their security strategy. This is by no means to say the efforts are sub-standard, but it seems every week a large corporation has been breached or fails to meet the requirements for federal, state or industrial compliance. Security for a 21st century business is no longer setting up a virus scan and firewall. Without a strategic initiative to protect the whole of the enterprise (including those tangentially touching the network), companies remain susceptible to attack, compromise, cyber crime and fraud.

This can all be accomplished through security deployed and managed from the cloud.

To read the rest of the CloudAccess white paper which focuses on SIEM and Log Management deployment from the cloud as a best practice, I welcome you to visit fill out the form and  put “white paper” in the message box. We’ll send it to you ASAP (no strings attached!).

Kevin Nikkhoo

Tags: , , , , , , , , , , , ,