Highly-tuned ML regimes and automation identify and respond to threats with greater confidence, thereby making automated remediation a practical possibility
To keep pace with the digital economy, as enterprises race towards transforming into cloud-first businesses, the hybrid cloud environment has become commonplace. According to the Cloud Services Market Global Report 2017 by Market Research Reports, hybrid cloud adoption has increased from 58% to 71% year-over-year in 2016.
Hybrid cloud platforms enable businesses to quickly modernize, transform and innovate. But, they also expand the risk frontier, which brings us to the question: How best can you safeguard your data as well as intellectual property across a hybrid cloud?
A continuously evolving threat milieu
Most organizations are challenged by the wide variety of threats today. As per Gartner, 60% of digital businesses are predicted to suffer major security failures by 2020. With hybrid cloud adoption on the rise, the challenge gets bigger.
The ubiquity of mobile internet (thanks to the proliferation of smart devices), along with a rising remote worker base, have together stretched the network perimeter to the limit. Now, hybrid cloud models are further accelerating this trend, compelling security practitioners to relook at the periphery - of where the secure network begins and ends.
Further, with agile development and DevOps, applications and workloads typically run in parallel, from a range of on-premises, private and public cloud databases, and get constantly updated; each one provided by a different vendor, possibly located across the globe. Given this, securing cloud services with disparate, traditional tools and practices has become unviable, also compounded by the need for integration and management of several different security products. Practically speaking, this is not only an inefficient and less successful approach, but is also error-prone.
In such a challenging environment, how can a security team make sure that its corporate security policies and industry regulations are in place and for good effect?
The rise of hybrid cloud
What are the two key challenges you face when securing your business in a hybrid cloud environment?
- Businesses require total visibility of all workloads and user activity across the entire hybrid cloud environment-spanning on-premises, cloud services (XaaS) and also unsanctioned ‘shadow IT’ environments
- Businesses need a mechanism to process and analyze the massive amount of telemetry and other data this expansive IT estate will generate, often with a flat budget and no additional resources
In summary, organizations require a holistic/unified, complete set of data with less human effort to interact with and analyze.
The cloud is calling, where are you?
Thankfully, cloud offers a solution. New cloud services come with the ability to ingest massive amounts of operational and security telemetry, analyze the same in real time using purpose-built machine learning (ML) algorithms and react to findings using automation. These services provide for a step-function improvement in core security operations centre (SOC) functions, spanning security information and event management (SIEM), user and entity behavior analytics (UEBA), cloud access security brokers (CASB) and configuration and compliance management –also factoring in the context of identity for user activity.
Developing at cloud-scale has enabled security providers to deliver a big-data platform that spans SIEM, UEBA, CASB, compliance and context-based identity, thereby streamlining the information continuum, that was erstwhile available only in separate tranches (i.e. if it was available to an SOC team in the first place!). Highly-tuned ML regimes and automation identify and respond to threats with greater confidence, thereby making automated remediation a practical possibility. This inclusion of purpose-built ML dramatically improves security and allows for the creation of a solution designed to proactively identify issues or draw your attention to aspects you never considered earlier.
With such a next-generation approach, highly-skilled SOC analysts can switch focus from rote identification of routine issues to protecting the organization against the sophisticated advanced persistent threats (APTs) prevalent today. This unified approach can also enable a critical control point for use of hybrid cloud, facilitating easy visibility of cloud services across multiple solution providers as well as on-premises IT. This saves significant time and reduces human error as organizations continually rebalance workloads across their sprawling IT estate.
Before deciding on a next-generation security solution, check out if it enables the below four security functions to scale seamlessly:
- End-to-end visibility of the hybrid IT estate: All workloads are made transparent, no matter where they are in the distributed, hybrid estate. This helps overcome the key challenge of our modern non-perimeter world-allowing visibility into all cloud environments in use including the unofficial, unsanctioned ones.
- Strong compliance mechanism: Configuration management, tokenization, transaction, and activity monitoring can be implemented for compliance purposes across the entire IT estate, factoring in both industry-standard and organization-specific rule sets.
- Identification/Detection: A next-generation SIEM with UEBA, CASB feeds and identity context up-levels the capabilities of the SOC to detect suspicious or malicious activities, and detect risky user behaviors before the occurrence of a breach.
- A system with automated remediation: Most organizations don’t fully leverage automation because they lack confidence in their analytical conclusions. With ML powered conclusions, automated response becomes more trusted and a higher-percentage of SOC action, increasing overall SOC efficiency in time to counter increased set of threats.
Given the added complexity involved in managing a hybrid cloud environment, businesses require more sophisticated capabilities to protect the entire cloud/IT footprint and pre-empt security gaps. Solution providers are responding with next-generation solutions that unify data and apply purpose-built ML.
As India moves towards transforming into a digital, knowledge-based economy, Indian businesses must develop a more holistic, proactive approach to IT security. As Aristotle said, ‘well-begun is half done’. In today’s diverse threat landscape, businesses can move towards IT security maturity by deploying the right solution.
The author is Director and Solution Specialist at Oracle India