The 2023 Cloud Security Report, sponsored by Fortinet, surveyed 752 cybersecurity professionals from around the globe and across all industries. Most respondents (90%) say having a single cloud security platform to configure and manage security consistently across their cloud deployments would be helpful. Do you think? This isn’t very surprising.
Security silos are a massive problem in cloud computing. Mostly they occur in specific cloud brands when companies only use the native security tools for that specific cloud. When you have three to five different cloud providers, as most multicloud deployments do, you have at least three to five security silos.
I usually see even more silos since many enterprises create security domains around collections of applications, of which there can be many in a single cloud. Multiply that by the number of clouds you’re leveraging. It’s too complex, too inefficient, and too unsafe. Most breaches exploit this issue: Misconfigurations are the primary attack vector.
Centralized security is a familiar approach for distributed systems. These solutions began to appear when things got complex 20 years ago. Unfortunately, many took the least common denominator approach, attempting to provide a subset of security services that could function across most platforms. This usually meant they were lousy for all platforms as to what was needed versus what was provided. They were not used much, and native security solutions became the norm.
We have a similar problem arising now in sets of clouds that drive the creation of security silos. This complexity itself causes security issues and must be addressed as a holistic solution or centralized security that can deal with all cloud-based systems using a single abstraction and automation layer. If this sounds familiar, it’s a core component of what the industry now calls the “supercloud” or “metacloud.”
Core benefits of centralized cloud security
Why are CIOs looking to centralize security, and will the cost of implementing these systems provide a net benefit to the business? Let’s look at the advantages:
Centralization and monitoring enable organizations to manage security measures from a single platform or abstraction. They can implement consistent security policies, configure access controls, and monitor user activities across multiple cloud environments. This consolidated approach simplifies security management, reduces complexity, and provides better visibility into potential security risks. These are 80% of the advantages you get with centralized security. That’s why I’m listing them first.
Rapid response means that centralized cloud security allows for faster detection and response to potential threats. When security events occur, centralized security tools can quickly identify and mitigate risks across the entire cloud infrastructure. Prompt responses to security incidents can minimize impacts.
Reduced duplication and complexity are key to why you want a supercloud or metacloud to remove security silos. Centralized security eliminates the need for individual implementations for each application or service hosted on the cloud. This reduces duplication of efforts, simplifies security architectures, and leads to overall cost savings.
Scalability and agility mean that centralized cloud security solutions are designed to expand rapidly as needed. Organizations can scale their cloud infrastructure while maintaining consistent security. Also, they can more easily make changes since they’re likely only changing security systems on a single platform.
It isn’t easy
Now the bad news. For those of you with existing security solutions and silos (most of you), switching to centralized security is expensive, risky, and time-consuming. Although you can “cut over” one security silo at a time to a centralized platform, it won’t be as easy to select a single centralized platform. The likely scenario will be a collection of technologies for governance, finops, encryption, identity management, etc., to get to a more optimal solution.
Moreover, I’m not sure how many security pros understand how to do this. Perhaps they get what it is and the value it can bring (by reading this article), but can they handle the 30 to 40 steps it takes to get to a successful deployment? This is perhaps the biggest complaint of enterprises attempting to centralize their security services, cloud or not.
However, the desired end state remains. Most enterprises will have to do this at some point. Otherwise, the risk and the cost of cloud security will be too significant, and the value will be negative. Don’t let it get that bad.
Copyright © 2023 IDG Communications, Inc.