We live in a cloud-first world for IT. More and more organisations see the value in the agility it provides. However, while many recognise the need to secure what's in the cloud, others are less willing to leverage the cloud to be the platform for their cyber-security. In my view, this is set to change, rapidly.
At the heart of cyber-security is an age-old problem, limited resource. Does each organisation have the resource to find the attack fast enough to stop business disruption?
Cloud provides effectively limitless compute resource for cyber-security. As the scale and scope of digital systems and the threats grow, the volume of telemetry generated and an increasing array of security capabilities will only increase. Regulatory pressures and the ability to correlate cyber-security data fast enough is driving organisations to keep security intelligence longer and increasing the need for more capacity. The cloud provides cheap, extremely resilient and unlimited capacity for collecting, analysing and storing security data.
The speed of IT change is accelerating, with applications activated and terminated in the cloud in milliseconds. DevOps teams may be changing code bases multiple times per day. So, enterprise IT is becoming a pay-per-use commodity, yet typically all too often organisations buy cyber-security over multi-year cycles and expect it to fit! The question to ask is why aren't organisations buying cyber-security in the same on-demand fashion to meet a dynamic requirement exactly when and where it is needed?
Cloud enables the next evolution of cyber-security, with the value that cloud brings to IT applied equally to how organisations prevent and mitigate cyber-attacks and build digital trust. We have built the confidence to move our data and apps to the cloud, and now must put security capabilities into the cloud natively, to support these. That may mean moving physical firewalls to virtualised versions, authentication tools to CASB, just to give several examples. Surely now is the time to challenge how fundamentally the cloud can transform cyber-security?
Organisations will continue to use traditional methods and new techniques to detect incidents across an increasingly broad eco-system of IT things that are typically cloud connected, whether that's SaaS, PaaS or IaaS. There will still be legacy non-cloud-based systems to manage, and all of these require the same, consistent security controls, if we are to effectively manage the adversarial risks.
So, what is stopping the transition? Well actually cyber-security professionals have started on the journey, whether that's buying cyber-security through AWS or Azure marketplaces, or leveraging their integration capabilities to have the security tool understand and automatically function in that cloud space, at the same digital speed as the resources they are securing. The challenge, however, is that this is typically on a per project basis, the danger here being that they add more layers of complexity into cyber-security.
What some professionals have done is to put cloud at the heart of their cyber-security; much in the same vein as DevOps is becoming DevSecOps. For a cloud-first approach to cyber-security you are at that starting point of natively operationalising security in a way that can scale with demand. This agility allows innovative new capabilities as they come to market at a lower cost that can be quickly implemented into the security eco-system and just as critically discarded when no longer needed. Organisations benefit from the end of protracted cycles of new product investments and big integration costs when they make a change.
So why is cyber-security not moving to the cloud faster? Some would argue that regulatory pressures are the limiting factor on this happening. I would suggest it is more commonly security experts' confidence in their own security to enable their security platforms to move to the cloud. If they have the confidence to protect their data and applications in the cloud, why then do they not have the same confidence to base cyber-security there, to leverage all its benefits like big data storage, compute power and the ability to adopt new consumption models that mean new capabilities can be tried without major investment.
Not so long ago some CIOs and CISOs would have said that they wouldn't put their data in the cloud; and indeed, some still do not. Yet for most, digital transformation is critical and cloud-first, meaning cybersecurity transformation, can only follow the same path.
Contributed by Greg Day, VP and CSO EMEA, Palo Alto Networks
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.