[BreachExchange] The path to cloud security goes through integration

[Destry Winant]

https://www.infoworld.com/article/3326561/the-path-to-cloud-security-goes-through-integration.html#tk.rss_security

The cloud security problem is not really a problem any more. Indeed,
we have the best security technology in the public clouds these days,
and in some cases it’s better than what’s in the on-premises systems
that are no longer receiving the R&D spending love.

So, if security is so good in the cloud, why do so many in IT believe
there an issue? The fact is that public cloud never works alone
(although it seems that way if you listen to the public cloud
providers). They need to interact with third-party systems, such as
credit-checking services and data-validation services, as well as many
systems running on traditional on-premises platforms.

As many good security people will tell you, security is only as good
as the least secure systems in the enterprise, cloud or not. So, all
security must be systemic and work together. And that’s how it is in
the cloud.

This system synergy is rarely factored in when IT thinks about cloud
security. Many enterprises look at cloud security as something that
needs to just exist in the cloud. However, it has to be in their
cloud-connected on-premises systems too.

IT doesn’t need more security technology tossed into the mix; instead,
IT needs better integration of all security systems into a single
unified approach and technology stack that can work and play well
together.

The good news is that there are “single pane of glass” products on the
market that can meet the needs of integrating identity management
systems on the cloud with more traditional role-based security on
premises. Typically, directory systems become the common link, but
these security systems can also share threat profiles, auditing, and
proactive breach attempt management.

So, what’s an enterprise to do to achieve that security integration?
Here are a few things that should make your path to security synergy
more successful:

First, establish a plan for how the security systems are going to
talk. For the most part, this is a secure directory system, but there
are common databases you can also use. Note that you will have to plan
and coordinate across organizational silos.

Second, find a security management and monitoring product that
provides a “single pane of glass” between you and the security
systems, both on-premises and in the cloud. This should be the single
source of truth when it comes to who, what, when, how, and why. It’s
kind of a mastermind for all enterprise security.

Third, cross-system security testing should be a common occurrence.
Often overlooked by IT, such testing will provide tuning for your
security ecosystem and spot issues before the hackers do.

While all this seems simple in concept, it’s actually a pain in the
butt to deploy. If you’re dealing with all systems in an enterprise,
organizational politics often pops up. Also, many enterprises lack the
talent needed to get security going at all points. But you still need
to do it, because the alternative is very unpleasant.