Browsing category

Cloud Adoption

Amazon AWS, Application Security, Cloud, Cloud Adoption, cloud computing, Cloud Security, Cloud Services Provider, DevOps, Hybrid Cloud, Security Spending,

Is Cloud Business Moving too Fast for Cloud Security?

As more companies migrate to the cloud and expand their cloud environments, security has become an enormous challenge. Many of the issues stem from the reality that the speed of cloud migration far surpasses security’s ability to keep pace.

What’s the holdup when it comes to security? While there’s no single answer to that complicated question, there are many obstacles that are seemingly blocking the path to cloud security.

In its inaugural “State of Hybrid Cloud Security” report, FireMon asserted that not only are cloud business and security misaligned, but existing security tools can’t handle the scale of cloud adoption or the complexity of cloud environments. A lack of security budget and resources compounds these concerns.

What Are the Risks of Fast-Paced Cloud Adoption?

Of the 400 information security professionals who participated in the survey, 60 percent either agreed or strongly agreed that cloud-based business initiatives move faster than the security organization’s ability to secure them. Another telling finding from a press release associated with the report is that 44 percent of respondents said that people outside of the security organization are responsible for securing the cloud. That means IT and cloud teams, application owners and other teams are tasked with securing cloud environments.

Perhaps it’s coincidental, but 44.5 percent of respondents also said that their top three challenges in securing public cloud environments are lack of visibility, lack of training and lack of control.

“Because the cloud is a shared security model, traditional approaches to security aren’t working reliably,” said Carolyn Crandall, chief deception officer at Attivo Networks. “Limited visibility leads to major gaps in detection where an attacker can hijack cloud resources or steal critical information.”

While the emergence of the cloud has enabled anytime, anywhere access to IT resources at an economical cost for businesses, cloud computing also widens the network attack surface, creating new entry points for adversaries to exploit.

The Misery of Misconfiguration

As cloud-based businesses continue to quickly spin up new environments, misconfiguration issues have resulted in security nightmares, particularly over the last several months. According to Infosecurity Magazine, a misconfiguration at a California-based communications provider left 26 million SMS messages exposed in November 2018, and in December 2018, IT misconfigurations exposed the data of more than 120 million Brazilians.

From Amazon Web Services (AWS) bucket misconfigurations to Elasticsearch or MongoDB blunders, companies across all sectors have had their names in headlines not because of a data breach, but because human error left plaintext sensitive data exposed, often without a password.

Getting Cloud Security up to Speed

As is most often the case, the ability to enhance cloud security comes down to the availability of resources — 57.5 percent of respondents to the FireMon survey said that less than 25 percent of the security budget is dedicated to cloud security.

It’s also time to move beyond the misconception that cloud providers are delivering security in the cloud.

“Organizations new to the cloud will typically think that the cloud provider handles security for them, so they are already covered. This is not true; the AWS Shared Security Model says that while AWS handles security of the cloud, the customer is still responsible for handling security in the cloud. Azure’s policy is similar,” said Nitzan Miron, vice president of product management, application security services at Barracuda.

In short, securing all the applications and databases running in cloud environments is the responsibility of the business. That’s why organizations need to start thinking differently about their security frameworks and how to design controls that will secure a complex, borderless environment. Within that evolving security framework, organizations not only need strategies for scalable threat detection across cloud environments, but the endpoints accessing those cloud environments also need to be able to detect threats.

“Reducing risk will require adding capabilities to monitor user activity in the cloud, unauthorized access, as well as any malware infiltration. They will also need to add continuous assessment controls to address policy violations, misconfigurations, or misconduct by their suppliers and contractors,” Crandall said.

DevSecOps to the Rescue?

Another reason cloud security is lagging is rooted in the highly problematic division of teams. According to Miron, it’s often the case that security teams are separate from Ops/DevOps teams, which causes security to move much slower.

When the DevOps team decides to move to the cloud, it may be months before the security team gets involved to audit what they are doing.

“The long-term solution to this is DevSecOps,” said Miron.

Let it not be lost on anyone that “Sec” is supplanted right between “Dev” and “Ops.” When it comes to development, security is not something that can be tacked on at the end. It has to be central to the DevOps process.

From database exposure to application vulnerabilities, security in the cloud is complicated; and the complexities are compounded when teams don’t have adequate resources. Businesses that want to advance cloud security at scale need to invest in both the people and the technology that will reduce risks.

The post Is Cloud Business Moving too Fast for Cloud Security? appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kacy Zurkus

Application Development, Application Security, Application Security Testing, CISO, Cloud, Cloud Adoption, Cloud Applications, Cloud Infrastructure, Cloud Security, Cloud Services, Cloud Services Provider, Data Management, Industries, Risk Management,

Security Considerations for Whatever Cloud Service Model You Adopt

Companies recognize the strategic importance of adopting a cloud service model to transform their operations, but there still needs to be a focus on mitigating potential information risks with appropriate cloud security considerations, controls and requirements without compromising functionality, ease of use or the pace of adoption. We all worry about security in our business and personal lives, so it’s naturally a persistent concern when adopting cloud-based services — and understandably so. However, research suggests that cloud services are now a mainstream way of delivering IT requirements for many companies today and will continue to grow in spite of any unease about security.

According to Gartner, 28 percent of spending within key enterprise IT markets will shift to the cloud by 2022, which is up from 19 percent in 2018. Meanwhile, Forrester reported that cloud platforms and applications now drive the full spectrum of end-to-end business technology transformations in leading enterprises, from the key systems powering the back office to mobile apps delivering new customer experiences. More enterprises are using multiple cloud services each year, including software-as-a-service (SaaS) business apps and cloud platforms such as infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS), both on-premises and from public service providers.

What Is Your Cloud Security Readiness Posture?

The state of security readiness for cloud service adoption varies between companies, but many still lack the oversight and decision-making processes necessary for such a migration. There is a greater need for alignment and governance processes to manage and oversee a cloud vendor relationship. This represents a shift in responsibilities, so companies need to adequately staff, manage and maintain the appropriate level of oversight and control over the cloud service. As a result, a security governance and management model is essential for cloud services that can be found in a cloud vendor risk management program.

A cloud vendor risk management program requires careful consideration and implementation, but not a complete overhaul of your company’s entire cybersecurity program. The activities in the cloud vendor risk management program are intended to assist companies in approaching security in a consistent manner, regardless of how varied or unique the cloud service may be. The use of standard methods helps ensure there is reliable information on which to base decisions and actions. It also reinforces the ability to proactively evaluate and mitigate the risks cloud vendors introduce to the business. Finally, standard cloud vendor risk management methods can help distinguish between different types of risks and manage them appropriately.

Overlooked Security Considerations for Your Cloud Service Model

A cloud vendor risk management program provides a tailored set of security considerations, controls and requirements within a cloud computing environment through a phased life cycle approach. Determining cloud security considerations, controls and requirements is an ongoing analytical activity to evaluate the cloud service models and potential cloud vendors that can satisfy existing or emerging business needs.

All cloud security controls and requirements possess a certain level of importance based on risk, and most are applicable regardless of the cloud service. However, some elements are overlooked more often than others, and companies should pay particular attention to the following considerations to protect their cloud service model and the data therein.

Application Security

  • Application exposure: Consider the cloud vendor application’s overall attack surface. In a SaaS cloud environment, the applications offered by the cloud vendor often have broader exposure, which increases the attack surface. Additionally, those applications often still need to integrate back to other noncloud applications within the boundaries of your company or the cloud vendor enterprise.
  • Application mapping: Ensure that applications are aligned with the capabilities provided by cloud vendors to avoid the introduction of any undesirable features or vulnerabilities.
  • Application design: Pay close attention to the design and requirements of an application candidate and request a test period from the cloud vendor to rule out any possible issues. Require continuous communication and notification of major changes to ensure that compatibility testing is included in the change plans. SaaS cloud vendors will typically introduce additional features to improve the resilience of their software, such as security testing or strict versioning. Cloud vendors can also inform your company about the exact state of its business applications, such as specific software logging and monitoring, given their dedicated attention to managing reputation risk and reliance on providing secure software services and capabilities.
  • Browser vulnerabilities: Harden web browsers and browser clients. Applications offered by SaaS cloud vendors are accessible via secure communication through a web browser, which is a common target for malware and attacks.
  • Service-oriented architecture (SOA): Conduct ongoing assessments to continuously identify any application vulnerabilities, because the SOA libraries are maintained by the cloud vendor and not completely visible to your company. By using the vendor-provided SOA library, you can develop and test applications more quickly because SOA provides a common framework for application development.

Data Governance

  • Data ownership: Clearly define data ownership so the cloud vendor cannot refuse access to data or demand fees to return the data once the service contracts are terminated. SaaS cloud vendors will provide the applications and your company will provide the data.
  • Data disposal: Consider the options for safe disposal or destruction of any previous backups. Proper disposal of data is imperative to prevent unauthorized disclosure. Replace, recycle or upgrade disks with proper sanitization so that the information no longer remains within storage and cannot be retrieved. Ensure that the cloud vendor takes appropriate measures to prevent information assets from being sent without approval to countries where the data can be disclosed legally.
  • Data disposal upon contract termination: Implement processes to erase, sanitize and/or dispose of data migrated into the cloud vendor’s application prior to a contract termination. Ensure the details of applications are not disclosed without your company’s authorization.
  • Data encryption transmission requirements: Provide encryption of confidential data communicated between a user’s browser and a web-based application using secure protocols. Implement encryption of confidential data transmitted between an application server and a database to prevent unauthorized interception. Such encryption capabilities are generally provided as part of, or an option to, the database server software. You can achieve encryption of confidential file transfers through protocols such as Secure FTP (SFTP) or by encrypting the data prior to transmission.

Contract Management

  • Transborder legal requirements: Validate whether government entities in the hosting country require access to your company’s information, with or without proper notification. Implement necessary compliance controls and do not violate regulations in other countries when storing or transmitting data within the cloud vendor’s infrastructure. Different countries have different legal requirements, especially concerning personally identifiable information (PII).
  • Multitenancy: Segment and protect all resources allocated to a particular tenant to avoid disclosure of information to other tenants. For example, when a customer no longer needs allocated storage, it may be freely reallocated to another customer. In this case, wipe data thoroughly.
  • Network management: Determine network management roles and responsibilities with the cloud vendor. Within a SaaS implementation, the cloud vendor is entirely responsible for the network. In other models, the responsibility of the network is generally shared, but there will be exceptions.
  • Reliability: Ensure the cloud vendor has service-level agreements that specify the amount of allowable downtime and the time it will take to restore service in the event of an unexpected disruption.
  • Exit strategy: Develop an exit strategy for the eventual transition away from the cloud vendor considering tools, procedures and other offerings to securely facilitate data or service portability from the cloud vendor to another or bring services back in-house.

IT Asset Governance

  • Patch management: Determine the patch management processes with the cloud vendor and ensure there is ongoing awareness and reporting. Cloud vendors can introduce patches in their applications quickly without the approval or knowledge of your company because it can take a long time for a cloud vendor to get formal approval from every customer. This can result in your company having little control or insight regarding the patch management process and lead to unexpected side effects. Ensure that the cloud vendor hypervisor manager allows the necessary patches to be applied across the infrastructure in a short time, reducing the time available for a new vulnerability to be exploited.
  • Virtual machine security maintenance: Partner with cloud vendors that allow your company to create virtual machines (VM) in various states such as active, running, suspended and off. Although cloud vendors could be involved, the maintenance of security updates may be the responsibility of your company. Assess all inactive VMs and apply security patches to reduce the potential for out-of-date VMs to become compromised when activated.

Accelerate Your Cloud Transformation

Adopting cloud services can be a key steppingstone toward achieving your business objectives. Many companies have gained substantial value from cloud services, but there is still work to be done. Even successful companies often have cloud security gaps, including issues related to cloud security governance and management. Although it may not be easy, it’s critical to perform due diligence to address any gaps through a cloud vendor risk management program.

Cloud service security levels will vary, and security concerns will always be a part of any company’s transition to the cloud. But implementing a cloud vendor risk management program can certainly put your company in a better position to address these concerns. The bottom line is that security is no longer an acceptable reason for refusing to adopt cloud services, and the days when your business can keep up without them are officially over.

The post Security Considerations for Whatever Cloud Service Model You Adopt appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Brian Evans

CISO, Cloud, Cloud Adoption, Cloud Applications, Cloud Identity Service, Cloud Infrastructure, Cloud Security, Cloud Services, Cloud Services Provider, Identity & Access, Identity and Access Management (IAM), Identity Management, Identity Services, Software-as-a-Service (Saas),

How to Accelerate Your Cloud IAM Adoption

Cloud identity and access management (IAM) is quickly becoming a cost-effective and flexible model for modern IAM programs. According to the “2018 Gartner Magic Quadrant for Access Management,” by 2022, identity-as-a-service (IDaaS), also known as cloud IAM, will be the chosen delivery model for more than 80 percent of new access management purchases globally, up from 50 percent today.

Reducing the complexity and cost of managing and operating legacy, on-premises IAM programs often drives the need to move to a modern, cloud-based IAM architecture. Many organizations have quite a bit of technical debt: Their investment in IAM infrastructure is too low to keep their solutions up to date over time, and the cost of upgrading these on-premises deployments becomes prohibitive. As a result, cloud-delivered functionality becomes an attractive way to complement, augment and even replace legacy IAM functionality that is weighed down by this technical debt. Not to mention the many benefits to migrating IAM functionality to the cloud, including cost-efficiency, flexibility, faster deployments and simplified operations.

However, there are some significant challenges associated with moving to a cloud IAM solution, especially for larger organizations with complex operations, IT landscapes or organizational structures. Adapting to a technology platform with less room for customization requires trade-offs to make it the right solution for your organization, and your organization and IAM resources have to execute things differently than how they’re used to.

Your organization will need to plan, design, deploy and operate a cloud-based solution, often alongside existing architecture, in a hybrid manner, so the IAM processes and security policies will be completely different. These new challenges can depend on the requirements of your core IAM team, stakeholders and end users.

With all that in mind, let’s explore some steps you can take to make your transition to cloud IAM easier.

Find the Right Cloud IAM Strategy

To identify the right cloud IAM strategy for your organization, you will need to balance the requirements of many different stakeholders. First, many security and IT executives across industries are defining cloud initiatives for their organizations — these are the directives that govern how IT should navigate the evolution of its ecosystem, and they can look different for every organization. These initiatives are often shaped by compliance requirements, the privacy requests of strategic partners and other third parties, and the organization’s overall business strategy.

Next, understand the needs and expectations of your various user populations. Any major technology change in your organization will likely impact the way your end users access their resources, how IAM administrators perform identity management workflows and how auditors receive reports, just to name a few. That’s why you need to make sure any solution you design addresses these users’ most important requirements if you want to see successful adoption. This focus on user outcomes and how they relate to business goals is what drives Enterprise Design Thinking.

Lastly, these requirements must be balanced against the realities of your current business processes and IT architecture. Many organizations have requirements for IAM workflows, including approval, provisioning and onboarding, that drive heavy customization of the legacy on-premises architecture. Often, these customizations are no longer available in cloud-delivered services and teams must decide whether to keep these capabilities on-premises or adapt their business processes to the realities of the cloud-delivered tools. Many cloud-delivered solutions also have limited support for custom legacy deployments, which may make it difficult to integrate things like on-premises custom apps. In these situations, it’s important to assess the current IT landscape and build a technical solution to meet requirements.

Learn how to build and deploy a cloud IAM solution

After you know the answers to these questions, you can identify which IAM capabilities will stay on-premises and what will be delivered in the cloud and create a future-state, programwide architecture. For example, access management functions such as federated single sign-on (SSO) and multifactor authentication (MFA) may be delivered from the cloud, and functions like role management and provisioning might remain on-premises. It all depends on the requirements and feasibility of what can be migrated to the cloud.

Design and Deploy a New Cloud IAM Solution

There may be pressure from business leaders to migrate to the cloud as soon as possible to lower infrastructure costs and overall technical debt. But to do so without disrupting business operations and risking the success of the project requires a thoughtful approach to designing and deploying the right cloud IAM infrastructure.

First, stay closely aligned with users to make sure their requirements are captured at each phase of the project to help the technical teams design a phased project approach that is minimally disruptive to these users. Like in the previous step, Enterprise Design Thinking can help uncover these user needs and ensure they stay top of mind.

Second, leverage prebuilt use cases following industry best practices to help speed up deployment efforts and deliver a secure and usable solution. Combined with an agile approach, this can speed up the delivery of functionality.

Lastly, prioritize a rollout schedule to deliver success early. A good practice is to start with the easy integrations, such as SSO for Security Assertion Markup Language (SAML)-enabled software-as-a-service (SaaS) apps, to build trust in the project and keep stakeholders engaged and invested in its success.

Continuously Improve and Optimize Your Cloud IAM Solution

A successful transition to cloud IAM requires ongoing, day-to-day management of your new solution. These efforts should focus on driving continuous improvement in the new environment. An organization cannot simply adopt a set-it-and-forget-it mindset. As it expands its footprint, the IAM team should focus on prioritizing integrations and onboarding new assets in the new cloud-based IAM environment.

It’s important to consider how the organization will retrain and redeploy its IAM talent. Resources with traditional on-premises experience will need training and development on new cloud-based IAM architecture and processes. Especially during periods of dramatic technology transition, there is always a risk that employees will leave.

Therefore, it’s important to set up clear roles and responsibilities tailored to the skill sets of your current IAM talent. In doing so, you may help mitigate the loss of these important and limited resources for your organization.

Services such as IBM Cloud Identity and Access Management Services can facilitate a smooth IAM program transformation by helping security teams find, deploy and operate the right cloud IAM strategy and tools regardless of their deployment model. This insight enables IAM and security managers to focus on user outcomes, accelerate cloud IAM deployments and their integration with existing IAM processes, and optimize and continuously improve overall IAM operations.

Learn how cloud IAM can be the key to your digital transformation

The post How to Accelerate Your Cloud IAM Adoption appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Marc von Mandel

Access Governance, Access Management, Advanced Threats, Application Security, Cloud, Cloud Adoption, Cloud Infrastructure, Cloud Security, Cloud Services, Cloud Services Provider, Cloud Strategy, Data Protection, Data Security, Encrpyption, Encryption Keys, Hybrid Cloud, Identity and Access Management (IAM), Identity Management, Public Cloud, Security by Design,

Moving to the Hybrid Cloud? Make Sure It’s Secure by Design

Many organizations have such a positive first experience with cloud computing that they quickly want to move to a hybrid cloud environment with data and workloads shared between private and public clouds. The flexibility and control that a hybrid cloud provides is why it is expected to be the dominant cloud computing model for the foreseeable future.

However, companies often don’t think about security issues until after they are well along in the process of building a hybrid cloud. This can lead to nasty surprises when they realize this environment introduces some unique security considerations that don’t exist in traditional infrastructure. That’s why a hybrid cloud needs to be secure by design.

Cloud Security Is a Shared Responsibility

Public cloud providers offer enterprise-class security, but that doesn’t absolve customers from responsibility for protecting data, enforcing access controls and educating users. Private cloud security is complicated because private clouds can take many forms. They may be hosted entirely on-site, entirely in the public cloud or some combination. Private cloud infrastructure can also be dedicated to a single tenant or shared across multiple zones with isolation providing dedicated resources. Each environment has different security demands.

The scale and dynamism of cloud computing complicates visibility and control. Many customers incorrectly believe that cloud providers take care of security. In fact, security is a shared responsibility. In my experience, most cloud security failures occur because customers don’t live up to their part of the bargain.

No single cloud security mechanism does the entire job. There is also little consensus about what the ideal cloud security environment should look like. As a result, most product offerings in this market are still evolving. Secure by design starts with assessing risk and building a framework for technology.

A New Way of Computing

Moving to the cloud doesn’t mean relinquishing total control, but it does require embracing a new security mindset based on identity, data and workloads rather than underlying platforms. Security professionals who can reorient themselves around business enablement rather than device protection are particularly well-suited to securing public clouds.

Cloud computing is highly distributed and dynamic, with workloads constantly spinning up and down. Visibility is essential for security. According to Gartner, cloud security should address three core topics that have not traditionally been an IT discipline: multitenancy risk, virtualization security and software-as-a-service (SaaS) control.

Multitenancy risk is inherent to cloud architectures because multiple virtual machines (VMs) share the same physical space. Major public cloud providers go to great lengths to mitigate the possibility that one tenant could access data in another VM, but on-premises infrastructure is susceptible if the servers are not configured properly. Changes made to one hybrid cloud environment may also inadvertently affect another.

Virtualization security refers to the unique risks of virtualized environments. While hypervisors and VMs are in many ways more secure than bare-metal environments because the operating system is isolated from the hardware, the use of shared resources like storage and networking also introduces potential vulnerabilities that don’t exist on dedicated servers.

SaaS environments require greater attention to authentication and access control because the user doesn’t own the network. Governance standards need to be put in place to ensure that users take appropriate precautions with data and that all necessary regulatory and compliance guidelines are met.

Without these new competencies, organizations will struggle to gain visibility into their hybrid cloud environments, making it almost impossible to determine which computing and storage tasks are taking place where, using which data and under whose direction. In that situation, provisioning and enforcement of policy can quickly become impractical. But if organizations practice secure-by-design principles using new cloud-native tools, they can get a single-pane-of-glass view into activity that enables policy enforcement.

Three Keys to Secure Hybrid Cloud Deployments

Three areas merit special attention: encryption, endpoint security and access control.

Encryption is the best form of data protection. Data moving to and from the public cloud should be encrypted at all stages, and sensitive data should never be left unencrypted. All cloud providers support encryption, but not necessarily by default. Customers need to choose the type of encryption that is most appropriate and secure encryption keys.

When public cloud services are accessed over the public internet, special attention needs to be paid to endpoint security to prevent the risk of creating access points for attackers or becoming targets of malware. For example, an attacker who compromises a PC and logs on as an administrator for the company’s public cloud effectively has the keys to the kingdom. Hardware firewalls aren’t protection enough.

Secure web gateways (SWGs) utilize URL filtering, advanced threat defense (ATD) and malware detection to protect organizations and enforce internet policy compliance. SWGs are delivered as both physical and virtual on-premises appliances, cloud-based services or hybrid cloud/on-premises solutions. They provide an additional layer of protection against destructive attacks such as ransomware and enable safer and more efficient adoption of cloud-based services.

Finally, cloud-specific access control is a necessity if employees, contractors and vendors are to use both public and private clouds. Single sign-on (SSO) and federated access controls can minimize inconvenience while maintaining control and security monitoring.

Identity and access management-as-a-service (IDaaS) works in both multitenant and dedicated environments. It provides identity governance and administration, access management, and analytics functions that span the organization’s entire cloud environment. IDaaS can also be integrated with existing access management software to manage access to legacy applications.

The Cloud Security Alliance has an extensive library of resources that cover practices for hybrid cloud security. Organizations should familiarize themselves with these guidelines before beginning the migration process. Building security into hybrid infrastructure from the beginning minimizes the pain and delay of backfilling later.

The post Moving to the Hybrid Cloud? Make Sure It’s Secure by Design appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Kaja Narum

CISO, Cloud, Cloud Adoption, Cloud Infrastructure, Cloud Security, Cloud Services, Cloud Services Provider, Cloud Strategy, Data Protection, DevOps, Hybrid Cloud, SecDevOps, Security Services,

Succeed in Your Cloud Migration With a Secure Hybrid Cloud Strategy

Picture this: An object storage misconfiguration has left thousands of customer records fully exposed. Your company is about to face costly compliance consequences and a loss of customer trust. How should you respond? More importantly, how could a secure hybrid cloud strategy have helped prevent such an incident from happening in the first place?

As IT teams face significant pressure to develop a successful cloud migration strategy, organizations are treating security as an afterthought in their rush to quickly move to the cloud. Today, 81 percent of organizations have a multicloud strategy, according to RightScale. Migration without cloud security services for visibility and governance can significantly increase the complexity, costs and risks of adoption.

In This Article

When Unsecure Cloud Migration Becomes Disastrous

Too often, security is forgotten in the excitement to capture the hybrid cloud’s remarkable potential. Perceptions that secure processes can slow digital transformation may lead to security being treated as an afterthought. While effectively managed cloud adoption can improve data security and disaster recovery, many organizations are wary of public cloud providers’ shared responsibility models with third-party security providers, which can increase the complexity for users and complicate processes for access and governing compliance compared to on-premises deployments. A Cybersecurity Insiders survey found that 43 percent of cloud adopters lack of visibility into infrastructure security, 38 percent report compliance troubles and 35 percent struggle to consistently enforce security policies.

Learn more about how to secure your hybrid cloud

Misconfigured cloud servers and other improperly configured systems were solely responsible for the exposure of 2 billion data records tracked by IBM X-Force researchers last year. In addition, inadvertent insider error has contributed to an over 400-percent year-over-year growth in cloud security risks, due in large part to misunderstandings about shared responsibility models to protect data in the cloud. Ultimately, if a data breach or disruption occurs, the organization is liable for the loss of customer trust, regulatory fines and other expensive consequences.

By rushing cloud adoption, business are more likely to generate risks than gain a competitive advantage. In fact, 74 percent of organizations reported that they likely experienced a data breach in the past year due to a lack of secure cloud migration processes. Secure cloud design, a full understanding of responsibility models and solutions for proactive risk management are critical to realizing cloud benefits.

How to Adopt Hybrid Cloud With Confidence

The organization’s ability to develop a successful cloud migration strategy depends, in part, on the IT team’s ability to effectively manage competing priorities of speed, cost efficiency and security. Across industries, hybrid cloud adoption is a necessary tool to balance expanding workloads and data assets. As cloud threats increase, managing hybrid cloud infrastructures requires the enterprise to develop new processes and adopt new solutions for visibility and control.

Strive for True Hybrid Cloud Visibility

Hybrid cloud environments can host a wide array of resources and application programming interfaces (APIs), which can make it challenging to orchestrate effective security controls.

The need for visibility necessitates management solutions designed to capture a diverse view of storage, networking and provisioning activities across public and private cloud environments. Cloud security services should offer visibility and analytics to proactively manage compliance, identify threats and accelerate remediation activities.

Proactively Manage the Cloud Life Cycle

Effective data governance in a hybrid cloud infrastructure requires comprehensive security policies that are proactively and consistently implemented across apps, services, databases, users and endpoints. Cloud security tools should support the organization’s transition to a DevSecOps model where security works alongside DevOps so that proper security controls are built into the design process from the beginning. In turn, this simplifies the process of access management, authentication and authorization in native and migrated cloud apps. To manage threats and compliance risks, organizations need solutions that automate policy enforcement and strengthen compliance posture in a hybrid cloud environment post-deployment.

Why the Enterprise Is Responsible for Protecting Customer Trust in the Hybrid Cloud

The revolution toward a digital economy is underway, and organizations recognize the potential of the hybrid cloud to introduce agility and scale. As IT teams face pressure to deploy a hybrid cloud infrastructure that supports digital transformation activities, many are rushing to the cloud without a comprehensive approach to protecting critical data by design and default.

To fully realize the potential benefits of the secure hybrid cloud, organizations must recognize and understand that the responsibility for protecting customer data and a secure move to the cloud continues to rest with their organization and IT teams. Implementing secure processes during migration and adoption can reduce the costs and risks that result from treating security as an afterthought. Cloud security services for visibility and orchestration are a necessity to proactively manage policy, compliance and access across cloud apps and services.

Learn more about how to secure your hybrid cloud

The post Succeed in Your Cloud Migration With a Secure Hybrid Cloud Strategy appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Jimmy Tsang

Artificial intelligence, Artificial Intelligence (AI), Automation, CISO, Cloud Adoption, Compliance, Cybersecurity, Data Breach, Data Privacy, General Data Protection Regulation (GDPR), Incident Response, Incident Response (IR), Internet of Things (IoT), IoT Security, Machine Learning, privacy regulations, Risk Management, Security Intelligence & Analytics, Security Professionals, Security Trends,

Top 2019 Cybersecurity Predictions From the Resilient Year-End Webinar

2018 was another significant year for the cybersecurity industry, with sweeping changes that will impact security professionals for years to come.

The General Data Protection Regulation (GDPR) finally went into effect, dramatically reshaping the way companies and consumers manage data privacy. Security teams stepped up their battle against technology complexity by increasingly migrating to the cloud and adopting security platforms. And several emerging security technologies — such as incident response automation and orchestration, artificial intelligence (AI), and machine learning — continued to evolve and saw increased adoption as a result.

As security teams continue pushing to get ahead of adversaries, these trends will almost certainly have long-term impacts. But what do they mean for 2019?

Bold Cybersecurity Predictions for 2019

Recently, I was fortunate to host a panel of cybersecurity experts for IBM Resilient’s sixth annual end-of-year and predictions webinar, including Bruce Schneier, chief technology officer (CTO) at IBM Resilient and special advisor to IBM Security; Jon Oltsik, senior principal analyst at Enterprise Strategy Group; Ted Julian, co-founder and vice president of product management at IBM Resilient; and Gant Redmon, program director of cybersecurity and privacy at IBM Resilient.

During the webinar, the team discussed and debated the trends that defined 2018 and offered cybersecurity predictions on what the industry can expect in 2019. In the spirit of keeping our experts honest, below are the four boldest predictions from the panel.

Bruce Schneier: There Will Be a Major IoT Cyberattack … or Not

Last year, Bruce predicted that a major internet of things (IoT) cyberattack would make the news, perhaps targeting automobiles or medical devices. Fortunately, that wasn’t the case in 2018. But could it happen in 2019?

Bruce’s prediction: maybe (yes, he’s hedging his bet). There are certainly many risks and vulnerabilities associated with the rise of IoT devices. Regardless of whether a major attack is imminent, IoT security needs to be a top priority for security teams in 2019. This prediction is in line with Bruce’s latest book, “Click Here to Kill Everybody.”

Ted Julian: Security Automation Will Create Unintended Negative Consequences

Incident response automation and orchestration is an increasingly popular way for security teams to streamline repetitive processes and make analysts more efficient, but automating poorly defined processes could create bigger issues.

Automated processes accidentally taking down systems is a familiar problem in the IT space. In 2019, we will see an example of security automation hurting an organization in unforeseen ways.

To avoid this, organizations need to consider how they employ technology when orchestrating incident response processes. They should focus on aligning people, processes and technology and methodically employ automation to further empower their security employees.

Jon Oltsik: Continuous Risk Management Will Help Organizations Better Understand Risks

Today, risk assessments and vulnerability scans give organizations a point-in-time look at their security posture and threat landscape. But in 2019, that won’t be enough. Security leadership — as well as executives and board members — need real-time information about the risks they face and what needs to be done to improve. Establishing a system of continuous risk management will help security teams enable this reality.

Gant Redmon: New Laws Will Provide Safe Harbor to Compliant Organizations

A pending law in Ohio would provide a first in U.S. data privacy regulations: Providing safe harbor from tort claims to organizations that are in compliance with their security regulations. In other words, if an organization suffers a data breach but is in compliance with its regulatory obligations, it will be protected from lawsuits related to that breach.

While the Ohio law is the first of its kind, we will no doubt start to hear of similar regulations emerging throughout 2019.

What are your cybersecurity predictions for 2019? Tweet to us at @IBMSecurity and let us know!

Watch the complete webinar

The post Top 2019 Cybersecurity Predictions From the Resilient Year-End Webinar appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Maria Battaglia

Cloud, Cloud Adoption, Cloud Security, Cloud Services, Cloud Strategy, Compliance, Data Protection, IT Infrastructure, regulatory compliance,

Overcoming the Cloud Security Compliance Conundrum

The growing demand for increased business agility and cost reductions in relation to IT infrastructure and applications is not a new agenda item for C-level executives. It has, however, remained a priority topic in 2018.

Compliance with various regulations and cloud security requirements has expanded as technology and cloud uptake advance — albeit not at a similar pace, leaving organizations with a challenging conundrum to solve. This is particularly relevant when executives consider cloud security and business transformations.

Balance the Costs and Benefits of Cloud Migration

The partnership between IBM and Red Hat announced earlier this year highlights a strategic vision to deliver transformational change to clients and meet cloud security demand. We’ve also seen record-breaking technological advancements and a growing number of data and application migrations to the cloud.

In general, these migrations follow either a hybrid or multicloud strategy. Hybrid cloud is defined as a combination of cloud services that are deployed both on-premises and in the cloud. Multicloud means using multiple cloud computing service providers across a single heterogeneous environment for applications, software or infrastructure.

Whatever the strategy, cloud migrations involve transitioning and managing extensive processing and workloads outside of traditional IT infrastructure while addressing cloud security and compliance challenges. The main industries that are seeing an increased focus, volume and complexity of regulations are banking and financial services. In these sectors, many are pursuing innovative business strategies that drive requirements for critical infrastructure and applications to the cloud.

The regulatory compliance challenge for such innovation poses both an opportunity and a concern for the C-suite and boardroom. Financial institutions must confront the reality of dramatically increasing costs while also keeping pace with the legislative and regulatory changes arising from numerous regulatory bodies. Global organizations have the added burden of even more international and nation-specific regulations.

The cost of compliance is often high, but any effort to reduce staff without demonstrable and measurable improvements in compliance processes and technology could be viewed negatively by regulatory bodies, investors and shareholders.

Meet Cloud Security Compliance Requirements Head-On

One of the most common misconceptions we hear from clients is that moving to the cloud with data held by multiple third parties on shared systems will be a complex undertaking. Our view is that cloud services can be extremely secure and often a more stable option than utilizing existing internal IT infrastructure. However, there are a some activities that need to be considered to meet regulatory compliance requirements, such as:

  • Deploying continuous monitoring of both technical and nontechnical cloud compliance requirements. This should also include corporate governance, cybersecurity and regulatory compliance controls;
  • Maintaining a unified source or framework of governance, risk and compliance information for how cloud services are utilized;
  • Developing executive and operational dashboards to provide visibility into cloud compliance statuses;
  • Implementing real-time alerting mechanisms for control failures with defined playbooks on how to respond to compliance failures from third-party providers; and
  • Ensuring that you can continuously synchronize new cloud services and capabilities with regulatory compliance requirements.

These cloud security to-dos can help your organization take on the seemingly daunting task of cloud migration while remaining secure and compliant.

The post Overcoming the Cloud Security Compliance Conundrum appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Indy Dhami

Artificial intelligence, Banking & Financial Services, Cloud, Cloud Adoption, Cloud Security, Cloud Services, Cloud Services Provider, Compliance, Cybersecurity Legislation, Financial Industry, Financial Institutions, Managed Security Services (MSS), Managed Security Services Provider (MSSP), regulatory compliance, Security Solutions,

Continuous Compliance Eases Cloud Adoption for Financial Services Firms

Last month, I spoke during the Innovation Showcase at the Financial Services Information Sharing and Analysis Center (FS-ISAC) Fall Summit. The goal was to update this group of high-level security professionals on a continuous compliance managed services solution that helps solve the cloud compliance dilemma — and on the solution’s first successful implementation. In a consortium of more than 30 financial services firms building an industry-standard cloud control framework, almost all reported regulatory compliance as a major hurdle to cloud adoption.

Overcome the Challenges of Cloud Compliance

Financial institutions are eager to use the hybrid cloud as a productive workplace to achieve strategic goals. But as reported in our white paper, “Turning Regulatory Challenges of the Cloud Into Competitive Advantage,” firms must overcome three major cloud adoption challenges.

First, companies face different regulatory obligations in various geographies. Multinational organizations must map regulatory obligations to 26 different countries and jurisdictions as far-flung as Singapore, London and New York.

Second, cloud service providers (CSPs) often provide different levels of control in the cloud than in the data center. That leaves financial services firms to build the right controls to address how they store and use data and who can access it — wherever it is. Regulators express concern over the amount of sensitive information CSPs maintain, often without being subject to the stringent regulations that govern banks, according to Business Insider.

Third, financial services firms and CSPs need a common security framework. A major accomplishment was reaching a consensus among the consortium members on the Cloud Security Alliance (CSA) open source framework. Modifications make it possible to build a single framework that is fully integrated with risk management and cybersecurity controls.

Lay the Groundwork for Continuous Compliance

Our managed services solution helps answer these challenges with continuous compliance to meet requirements for workloads running on public clouds — not only for regulations impacting the cloud, but for the General Data Protection Regulation (GDPR), Financial Industry Regulatory Authority (FINRA), U.S. Securities and Exchange Commission (SEC) and other regulatory bodies. The solution was developed in three stages.

1. Build a Regulatory Database for All Geographies

A continuous compliance database maps to every regulatory authority around the world. The database also defines GDPR and other cybersecurity obligations. The service monitors changes and makes timely updates to an industry-standard cloud control framework and regulatory database.

2. Map All of the Regulations and Controls to Each CSP

Mapping to CSPs is critical to achieve a standard level of control and to meet or exceed controls financial services firms might use within their own firewalls. Our solution maps a standard set of controls to every CSP, whether it’s Amazon, Google, Microsoft or IBM.

3. Adapt the Solution to the Individual Financial Services Firm

Each financial services firm already maintains in-house controls. The managed services solution requires an adapter to map the standardized framework to the existing framework for each firm’s individual policies, standards and procedures.

Continuous Compliance in Action

One of the largest investment firms in the world recently implemented the continuous compliance managed services solution with impressive success. A team of back-office personnel previously spent each day combing the internet for new and changing legislation and determining the impacts on current controls. The employees made updates manually.

The work was painstaking, tedious, and labor- and time-intensive, but these compliance employees formed the firm’s frontline defense against regulatory risk. Our managed services solution will help enable the firm to reduce its staff while saving substantially on compliance and reducing the risk of regulatory fines and reputational damage.

Automate Compliance With Cognitive Computing

Compliance is not a one-time event, but rather an ongoing process of monitoring and maintaining. Automation and cognitive computing — including artificial intelligence (AI) and machine learning — are the engines behind better, more efficient cloud governance.

In the future, the continuous compliance service will use Watson for RegTech. Watson will initially ingest existing regulations. Then, Watson will not only identify changes and update regulations, but also revise the controls that correspond with each regulation. Once Watson is fully trained, the time to add a new regulation or update an existing one will shrink exponentially.

Transfer to Other Obligations, Technologies and Domains

Financial services firms ultimately need to be in complete, real-time alignment with their regulatory obligations worldwide. Firms can access the industry-standard database to consume and adapt to updates for policies, requirements and controls while still maintaining their own firm-specific controls and processes. Our managed services solution mainly covers financial services regulations for cloud computing. Going forward, look for the scope to extend to regulations covering myriad technologies and domains to help financial institutions of all stripes overcome their greater cloud adoption challenges.

Read the white paper: Turning the regulatory challenges of cloud into competitive advantage

The post Continuous Compliance Eases Cloud Adoption for Financial Services Firms appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Gary B. Meshell

Application Security, Application Security Testing, Cloud Adoption, Cloud Applications, Cloud Security, IBM Security, Security Services, security solution,

An In-Depth Guide to Application Modernization and Cloud Security

Hybrid IT has disrupted traditional IT due to its ability to introduce emerging technologies quickly. But what is hybrid IT? It’s a combination of “internal and external services, usually from a combination of internal and public clouds,” according to Gartner.

Enterprises, while reluctant to give up control of their data or face potential compliance challenges, recognize the benefits of using public and private cloud services. Security remains the primary concern for many chief information officers (CIOs) in adopting hybrid IT and cloud technologies as they pursue application modernization.

The concern is not without reason: Time and again, there have been major breaches in security where cybercriminals have managed to hack into prominent companies’ data. Not only do such breaches compromise user data and privacy, but they also create bad press for the affected companies and their cloud service providers (CSPs).

For this reason, cloud security is of the utmost importance in the context of cloud migration.

Cybersecurity Breaches Are Common

Cybercriminals are always on the prowl for opportunities to break into systems. Traditional, on-premise systems are not immune to such attacks. According to a 2014 survey from software company Alert Logic, there is no indication that cloud applications and data are more vulnerable than traditional systems, Forbes reported.

Therefore, it’s a myth that cloud computing is inherently less secure than a traditional approach. In fact, due to an increased focus on cloud security, applications and data on the cloud are becoming safer than in traditional systems.

The most notable recent hack that hit traditional systems is the WannaCry ransomware, which affected Microsoft Windows systems in May 2017. It was estimated that the attack impacted more than 200,000 computers across 150 countries — with billions of dollars in total damages.

The State of Cloud Security

Cloud technology is getting safer every day, but cybercrime techniques are simultaneously growing more sophisticated. This means that the challenge for cloud service providers is to keep one step ahead of cybercriminals.

Likewise, companies are implementing various measures to make the cloud more secure, but that doesn’t mean organizations that are migrating data can rely completely on the security of cloud infrastructure. Some of that security is also out of their control — Gartner warned in 2015 that through 2020, 95 percent of cloud security failures would be due to customer error.

Therefore, cloud security follows the shared responsibility model, which includes both the security “of” the cloud and “in” the cloud. It’s the CSP’s responsibility to protect the infrastructure that provides the services. Configuration, such as that of identity and access management (IAM) and firewall, security of the applications hosted, encryption of data and integrity of data is the responsibility of the customers.

Using this dual security model, both CSP and customers will own equal responsibility for ensuring the security of the data on the cloud. This model ensures that highest priority is given for the security of the cloud.

Secure Migration Processes

CSPs are already taking sufficient steps to ensure cloud security. If customers also step up to the plate by following the right processes and adopting a security testing strategy, the cloud will become much more secure as a result.

CIOs and transformation leads who are concerned about security can also use security as a driver for application modernization. In fact, business stakeholders are more likely to provide funding for applications and infrastructure identified as vulnerable.

Related to this Article

Security Services During Migration Planning

During migration planning, application security must be considered a top priority. Companies must ensure that applications are free from vulnerabilities and compliant with security standards before they are migrated to the cloud.

Many security services can be utilized during application modernization. Using all or some of these services will increase the security of the applications being migrated substantially.

Detect Application Security Vulnerabilities

Security scanning is the process of scanning source code, web applications and representational state transfer (REST) application programming interfaces (APIs) for potential vulnerabilities, as defined by the Open Web Application Security Project (OWASP) and the SANS Institute.

There are two types of security scanning:

  • Static or source code scanning
  • Dynamic scanning

In static scanning, the source code is scanned to find any security vulnerabilities. Going through code with tens of thousands of lines can be cumbersome and time-consuming, so automated tools are used for this purpose.

In dynamic scanning, the web application and/or REST APIs are tested dynamically by sending various malicious requests and checking for any existing vulnerabilities. There are many well-known tools available for automated dynamic scanning.

With the help of these tools, scanning services will help find many vulnerabilities — although the tools by themselves cannot find everything. The scanning can be integrated into the development operations (DevOps) workflow to automate the process. By fixing such vulnerabilities in applications before they are migrated, risk can be greatly mitigated.

Security Posture of Middleware and Third-Party Code

Applications that use old middleware components could be prone to security threats. Many of the applications being migrated may also use open source or third-party code. Even if the application’s code is designed and implemented in a secure manner, the middleware or third-party code may contain vulnerabilities that may eventually affect the application and lead to data loss.

An application’s security is only as good as its weakest component, so all middleware and third-party components need to be checked for vulnerabilities before migrating to the cloud.

Use Secure Frameworks

Developers tend to use their own methods to address security issues, which may lead to improper fixes. Using secure, well-known frameworks instead of proprietary methods can help avoid this. During migration planning, look for the presence of such proprietary code and replace it with frameworks that are known to be free from vulnerabilities.

Ensure Modernization of Insecure Legacy Components

Applications that have been developed the course of years may use legacy technology. These applications may have been written using old programming languages that may not be sufficiently secure. Such legacy components may have known vulnerabilities, and it is possible that they may not have been fixed due to end of maintenance or lack of support.

When migrating to the cloud, such legacy code or technology may lead to serious security concerns. But for a good security posture, it’s necessary to identify all such legacy components and modernize them to mitigate security risks.

Employ a Threat-Modeling Service

Adopting security standards during the development cycle — rather than fixing defects at a later stage — is always a good practice. For any application under development, threat modeling should be done during the design phase. Quite often, the development team may not be aware of the security aspects while designing and developing an application. Threat modeling helps in building a secure design by identifying security risks and mitigating them early on.

A security architect can facilitate collaboration between the development and threat modeling teams, answering a series of questions to identify weak areas in the design. This strategy can include reviewing an architecture diagram and evaluating how sensitive data is stored, how users are authenticated, how authorization is managed, what encryption algorithms are used and how session management is handled.

Addressing the risks identified during threat modeling ensures a secure posture and decreases the chance of security loopholes being carried into later stages of development. Identifying such risks early on can lead to cost savings down the road.

After following these processes, a company can identify major vulnerabilities. The applications that are found to be vulnerable to security threats should be the top priorities for modernization.

Security Techniques After Cloud Migration

Security needs a multi-pronged approach. Various methods can be used to enhance security posture before migrating applications to the cloud. Adopting these measures will help considerably to address security risks in the applications being migrated, but these methods alone may not be sufficient to address all risks.

Once these applications are migrated, the cloud infrastructure also needs to be assessed for any security weaknesses.

Read the story of an IT Director’s Road to Cloud Transformation

Create Access Control and Security Groups

Once applications and data are moved to the cloud, they are accessible from anywhere, and, therefore, need to be protected from unauthorized users. Simply relying on username and password authentication doesn’t provide enough security, as it’s vulnerable to various types of attacks. Apart from authentication, a proper authorization mechanism needs to be in place to ensure the authenticated user can only access the data they are supposed to access and not any other confidential data.

Therefore, access control plays a vital role in safeguarding private data. IAM and proper configuration are essential to ensure that only the right people have access to the particular resources. Security groups can also be used as an additional measure to configure filter rules to define how incoming and outgoing traffic must be handled between source and destination.

Implement Penetration Testing

Penetration testing is a testing methodology that tries to find and exploit security vulnerabilities in an application or infrastructure by simulating an external attack using various tools and techniques. The idea is to mimic an attack to find any existing security loopholes before a cybercriminal can. This method uses a combination of automated tools and manual techniques. As part of this, the person performing the penetration test tries not only to find potential vulnerabilities but also to exploit those vulnerabilities to gain access to the system, acquire sensitive information or bring down the service.

Automated scanning, also known as vulnerability assessment, can be used to find vulnerabilities, but automated scanners cannot be counted on to find every single vulnerability in an application. Vulnerability assessment is mainly used to find potential weaknesses over a breadth of areas in a short timeframe.

The emphasis is more on detecting potential vulnerabilities and less on exploitation. Scanners work on pre-defined rules, and different scanners will have their own strengths and weaknesses. These tools also may generate many false positives.

Penetration testing has become a necessity because it not only covers a breadth of areas but it also achieves a depth of testing that automated scanning cannot. Penetration testing utilizes a combination of tools and extensive manual tests to unearth vulnerabilities that a vulnerability assessment would be unable to find.

Exploitation of vulnerabilities also shows the impact those vulnerabilities could have on the business. Penetration tests are performed not only on applications but also on the network and infrastructure to ensure that they are secure.

Guard Against DoS and DDoS Attacks

Attacks that bring down a system and cause system downtime are called denial-of-service (DoS) attacks. DoS attacks can take various forms. Some examples of DoS attacks include user datagram protocol (UDP) flood, Internet Control Message Protocol (ICMP) flood and SYN flood, which aim to flood the network or consume network resources to deny genuine traffic. These are best handled at the network or infrastructure level using firewall rules and an intrusion detection system (IDS).

Application-level (layer 7) DoS attacks are hard to detect, as they appear as normal traffic and follow protocol rules. These types of attacks can bypass a firewall and target applications directly, which can be hard to detect.

Cybercriminals are able to bypass defenses against DoS attacks by employing a technique called distributed denial-of-service (DDoS) attacks. This is an attack where the malicious traffic originates from multiple sources. IDS and firewalls find it difficult to identify and block such an attack. Advanced techniques, such as next-generation firewalls, source rate limiting and DDoS traffic scrubbing services, can be employed to guard against such attacks.

Successful DoS attacks can cause service disruption and customer data loss and can significantly dent the reputation of a CSP. Thus, it’s necessary to have a good defense against such attacks.

Try Threat Detection

By taking a strategic approach to security, a company can ensure that applications migrated to the cloud are reasonably safe against most attacks. However, cybercriminals are getting smarter and bolder by the day as they continue to expose new vulnerabilities. This means it’s important to keep a watch on such attacks on the cloud. This is where threat detection plays a major role in keeping such attacks at bay.

Having a good threat-detection mechanism is a must to ensure that cyberattacks are detected in time. The volume of data is increasing exponentially — and it’s impossible to detect such threats manually. With the help of analytics and cognitive technologies, threat detection and response can be handled much more efficiently.

Read the story of an IT Director’s Road to Cloud Transformation

The post An In-Depth Guide to Application Modernization and Cloud Security appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Srikanth K Ballal

Artificial Intelligence (AI), Cloud Adoption, Cloud Security, Cloud Services, Cognitive, Security Analytics, Security Information and Event Management (SIEM), Security Intelligence & Analytics, Security Solutions, User Behavior Analytics (UBA),

What’s On the Horizon for SIEM Technology? Five Upcoming Innovations in Security Analytics

All solutions evolve over time as new technologies are introduced and market shifts occur — and security information and event management (SIEM) is no exception. The most recent changes in SIEM technology are driven by increased cloud adoption, the limited availability of IT talent and mounting regulatory pressure, as well as the growing variety and sophistication of cyberthreats.

What do these changes mean for the future of SIEM technology? Let’s take a step back and consider five significant shifts we expect to see over the next few years.

1. SIEM Will Shift From On-Premises to the Cloud

SIEM will be as relevant to software-as-a-service (SaaS) and cloud systems as it is to on-premises environments. SIEM’s original purpose was to help organizations correlate multiple security telemetry sources to generate a prioritized risk and threat view and provide a single pane of glass for investigations.

The same will be true in the future, except those on-premises sources will eventually be replaced by multiple cloud and SaaS sources.

2. SIEM Technology Will Become the Foundation of Security Analytics

Machine learning and behavioral analytics will become increasingly important, but they won’t replace rules. A security operations center (SOC) must detect both known and unknown threats.

Using rules and signatures is the fastest and most accurate way to detect known threats, but this strategy is not always effective for identifying unknown threats. It also requires many core data pre-processing steps, such as management, interpretation, curation and enrichment. As a result, SIEM technology will become the foundational layer of all security-analytics solutions.

3. AI Will Relieve Overworked Analysts

Artificial intelligence (AI)-powered analytics that investigate and determine the root cause of existing anomalies — as opposed to solutions that generate new alerts and anomalies — will emerge in the marketplace and become essential tools for both full-scale and ad-hoc investigations. AI analytics will not replace existing rules or machine learning anomaly detection algorithms — since these are essential to help analysts detect potential threat signals.

But these signals must be investigated, and many SOCs lack the workforce to do so. AI tools can conduct automated investigations, drive intelligence orchestration and remediation, and act as a force multiplier to make the security team more productive.

4. Cloud Will Make Security Analytics More Consumable

The majority of SIEM — and, therefore, security analytics — will be consumed from the cloud. It will become increasingly challenging for organizations to juggle the breadth of required data sources, operationalize uses cases and analytics and manage the big data infrastructure of a SIEM on-premises. Cloud services deliver much of these resources on demand and in a fully automated manner — dramatically increasing the consumability and utility of SIEM and security analytics tools within the enterprise.

5. AI Assistants Will Augment Human Analysts

AI assistants will be introduced into the market to help analysts set up, configure and continuously maintain use cases within the SIEM. As organizations and their IT infrastructures evolve, so must their security capabilities. Most companies will still struggle to keep abreast of these changes and close gaps that emerge as a result, but AI assistants will be able to perform assessments and automate much of this workload.

We are already seeing signs of this evolution today with AI-powered security analytics solutions, improved outcomes with the adoption of SIEM-as-a-service and newer analytics, such as user behavior analytics (UBA), domain name system (DNS) and cloud analytics, revolutionizing the way SOCs work. It’s an exciting time to be adopting a security analytics strategy — and both the security and cybercrime landscapes are sure to change drastically in the near future in response to these innovations in SIEM technology.

View the interactive infographic: Transforming Noise to Knowledge

The post What’s On the Horizon for SIEM Technology? Five Upcoming Innovations in Security Analytics appeared first on Security Intelligence.

This post appeared first on Security Intelligence
Author: Chris Meenan