Does Your Cloud Environment Have Enough Protection?

February 7, 2017

This is the third installment in a three-part security series by OnX Director of Product Management, Chris Munoz.

You move data to the cloud for convenience and cost savings. Everything’s fine till a data breach nullifies the reasons why you embraced the cloud in the first place.

Threats to cloud environments come from just about every angle (see “The Dirty Dozen” in this InfoWorld article). The average breach goes undetected for more than nine months, and attack vectors are multiplying. If they can’t spear-phish their way in, they’ll creep in through a gap in a web app.

More than two-thirds of organizations find out about breaches from third parties. That underscores the value of Managed Security Services Providers (MSSP), experts who do the crucial security work that might be beyond the resources of your IT department.

Depending on your needs and resources, you’ll typically need one to three levels of security protection in cloud environments.

Level One: Essential Protection

Your first line of advanced support is built on a basic, straightforward foundation that’s easy to implement.

Log manager and log review. This analyzes the huge volumes of data in your cloud. You can look for things like performance management, security incident response, and compliance requirements.
Fully managed intrusion detection. Comprehensive log data analysis is just the start. A more robust approach is to have around-the-clock intrusion detection, which uses sophisticated algorithms to flag anomalies in your network and data usage.

Level Two: Advanced Protection

Your next level combines both log analysis and intrusion detection.

This means you have people watching your networks 24/7. If a breach happens at 3:30 in the morning, your MSSP team will flag it. That takes a major burden off your IT people.

Advanced protection means data from across your cloud environment is being monitored for anomalous, suspicious or malicious activity, and alarms can go off at the first sign of trouble.

Having highly trained experts on hand is crucial because people are naturally more clever than the machines they are trying to outwit. Intrusion detection, for example, is far from fool-proof — it’s basically the equivalent of a burglar alarm: A human needs to analyze the suspected intrusion to confirm it’s an attacker rather than a legitimate user.

Another advantage of advanced security protection is that you’re not shelling out major capital outlays on equipment or software that quickly becomes obsolete.

Level Three: Web Application Firewall (WAF)

If your organization has web applications, there’s a fair chance they aren’t particularly secure. Web apps often get created for specific reasons that place a low priority on security, which makes them a favored target of hackers.

A web application firewall (WAF) provides an extra layer of defense by interpreting incoming traffic and blocking anything that looks sneaky or unauthorized. The big challenge is that it’s a major undertaking to monitor, manage and tune a WAF on your own.

Bringing More Expertise To Bear on Cloud Security

Companies running all of these levels of protection still get hacked. If your system is running an unsecured app that hackers find out about before you do, they might be able to get in without setting off any alarms.

The value of using an MSSP is that they give you the ability to arm yourself against human adversaries and malicious intruders. Experts dedicated to your security track the latest news on threats and scan your systems continually for vulnerabilities. Hackers can’t be everywhere, so a human team of security experts often can close holes in your systems in time to prevent a breach.