The cloud security problem is not really a problem any more. Indeed, we have the best security technology in the public clouds these days, and in some cases it’s better than what’s in the on-premises systems that are no longer receiving the R&D spending love.
So, if security is so good in the cloud, why do so many in IT believe there an issue? The fact is that public cloud never works alone (although it seems that way if you listen to the public cloud providers). They need to interact with third-party systems, such as credit-checking services and data-validation services, as well as many systems running on traditional on-premises platforms.
As many good security people will tell you, security is only as good as the least secure systems in the enterprise, cloud or not. So, all security must be systemic and work together. And that’s how it is in the cloud.
This system synergy is rarely factored in when IT thinks about cloud security. Many enterprises look at cloud security as something that needs to just exist in the cloud. However, it has to be in their cloud-connected on-premises systems too.
IT doesn’t need more security technology tossed into the mix; instead, IT needs better integration of all security systems into a single unified approach and technology stack that can work and play well together.
The good news is that there are “single pane of glass” products on the market that can meet the needs of integrating identity management systems on the cloud with more traditional role-based security on premises. Typically, directory systems become the common link, but these security systems can also share threat profiles, auditing, and proactive breach attempt management.
So, what’s an enterprise to do to achieve that security integration? Here are a few things that should make your path to security synergy more successful:
First, establish a plan for how the security systems are going to talk. For the most part, this is a secure directory system, but there are common databases you can also use. Note that you will have to plan and coordinate across organizational silos.
Second, find a security management and monitoring product that provides a “single pane of glass” between you and the security systems, both on-premises and in the cloud. This should be the single source of truth when it comes to who, what, when, how, and why. It’s kind of a mastermind for all enterprise security.
Third, cross-system security testing should be a common occurrence. Often overlooked by IT, such testing will provide tuning for your security ecosystem and spot issues before the hackers do.
While all this seems simple in concept, it’s actually a pain in the butt to deploy. If you’re dealing with all systems in an enterprise, organizational politics often pops up. Also, many enterprises lack the talent needed to get security going at all points. But you still need to do it, because the alternative is very unpleasant.