Adoption of Infrastructure as a Service (IaaS) continues at a rapid pace. According to Frost & Sullivan’s 2018 cloud user survey, over 55% of the survey respondents state they currently use IaaS and another 22% will within two years. Yet, security within the cloud remains a top-of-mind concern and is a principal reason why cloud-deployed workloads are repatriated to enterprise-managed environments.
How then should organizations gain the advantages of IaaS without increasing their security risk? Although simple to say “take your current security technologies with you,” the reality is that a “lift and shift” approach may miss the mark as your current security technologies may not be “cloud friendly.” Rather, we believe a stronger approach is to choose your familiar security technologies that are designed as cloud-friendly and hosted in the same cloud as your workloads.
Let’s take vulnerability scanning as an example. With speed and scalability being driving factors in IaaS adoption, injecting vulnerability scanning into existing and future workloads must have a snap-on, frictionless attribute. Just a few intuitive clicks within build and deploy can make the difference between workloads verified free of known vulnerabilities versus those that are exposed. Explaining why a compromise occurred because of a known vulnerability is never a pleasant conversation.
Workload visibility is also essential. Workloads cannot be protected if their existence is unknown. For this reason, vulnerability scanning must have direct visibility into the account structure that the cloud provider has for its IaaS customers. Again, a “didn’t know that was our workload” is not a pleasant conversation.
Back to speed, vulnerability scanning should operate on cloud time. Reaching into cloud workloads from the outside not only adds latency, it incrementally adds bandwidth cost. Follow the good neighbor policy and eliminate that friction by choosing vulnerability scanning that happens within the same cloud platform as your workloads.
Finally, it’s a global economy. Whether now or later, your reach will cross geographic boarders. All major cloud providers have global reach with regional and local segmentation. Vulnerability scanning integrated with the cloud provider inherits global reach with the segmentation needed to comply with data sovereignty and locality regulations.
Whether your organization is already using IaaS or making the move, security should not be an afterthought. Built-in rather than bolt-on has proven to be the better approach. But building in does not mean compromises on how you want the cloud to work for you and protect your valuable assets. Our advice, choose cloud security services that have cloud-friendly attributes built in.
Need More In-Depth Info?
Contact us and one of our experts can help with any of our cybersecurity solutions.