Three Reasons Your Cloud Security Teams are Overwhelmed

Date post: 21-Jan-2018
Upload: trend-micro
View: 1,875 times
Download: 1 times
And what it means for your business reasons your cloud security teams are overwhelmed
And  what  it  means  for  your  business

       reasons  your  cloud  security  teams  are  overwhelmed  

Today’s  cloud  and  security  teams  are  asked  to  

Although  the  capabili:es  and  cost  of  select  SecOps  solu:ons  have  kept  pace  with  the  widespread  adop:on  of  public-­‐cloud  services  like  AWS  and  Azure,  many  organiza:ons  try  to  protect  their  expanding  cloud  workloads  without  the  proper  support.    


It’s  simple:

It’s  no  wonder  so  many  companies  are  feeling  overwhelmed  by  the  demands  of  cloud  security.

Organiza:ons  that  have  moved  to  the  cloud  expect  IT  staff  to  protect  more  servers  and  resources  than  ever  before—but  oMen  without  the  budget,  training,  or  tools  needed  to  do  the  job  well.      Their  teams  are  forced  to  be  firefighters,  not  innovators,  which  makes  it  difficult  to  focus  on  strategic  goals.    

say  that  one  of  their  top      challenges  is  finding  a  balance            

between  day-­‐to-­‐day  opera:ons  and  the  :me  they  need  to  pursue  innova:on  and  

business  ini:a:ves.  

62%    of  CIOs      

 Source:  Data  Centers  in  Flux:  The  IT  Op5miza5on  Challenge,  Q3  2016,  IDG  Research,  2016    

Why  exactly  are  cloud  and  security  teams  stressed  out?

Server   sprawl  

The  wrong  tools   for  the  job  

The  human   element  

Too  many  servers,    applica:ons,  and  data    to  effec:vely  manage  

Lack  of  specific    cloud  security  skills    

and  training  

Inadequate    technology  doesn’t    

support  business  goals  

LeD  unaddressed,  these  three  factors  can  create  big  problems  for  your  business.  

In  the  pages  ahead,  we’ll  take  a  look  at  the  root  causes    of  these  pain  points  and  see  how  they  can  affect  your  business.  

Server   sprawl  

The  wrong  tools   for  the  job  

The  human   element  

   Server  sprawl  Too  many  servers,  applica:ons,  and  data  to  effec:vely  manage    

As  many  organiza:ons  expand  and  new  projects  launch,  they  add  IT  infrastructure  incrementally  to  meet  short-­‐term  needs.  While  the  cloud  makes  it  easier  than  ever  to  add  servers,  this  can  result  in  addi:onal  server  sprawl.  

 Too  oMen,  this  patchwork  approach  results  in  an  underu:lized,  expensive  network  that  stands  in  the  way  of  long-­‐term  goals.    

SecFon  1 Server  sprawl  

It  all  starts  with  the  servers.

Source:  New  data  supports  finding  that  30  percent  of  servers  are  "Comatose,"  indica5ng  that  nearly  a  third  of  capital  in  enterprise  data  centers  is  wasted,  Anthesis  Group,  2015  


Sound  familiar?   You’re  not  alone.  Server  sprawl  is  a  global  problem.  

About  30%  of  all  servers  are  unused  

SecFon  1 Server  sprawl  

That’s  an  es:mated  10  million    “comatose  servers”  worldwide  


SecFon  1 Server  sprawl  

Source:  New  data  supports  finding  that  30  percent  of  servers  are  "Comatose,"  indica5ng  that  nearly  a  third  of  capital  in  enterprise  data  centers  is  wasted,  Anthesis  Group,  2015  


LeD  unchecked,  server  sprawl  can  have  a  big  impact  on  your  business—and  not  in  a  good  way.  

Businesses  that  suffer  from  server  sprawl:  

Lack  real-­‐:me    visibility  into  their    security  state  

Waste  money    keeping  underu:lized  

servers  running  

Spend  too  much    :me  on  server  management  

Can’t  respond    to  security    

incidents  promptly  

SecFon  1 Server  sprawl  

UnderuFlized  servers  and  lack  of  security  

controls  can  cost  you  in  more  ways  than  one.

Security  threats  are  becoming  more  frequent.  

Approximately  82,000  serious    cyber  security  incidents  in  2016  


SecFon  1 Server  sprawl  

 Source:  Cyber  Incident  &  Breach  Response,  Online  Trust  Alliance,  2017          

And  more  costly.  

Average  total  cost  of    a  data  breach  =  about  $4  million    


SecFon  1 Server  sprawl  

 Source:  Cyber  Incident  &  Breach  Response,  Online  Trust  Alliance,  2017          

The  human  element  Lack  of  specific  cloud  security  skills  and  training  

The  tradiFonal  role  of  the  IT  security  team  has  expanded.   Many  organiza:ons  now  expect  their  DevOps  team  to  handle  both  deployment  and  cloud  security.  Without  adequate  skills  and  training,  the  demands  of  this  hybrid  “DevSecOps”  role  can  be  overwhelming—and  IT  professionals  know  it.          

SecFon  2 The  human  element  




Lack  of  resources  

and  exper,se  

The  #1  cloud  challenge  in  2016:  

SecFon  2 The  human  element  

 Source:  State  of  the  Cloud  Report,  RightScale,  2016    

Cloud  workloads  have  vastly  different  protec:on      requirements  than  on-­‐premises  data  centers  do.  They  need  to  be  managed  by  staff  with  appropriate  skills  and  adequate  training.        Your  deployment  specialists  and  coders  may  be  experts  in  their  field,  but  that  exper:se  may  not  apply  to  cloud  security  opera:ons.  

SecFon  2 The  human  element  

Many  organizaFons  rely  on in-­‐house  talent  for  their  security  needs.   Why?  

In  2016,    

46%    of  organiza:ons    had  a  shortage  of    cyber  security  skills  

SecFon  2 The  human  element  

The  global  shortage  in  security  professionals    is  one  big  reason.  

 Source:  Through  the  Eyes  of  Cyber  Security  Professionals,  ESG/ISSA,  2016        

Many  organizaFons  rely  on in-­‐house  talent  for  their  security  needs.   Why?  

That’s  an    

18%    increase    from  2015  

SecFon  2 The  human  element  

The  global  shortage  in  security  professionals    is  one  big  reason.  

 Source:  Through  the  Eyes  of  Cyber  Security  Professionals,  ESG/ISSA,  2016        

Most  cyber  security  professionals  begin  their  careers  elsewhere.  

Then  gained  cyber  security    training  and  cer:fica:ons    78% of  security  experts    began  as  IT  generalists    

SecFon  2 The  human  element  

 Source:  Through  the  Eyes  of  Cyber  Security  Professionals,  ESG/ISSA,  2016      

Due  to  the  global  shortage  of  cloud  security  specialists,  it  makes  sense  to  look  within  your  own  IT  department  to  develop  the  cyber  security  talent  you’ll  need.  

Earn  addi:onal  security  cer:fica:ons  

Afend  specific  training  courses  

Join  professional  organiza:ons  

Receive  on-­‐the-­‐job  mentoring  

Promising  IT  staff  should:  

SecFon  2 The  human  element  

Your  cloud  and  security  team  can  deploy  and  defend  environments  based  on  standardized,  approved  templates  and  rules—which  saves  :me  and  improves  legal  and  security  compliance.  

With  automa:on    

SecFon  2 The  human  element  

ShiDing  workloads  to  the  cloud  enables  greater  automaFon,  both  in  deployment  and  in  protecFon.  

Your  overworked  cloud  and  security  teams  must  rely  on  :me-­‐consuming,  error-­‐prone  processes  that  introduce  irregulari:es  and  expose  you  to  the  risk  of  compliance  failure.  

SecFon  2 The  human  element  

Without  automa:on    

ShiDing  workloads  to  the  cloud  enables  greater  automaFon,  both  in  deployment  and  in  protecFon.  

Inadequate  technology  doesn’t  support  business  goals      

The  wrong  tools    for  the  job  

We’ve  seen  how  an  expanse  of  underu:lized  servers  and  a  deficit  of  skills  can  drive  up  costs  and  expose  organiza:ons  to  risk,  

SecFon  3 The  wrong  tools  for  the  job  

but  how  do  the  security  tools  you  use  every  day  impact  your  business?  

Every  business  must  strike  the  right  balance  between  cost,  usability,  and  effecFveness  when  considering  cloud  security  opFons.  

SecFon  3 The  wrong  tools  for  the  job  

Unfortunately,  too  many  organizaFons  don’t  invest  in  the  proper  technology  to  ensure  the  longevity  of  their  business.   They  rely  on  aging  or  ineffec:ve  legacy  systems  or  a  patchwork  of  uncoordinated  tools  to  manage  data  security  opera:ons—and  therein  lies  the  danger.    

SecFon  3 The  wrong  tools  for  the  job  

Legacy  security.  On-­‐premises  hardware  and  soMware  may  be  familiar  and  inexpensive,  but  they  lack  the  capabili:es  to  protect  elas:c  cloud  and  hybrid-­‐cloud  workloads,  or  may  not  work  in  the  cloud  at  all!  

SecFon  3 The  wrong  tools  for  the  job  

Why  not  just  sFck  with  what  you  know?

Mul,ple-­‐interface  security.  Businesses  oMen  arrive  here  organically  aMer  adding  more  systems  incrementally  over  :me.  Inefficiency,  security  gaps,  and  expensive  licenses  are  hallmarks  of  this  approach.  

SecFon  3 The  wrong  tools  for  the  job  

Why  not  just  sFck  with  what  you  know?

Visibility  and  vigilance  are  the  keys  to  cloud  security,  but  yesterday’s  security  soluFons  struggle  to  provide  real-­‐Fme  insights  into  your  workloads.      

Legacy  security    doesn’t  provide  visibility  into  dynamic  cloud  environments,  which  makes  it  difficult  to  defend  against  threats.  

 Mul:ple-­‐interface  security  relies  on  numerous  tools  for  management  and  repor:ng  instead  of  a  single  view  of  your  security  state.  

SecFon  3 The  wrong  tools  for  the  job  

Analysts  predict  that  by  2018,  the  60%  of  enterprises  that  implement  appropriate  cloud  visibility  and  control  tools  will  experience  33%  fewer  security  failures.  

60%  33%  

SecFon  3 The  wrong  tools  for  the  job  

 Source:  Gartner  Predicts  2017:  Cloud  Security,  Gartner,  2016      

In  addiFon  to  a  lack  of  visibility,  inadequate  security  systems  can  actually  impact  your  organizaFon’s  producFvity.    Here’s  how:  

Lack  of  automa:on  forces  IT  staff  to  manually  perform  processes  like  soMware  and  

policy  updates  

Minimal  integra:on  with  third-­‐party  soMware  creates  inefficiencies  and  errors  

Scans  and  patches  slow  down  your  en:re  system  

SecFon  3 The  wrong  tools  for  the  job  

OrganizaFons  with  inadequate  IT  budgets  and  decentralized  security  tools  run  the  risk  of  ransomware  a_acks,  data  breaches,  or  data  security  compliance  issues.    

$5,000  to  over  $100,000  per  month  +  increased  transac:on  fees  from  financial  provider    

Fines  for  PCI  DSS  compliance  viola:ons:        

SecFon  3 The  wrong  tools  for  the  job  

 Source:  PCI  Compliance  Guide,  PCI  ComplianceGuide.org    

$100  to  $1.5  million    per  incident  +  possible  criminal  penal:es    

Fines  for  viola:ng  HIPAA  rules:  

SecFon  3 The  wrong  tools  for  the  job  

OrganizaFons  with  inadequate  IT  budgets  and  decentralized  security  tools  run  the  risk  of  ransomware  a_acks,  data  breaches,  or  data  security  compliance  issues.    

 Source:  HIPAA  Viola5ons  and  Enforcement,  American  Medical  Associa:on  

Next  steps  The  challenges  posed  by  server  sprawl,  a  lack  of  skilled  human  resources,  and  inadequate  security  tools  create  a  perfect  storm  that  can  overwhelm  an  IT  department  of  any  size  

Your  IT  staff  are  the  appointed  protectors  of  your  organizaFon’s  precious  data.

They’re  a  crucial  resource  for  combanng  security  threats  and  staying  in  compliance—and  their  job  isn’t  genng  any  easier.  

Next  steps  >  

The  number  of  applicaFons  the  average  enterprise  IT  department  manages  is  growing  every  year.

They’ve  got  a  lot  on  their  plate,  and  they  can’t  tackle  it  all  without  the  right  mix    of  training,  tools,  and  support  from  you.    

376  applicaFons  in  2016

426  applicaFons    by  2018

Next  steps  >  

 Source:  Data  Centers  in  Flux:  The  IT  Op5miza5on  Challenge,  Q3  2016,  IDG  Research,  2016    

Overworked,  underequipped  IT  departments  can  have  a  huge  impact  on  the  profitability,  producFvity,  and  security  of  your  business.    Too  many  organiza:ons  are  unable  to  implement  a  solu:on  that  helps  them  solve  this  problem  before  it  begins  to  compound  into  more  serious  issues.  

Next  steps  >  

But  here’s  the  important  thing:

Increasing  your  cloud  security  capabili:es  doesn’t  mean  increasing  your  head  count.  With  the  right  technology  in  place,  your  cloud  and  security  staff  can  focus  on  work  that  helps  grow  your  business  instead  of  punng  out  fires.  

Next  steps  >  

How  much  do  server  sprawl,  the  human  element,   and  the  wrong  tools  for  the  job  impact  your  business?  

Fill  out  evalua:on    

Next  steps  >  

Complete  our  short  cloud  security  evalua:on  to  get  a  befer  understanding  of  the  risks  you  face.  

©2017  Trend  Micro  Incorporated.  All  rights  reserved.  
