Hybrid cloud security means third-party specialists

Terry Pudwell claims that a mixed IT environment opens an opportunity for more managed security specialists

The future of cybersecurity cannot be considered separately from the future of computing in general, and arguably that future is dominated by hybrid cloud.

Public cloud services are great for on-demand computing and data storage, especially when there are variable and unpredictable computing resource requirements. The public cloud offers a strong proposition for transient, non-critical data especially. However, storage of vast amounts of static data such as customer details or processing audit trails via public cloud can be expensive and impractical.

Cloud services are not a panacea. There are limitations with public cloud services, especially where sovereignty and location of sensitive data or a guarantee of information security and integrity are factors.

So for most organisations, a blend of public cloud, such as in AWS; secure public cloud, such as Skyscape or Amazon's US GovCloud; and hosted or on-premise datacentres will be the only way to go.

Let's refer to this mixed IT environment as hybrid cloud, a blend of different types of computing environments and processing methods.

So it's not about a wholesale move to cloud. Cloud computing is just one important part of the IT mix that makes up the hybrid cloud or 21st-century IT environment.

Hybrid environments have consequences from a data and information security perspective. Hybrid cloud poses serious questions that legacy cybersecurity products and services cannot answer.

For example, first-generation SIEM that has provided essential security monitoring and services within the on-premise datacentre were never designed to operate in a highly complex, distributed hybrid cloud world.

In most cases, these outdated security monitoring offerings were designed for a clearly delineated IT environment, and they would normally receive log and event data and other essential cybersecurity intelligence, such as geolocation, risk status, or configuration data, by whatever means, all normalised into a proprietary form they can process.

Their focus is on processing normalised and standardised data, regardless of integrity or provenance. And, once normalised and ingested by old-style SIEM tools, the customer no longer owns the data.

In the hybrid cloud world, that approach no longer works. We cannot leave the responsibility of collecting and forwarding sensitive intelligence to cybersecurity teams to third-party cloud or infrastructure service providers.

Some public cloud services are now exposing useful security and audit data that is getting closer to what is provided by datacentre products, but the cybersecurity offerings have to be able to go and grab that essential data.

Next-generation SIEM, configuration assurance and security monitoring must manage the collection and integrity of cybersecurity intelligence directly from the source (from the systems, databases, applications and devices that produce the log data) as well as providing resilience in case of network or system failures.

These cybersecurity solutions must work seamlessly across the whole public cloud, private cloud and virtual IT infrastructure, regardless of location or provider.

With all this change, there is yet another major challenge to cybersecurity: a worldwide shortage of skilled, experienced and motivated security professionals.

It's not so much a problem for global banks and other major organisations with the funds to recruit and retain top-quality cybersecurity teams – although, increasingly, even quite large organisations are simply not in a position to successfully deploy and exploit complex cybersecurity technology.

They don't have the specialist cybersecurity professionals needed to work this stuff.

For the vast majority of organisations, the only viable way to protect their information systems and sensitive and valuable data will be to commission cybersecurity monitoring services from specialist organisations.

Managed security services provision is growing rapidly, almost matching the expansion in hybrid cloud, and national, regional and organisational security operations centres are being built to deliver the monitoring services that are needed. This can be viewed as delivering security monitoring services via the cloud, but rarely will critical security data be held in public cloud environments, for obvious reasons.

Just as organisations don't want to maintain ever-expanding teams of systems and database administrators – especially when the skill sets are hard to find – when some of these functions can be provided as a service by cloud and hosted providers, the same applies to cybersecurity monitoring.

There is no longer any need to hold specialist cybersecurity skills in-house. Organisations can concentrate their information assurance efforts where they are really needed: understanding the value, location and risk profile of key internal information and IP assets. That stuff really does have to be kept in-house.

Terry Pudwell is co-founder of Assuria