This blog post was written by guest IDC blogger Christopher Rodriguez and sponsored by Check Point and Oracle Cloud Infrastructure.
In 2020, the U.S. Space Force introduced a new intelligence sharing program called “Kobayashi Maru.” The term comes from Star Trek II: The Wrath of Khan and refers to a test for potential Starfleet captains. The test is unwinnable. For sci-fi fans, the term instantly conjures to mind a dilemma and an unfair choice. As it turns out, the correct answer is to simply reject the premise entirely and create a third option for yourself.
Conventional IT wisdom poses a similar unfair dilemma about the trade-off between the cloud and security. In the early days of cloud adoption, buyers knew that the move to the cloud was key to meet the scale and agility needs of the digital transformation era. But cloud security raised many questions that had yet to be answered, including the following examples:
-
Is it sufficient to port over a virtual appliance of best-of-breed security tools from on-premises environments?
-
Does cloud security inherently require different technologies or providers?
-
What aspects of cloud security are the organization’s responsibility?
-
What does cloud security mean?
Customer expectations at the time were scattershot at best. Fortunately, the emergence of the shared responsibility model helped rein in the confusion. However, these questions were rooted in the expectation of a trade-off. Five years ago, that might have been a more reasonable expectation. For IT buyers, the challenge was in the lack of consistency. Some cloud providers have taken a security-first approach to the design of their cloud infrastructure while others take a more laissez-faire approach.
Currently, the requirement for this trade-off is dwindling. Cloud providers have bolstered the security of their cloud infrastructure. Security partnerships provide the opportunity to quickly implement more, purpose-built security from third-party trusted security vendors. In considering the move to the cloud, the following key questions can trigger false choices in decision making.
Extend or start over?
The established best-of-breed security technologies in which an organization is already invested has extensive value. Security vendors have poured years of development into these products and continue to invest in research to defend against the latest threats. These solutions are typically time tested and hardened after years of use. More importantly, familiarity is the foundation for expertise. The move to the cloud doesn’t need to ditch familiar and powerful security tools. Starting over with new security solutions likely requires a steep learning curve.
How best to manage separate security consoles?
By extending known security controls to the cloud, security settings for on-premises and cloud environments can be managed in tandem, in the same console and workflow. Ideally, the goal is to avoid console sprawl. IT organizations are already overwhelmed by the never-ending march of new tools and management consoles requiring individual attention. These new options are time drains. More worryingly, a lack of single pane of glass management increases the chances that an alert is overlooked or that gaps in policy might emerge over time. The unified console approach offers other benefits, such as reducing time spent on training staff or avoiding the costs of hiring specialized staff and delivering business value that can be and should be quantified and measured.
Basic security or advanced security?
In the early days of cloud computing, IT buyers expected to receive essential, but limited, security capabilities. These cloud security capabilities typically focused on basic stateful firewall protection and ACLs. Modern cloud environments are designed for security, including network segmentation, privacy, identity, data security, and compliance. You can implement other advanced security solutions in these environments too, such as sandboxing, threat analytics, application control, anti-bot, automation, and others.
Conclusion
For most organizations, cloud security necessitates the ability to secure multiple cloud environments and hybrid cloud deployments with consistency and efficiency. However, the state of cybersecurity today also requires best-of-breed technologies to defend against ransomware, supply chain attacks, and nation-state threats. The challenge has been to adapt existing tools consistently and comprehensively to these complex cloud environments and every new computing environment that digital transformation brings. However, cloud providers and security vendors are working together to address these challenges, making security frictionless, consistent, powerful, and integrated—all at cloud scale.
For more information about one such partnership and cloud security considerations, read the IDC Tech Spotlight, Cloud Native Network Security Enables Successful Cloud Migration.