Organizations are adopting the cloud across the stack, that is, applications (SaaS), platforms (PaaS), and infrastructure (IaaS). While cloud adoption started with applications, in the past few years, adoption of cloud infrastructure has grown rapidly. For example, the recent Oracle-KPMG Cloud Threat Report, 2018, found that 51% of the respondents were actively adopting IaaS, and a vast majority of them (81%) leverage more than one cloud IaaS. In fact, RightScale’s “2018 State of the Cloud Report”, found that 35% of businesses plan to increase their spend on public cloud services by 50% or more. While these statistics are quite staggering, the security challenges that are posed by this growth can be quite significant. While there is general consensus that there is a lot more comfort and confidence about security in the cloud, the biggest challenge we have seen is how IaaS services can be configured and monitored for security.
Many organizations struggle with the shared responsibility model for security in the cloud, particularly as it relates to securing IaaS. One of the challenges they face is defining what secure use of IaaS is and who is responsible for it. While the services themselves are inherently secure and provide many options to fine-tune security, these services may be misconfigured, or may not adhere to the information security team’s standards. The ephemeral nature of the services makes it harder to manage. Leveraging multiple vendor services across departments/business units adds to the complexity. While each of these IaaS solutions is secure, information security teams and SOC operators do not have to use multiple tools for managing a consistent security posture, monitoring usage and configuration changes across IaaS solutions and gaining visibility into SaaS applications.
The above challenges are discussed in greater detail in an upcoming webinar. Tune in and listen to Arun Goel, Director of Product Management for Oracle’s Cloud Access Security Broker (CASB) Cloud Service, and other industry experts discuss these issues and potential solutions to address these challenges.