It’s no secret that cloud adoption is growing—and at an incredible rate. This year’s Oracle and KPMG Cloud Threat Report survey showed that 87% of responding organizations now have cloud-first orientations.
Organizations, initially concerned about a lack of security in the cloud, have clearly decided that cloud benefits outweigh the risks—at least for some parts of their businesses. But, like any transformational change, cloud adoption also comes with its own unique set of challenges, especially when it comes to security. The dirty secret is that cloud adoption has led to the creation of a multidimensional data center, where new technologies run alongside traditional solutions. And all of it is managed and secured using islands of disconnected tools and process—at least for now.
The unintended consequence is that security teams have a metaphorical hand tied behind their back when it comes to detecting and responding to security incidents in their cloud environments. In fact, it was the most frequently mentioned concern by far, cited by 38% of respondents to our survey.
The root of this problem lies in the fundamental difference between securing on-premises infrastructure and cloud services. But one of the key issues is that these disparate and still expanding number of systems have buried security teams in a landslide of telemetry data.
Only 37% of survey respondents said that they can analyze a modest sample of their data (defined as 25% to 49%), and another 14% report they can only analyze small samples of their data (less than 25%).
Not only is the amount of data a problem, but to really understand what’s coming in, security teams have to be able to see the correlations between different data points. Unfortunately, the average cybersecurity professional has their attention split between about 46 different security products, making it hard to focus on any one thing for too long. It’s as if we buried our security teams in that landslide of data, handed them spoons, and told them to dig themselves out before they’re crushed. It’s just not humanly possible.
Cybercriminals figured out the answer to this problem a while back. It used to be that if you logged on to an unsecure Wi-Fi connection, some nefarious character could be hanging out there and start probing your system within a few minutes. It was a manual process. Today, it’s automatic. You connect to the network, and the automated systems are at your machine immediately.
What cybercriminals figured out—and what we have to learn—is that automated systems are much better at handling volume than humans. So, what we need to do is equip our security teams with the same basic technologies that the criminals already have.
Security teams are already using machine learning to find zero-day threats. Now, teams can use that same technology to automate the analysis of all that security event data.
It used to be that IT and security professionals were uncomfortable with handing such an important task over to automated tools. Now, it’s a necessity. In fact, more than a third of survey respondents said their organizations are actively investing in automated solutions. And almost another half are considering it.
With automation, security teams can go from distraction to being better able to hone in on the issues that matter most and get on a more level playing field with cybercriminals.