Facing shifting tech, risks, and culture, security pros share what matters most in new report
Security Advisor, Office of the CISO, Google Cloud
Head of Security Operations Product Marketing
Why Google Cloud?
Get unmatched cloud technology built on Google’s infrastructure.Learn more
Many IT leaders look at their cloud journey as a way to drive technical innovation and efficiency. It turns out, many of them also view it as an opportunity to improve their security posture and reduce the risks they face. Does this sound familiar?
Today, the Google Cybersecurity Action Team (GCAT) published the State of Cloud Detection and Response Report, which surveyed 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediating cloud-based threats. It found that organizations that are contemplating or working on their digital transformation face a busy intersection of technological upgrades, evolving risks, and cultural shifts.
More than 70% of respondents said “entire classes of threats” are eliminated by migrating to the cloud, and 82% said the cloud can process more data, which supports better threat detection overall. Here are three key findings that can help CIOs and the rest of their organization improve their security posture and better manage the risks they face.
1. Technological upgrades: More automation is vital to solving short-term and long-term security challenges, especially for cloud-heavy organizations. Cloud requires automation, but also enables security automation opportunities that on-premises can’t provide.
For example, 25% more survey respondents said that the richness of security telemetry in the cloud, the ability to automate, and the ability to rapidly learn from security incidents are far greater “opportunities” in the cloud than on-premises. The automation required to be successful in the cloud encourages even further investment in automation, as tasks that your security team would deem tedious before moving to the cloud, such as blocking access or disabling credentials, can be automated away in the cloud.
2. Evolving risk: While cloud and on-prem infrastructure has some differences in the way it needs to be secured, an organization's security needs to be thought of holistically. The threats faced by the cloud can share many traits with threats to on-premises environments, but they can also be vastly different and highly dependent on your specific cloud needs.
For example, if you lift and shift virtual machines from a datacenter to the cloud, and create network architecture the way you would for an on-premises environment, securing and responding to attacks against that infrastructure may feel familiar. If you are a cloud-first organization dependent on Kubernetes and software-as-a-service, your security experience may feel dramatically different.
Another aspect to consider is your approach to security. If you secure your cloud infrastructure the same way as your on-premises infrastructure, you may experience the same kinds of security risks, such as gaps in visibility and misconfigurations.
Ultimately, the security threats an organization will face depend on how it is using the cloud. As threats evolve and adapt, vigilance is needed to keep pace with them, a task that the cloud makes easier because the tools are more advanced, according to 55% of respondents.
3. Cultural shifts: There’s much more to cloud technology than its use as a remote datacenter. Instead of primarily focusing on tooling, organizations should use the opportunities created by software-defined infrastructure to support the development of personnel and frameworks that can take full advantage of the IT transformation potential.
However, cloud can only deliver on its potential if teams have cloud-specific security skills — and even then only if they can keep their skills current. While the report didn’t directly address the importance of recruiting and training a more diverse workforce, the most successful security workforces of the future will be more diverse than they are today.
To avail ourselves of the best solutions possible to protect organizations and their customers, new perspectives are needed: Just because a security seat has been filled doesn’t mean that the person working that job has been trained for cloud security threats.
How to get started
Start with what you know. Organizations should focus first on their cloud security journey with their on-premises blueprints as long as they evolve to a cloud-focused blueprint before their cloud approach becomes entrenched in a legacy mindset. As noted in the report, “Moving to the cloud provides the opportunity to rethink how your security goals can be achieved with the new opportunities created by cloud process and technology.”
Cloud computing has changed the way we interact with IT and data. While managing risk and defending against security threats continue to be paramount challenges no matter what environment organizations choose to operate in, the cloud presents new possibilities, raises new questions to answer, and opens new opportunities for securing your organization.