Why cloud security automation is key

June 19, 2018

A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP

Dads say this all of the time, “A good offense is a good defense.” What does that mean when we talk about cloud?

To me, it means that people try to be proactive, which includes actively looking to spot minor issues and resolve them before they become real issues. Specific to the world of cloud computing, this means that we keep tabs on operations issues, such as security breaches, and address those issues as soon as we see them.

This is not the norm today. People tend to be very reactive when it comes to security, even cloud computing security. While there are typically plans in place to deal with breaches, there aren’t always plans to proactively monitor for attacks, or to even monitor patterns that may lead up to attacks (such as denied login attempts) or help prevent them (such as blocking that IP address).

This passive security culture has predictably resulted in trouble. The morning news is full of stories of major breaches where information has been compromised. The result is not only the impact of lost data, but it’s also the loss of your customers’ and shareholders’ trust. Indeed, we’ll likely see companies that go under due to a breach that they could not recover from.

So, what’s an enterprise moving to the cloud to do? Think ‘proactive automation’ for your approach to security, and leverage the technology that can provide it to you.

The key objectives of cloud security automation are as follows:

• The ability to monitor all outside behaviors, including all users and any other access behaviors, to determine any patterns outside of the norm. This means doing a polling type of process where thousands of points are checking in.
• The ability to take behaviors outside of the norm and determine if they fall into a pattern of an attack. While you would think this would be binary, it’s really a matter of degrees, or the likelihood that the attack is real. The purpose of this is to avoid automatic shutdowns for users who may just be accessing the systems in different ways. For instance, many cloud-based systems have blocked IP addressing believing them to be distributed denial-of-service (DDOS) attacks, when users were only increasing the use of the systems due to some business deadline.
• The ability to automatically block an attack. If you get a text saying that you’re being attacked, it’s too late. If you get a text saying that an attack was prevented proactively, you’re still good. You can take action to determine what happened and how to prevent it.

So, why would you not go the way of automated proactive security? First, it can be expensive, or, more expensive than non-automated security. The tech is costly, and it takes some time to get this working. Second, it requires some heavy-duty security talent to both set this up effectively, as well as maintain it. Finally, it’s not foolproof. While many want 100 percent-effective security, that does not exist. You can reduce the risk, but not eliminate it.

So, being proactive and automated is key. If you’re moving to the cloud, this is likely the most effective option to protect your cloud-based systems with state-of-the-art security.