The field of information security hides a dark secret from us: We are fighting a losing war and losing our position at an alarming rate in the form of data leaks. This is not because we are not trying to protect the assets of the enterprise, but because it is a simple fact: the attackers have more time and tools to attack than our defenses. Some enterprises simply do not have enough money to invest in the resources needed for information security programs, while others try to deploy "half-baked" information security programs to meet compliance requirements with minimal personnel and budgets. It is not a secret that we are fighting a losing battle.
However, the times are changing, and there are new weapons in the arsenal of security professionals to combat the growing risk of cyber attacks-cloud computing. More and more companies are deploying cloud computing to help reduce costs, improve flexibility, and provide business expertise. Cloud-based security services also have the same advantages. This emerging security-as-service model provides an unprecedented level playing field for cyber attacks and network defenses. However, it should be noted that the risks involved in deploying the enterprise cloud solution also exist in the deployment of cloud-based security services. So, do you know when security is the right service for your business? Companies need to consider the pros and cons of cloud-based security services.
Security is the advantage of service
1. Increased strength of personnel
Information security is a labor-intensive work. We can automate a lot of work, but in the end we always need people to make judgments. We need to collect logs from servers, network devices, firewalls, and intrusion detection systems, all of which require a complete focus on the staff. The labor force is the busiest in the security plan. Data leaks can happen at any time, and the system always "faithfully" records information until someone has enough time to translate the log information. There have been many recent data leaks involving system infiltration, which were discovered months later by the security team. Also, reports of these data leaks often come from outside third parties, since no one has time to translate the log data.
This is where security is a useful service. Cloud computing is primarily about sharing resources to achieve economies of scale. A security-as-service solution can assign teams to handle specific activities, such as monitoring logs, and share costs among many different customers, reducing unit costs for everyone. Security plans can now provide a dedicated log Monitoring Team, which is not possible without a cloud based model. This increases the effectiveness of the security plan and gives in-house staff more time to work on a higher level of risk management.
2. Provide advanced security tools
We've all done this: downloading open source security tools that require a lot of time to reduce security risks. These open source tools are free and require no other budget. Open source technology is not a problem, even very useful. Unfortunately, open source technology takes a lot of time to install and maintain in a production environment. For example, how many hours did it take you to try to find a snort rule to get your IDs service started?
In another area, the deployment of security as a service is also effective: Your security plan will also be able to gain access to advanced security tools through cloud computing economies of scale. The quality and variety of these available security tools can be comparable to, and cost less than, the commercial products deployed within other enterprises. More importantly, these tools will be maintained by cloud service providers, so you have plenty of time to take advantage of these tools.
3. Provide professional and technical knowledge
Information security is a broad topic, and it is impossible for anyone to understand the various details. For example, some security professionals focus on forensics while others focus on Web application security. Others lack sufficient human resources in their corporate security plans and have only comprehensive but not sophisticated security knowledge. This knowledge gap can lead to a serious blind spot-the inability to detect risk, let alone mitigate risk.
Security as a service can help solve this problem. Vendors that provide cloud-based security are primarily focused on specific aspects of information security. For example, some vendors provide cloud-based vulnerability scanners (maintained by experts) to detect systems available on the Internet. Other cloud vendors build their entire network around resisting denial of service (DoS) attacks. Companies do not have enough money to hire relevant security experts or deploy resources, and security, or services, enables enterprises to take advantage of these experts and resources. This allows internal security personnel to focus more on how to strategically manage the information security risks of an enterprise without paying much attention to technical details.
4. Positioning information Security as a business driver
The information security services are often considered to be roadblocks in business activities, and there are many reasons for this, which may not actually be a mistake in the information sector. Some people in the enterprise may not understand the importance of encrypting or firewall technology that protects confidential data. Even if they understand the reasons behind these technologies, they certainly don't understand the time it takes to deploy these security technologies.
Security as a service can also help solve this problem. It does not allow other parts of the enterprise to understand security requirements, but it ensures faster deployment of security technologies that can reduce the impact of established enterprise projects. This is a key advantage of all cloud based security services, and the security plan must take advantage of that. For example, a virtual server can be configured quickly and automatically through the same firewall rule. It also allows the information Security Department to establish a different relationship with business leaders and can change perceptions of information security as a business-driven, rather than an impediment.
5. A new method
In addition to the many benefits of security as a service, some new types of security based on cloud computing also have some advantages. In addition to traditional e-mail and web-filtering security as a service, there are a number of new services that are worth the attention of companies that can help address the old problems that the security industry has been trying to address without success. The introduction of the cloud computing model provides us with a new approach that may help us solve these challenges.
6. Identity Management
A password is one of many old problems, and it appears almost at the same time as a multiuser computation. In a the 1980s movie, we saw a hacker stealing a system password from a post-it note, and now employees are still placing a handy post-it pad with a password on their keyboard. It is difficult for users to manage a single password, let alone a modern environment that allows them to carry 10 of passwords.
Managing an employee account is not an easy task for system administrators and human resources departments. New employees are waiting to access the system to complete their work, and sometimes their accounts may not be disabled in time when the employee leaves the office. This complex manual system poses a security risk to both system administrators and human resources.
There are several reliable security services products that can speed up the account management process and provide a single sign-on function. They can be used in conjunction with systems in the cloud and in the internal network. These services leverage open standard protocols such as SAML, and even allow the integration of internal Microsoft Active Directory infrastructure. With this hybrid approach, where internal and external services authenticate from the same source, businesses can save time and money, simplify cryptographic processes, and reduce overall risk.
7. Virtual Machine Management
Running multiple virtual servers on a single hardware server is the most disruptive change in the Information technology field. Businesses quickly deploy private clouds, public clouds, and hybrid clouds to replace the physical hardware that is crowding the data center. However, this technology can also have a devastating impact on information security, while at the same time bringing more new challenges.
One of the challenges of managing virtual servers in a public cloud or private cloud is configuration management. Configuration management includes configuring and maintaining servers through a security approach based on enterprise policies that have firewall policy, file system permissions, and installed services. The technology that supports this process is already flooded in the data center. Cloud-based configuration management systems need to be able to deliver this functionality across multiple cloud service providers and internal data centers.
Cloud-based security services for configuration management provide this functionality. They provide full control of Linux with more and more features for Windows servers, and they can also be used for godaddy.com hosted servers and Linode hosted servers. Surprisingly, these new cloud-based configuration management systems are easier to configure and as powerful as the previous internal hosting systems. This is another cloud-based security service that deserves security professionals ' attention, even if they only have internal server resources to manage.
8. Network Layer Protection
Over the past few years, it has become increasingly imperative to protect network connectivity to internet-based assets. Now, websites are increasingly being attacked by cyber criminals and hacker organizations. Hacker organizations anonymous use low tech tools (such as Lower Orbit Ion Cannon) to launch Dos attacks on various businesses or headlines, a type of attack that mainly occurs when businesses rely on the Internet to access cloud-based applications.
The best defense against this attack against cloud assets is actually the cloud itself. Some secure, service-oriented solutions provide protection against Dos attacks by leveraging large bandwidth and intelligent protocol routing. These services can also hide Web servers from their front-end servers and prevent a passing attack. Other cloud-based security includes PCI DSS, data tagging, Web application firewalls, and hidden DNS servers.
Security as a service risk
To mitigate security risks, there is no perfect tool in the world, and security, or service, is no exception. Cloud-based security services, like all other cloud services, have the same security risks, which are grouped into the following categories:
1. Cloud providers have some degree of access to your data. Cloud vendors must be cautious about security-related data because the disclosure of such data can lead to multiple data-disclosure incidents. More comprehensive cloud computing services should use cryptography, but there are still problems with vendor Key management. For organizations that need the highest data confidentiality applications, it is best to consider using an internal solution.
2. Security is the service that will be accessed from the Internet. For internal systems, security professionals do not need to consider this risk, and in the past, exposing internal firewall management tools to the Internet has never been accepted. The authentication systems for these servers must provide powerful multifactor authentication to ensure the appropriate level of protection. You also need to consider potential Dos attacks, and without strong protection, an attacker could modify the service or prevent enterprise management or access to these services.
3. The open standard for the export of services between security and service providers is unlikely. Organizations that use these services need to understand that any switch between suppliers will be fully manual, including the re-establishing of firewall rules, virtual machine configuration, and authentication methods at the new vendor.
4. An enterprise should conduct detailed supplier due diligence audits to treat security as a service in the manner of any other cloud service provider. Companies should carefully select suppliers and investigate their financial position to ensure they do not suddenly evaporate. Thoroughly review the information security status of the service provider, starting with SAS-70 or SSAE-16 audit reports and vulnerability assessment reports. Companies need to fully trust the cloud provider, so this audit is critical.
5. Compliance is another problem that is difficult to solve for cloud-based security services. A service can provide a first-class audit report and meet the technical requirements of all due diligence, however, it may still not be able to meet the contract or legal agreement, such as the business partner contract required by the HIPAA Act (Business Associate Agreement). This situation is improving, but the enterprise must understand how security is how the service provider will meet its specific compliance requirements.
Many information security professionals are anxious about deploying any type of outsourced service, which is the security that services need to consider. The current economic development has given rise to a certain amount of resistance from many types of employees, fearing that security professionals will be replaced by cloud services. However, these new services allow security professionals to devote their time and energy to a higher level of strategic security projects, rather than daily maintenance work. This will help the security plan achieve greater efficiency, which can actually increase job security. Besides, who would really like to spend all night preparing another version of Snort?