Moving security operations to the cloud

New ESG research finds organizations are aggressively replacing on-premises security analytics and operations technologies with cloud-based alternatives. The shift comes with both short-term wins and strategic benefits.

cloud security / data protection / encryption / security transition
Metamorworks / Getty Images

Sisyphus could be the official mascot of security operations.

Sixty-three percent of respondents to a recent ESG survey of 406 IT and cybersecurity professionals say that security operations is more difficult today than it was 2 years ago. Why?

  • 41% of survey respondents point to the rapidly evolving and changing threat landscape, which is forcing SOC teams to keep up on cyber threat intelligence analysis, track the latest indicators of compromise, and understand the tactics, techniques, and procedures of cyber adversaries.
  • 35% cite the increased volume of security data that is collected and processed. I’m not surprised by this. In my experience, many organizations underestimate the resources, skills, and time necessary to manage the security data pipeline … and it is catching up with them.
  • 34% say the volume of security alerts has increased over the past two years. As security alert volume escalates, it exposes other security operations issues like a reliance on manual processes and point tools.
  • 30% say that growth in the attack surface increases the workload on the SOC team.

It’s also important to remember that these security operations challenges are exacerbated by the ongoing cybersecurity skills shortage as there just aren’t enough skilled bodies to throw at problems.

Looking to get off this security operations treadmill, many organizations are looking for help from the public cloud: 41% of organizations say that they now prefer cloud-based security analytics/operations technologies, while another 17% are willing to consider cloud-based security analytics/operations technologies on a case-by-case basis.

How cloud-based technologies can help

Traditional security analytics and operations platform architectures rely on racks of servers and storage devices while generating lots of network traffic.  This means upfront capital costs, engineering, deployment, customization, system tuning, etc.  All that goes away when an organization points its security telemetry toward the cloud.  This is often referred to as “lift and shift,” or the “dumb cloud.” 

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.