What Is ‘Tool Sprawl’? And How Do Admins Tackle It for Cloud Security?

The ongoing migration of business services to the cloud – public, private, managed – and the ensuing hybrid IT complexity is creating new security challenges for IT teams. Investment in a range of innovative security technologies has become essential. Why? We must tackle increasingly sophisticated methods of attack and secure confidential data in the cloud as it flows across networks, devices, and apps.

A survey we commissioned at Intel Security of 1,200 cloud security decision-makers across eight countries highlights how organizations in the real world are prioritizing these security investments over the next year or so. Security-as-a-service solutions are high on the list, with four out of five organizations targeting investments there. Some of the usual security tools are, not surprisingly, still important too: 41% plan to spend on web protection and 38% will subscribe to an anti-malware solution.

But we also see a move to more proactive methods of cloud security. We see customers using intelligence and automation to stay on top of the vast amounts of threat and log data that need to be filtered in real time to identify attacks or leaks. This has resulted in investment priorities such as intrusion prevention systems (IPS) and security information and event management (SIEM). Organizations are also looking at discovery and monitoring tools for their infrastructure-as-a-service (IaaS) and optimized data center, as well as server security for virtual platforms.

These tools are essential to improving visibility across cloud deployments. Some 58% of organizations said a lack of visibility into cloud providers’ infrastructure is their biggest operational issue, while fewer than half of respondents claimed they had visibility into shadow IT SaaS deployments. These security investments provide a way for organizations to regain control over the cloud, but they also pose an orchestration challenge for IT departments and security administrators in particular as they try to manage this environment.

IT organizations continue to struggle with ways to tackle this security tool sprawl and avoid becoming overwhelmed by this array of products and the vast amounts of data they generate. Our survey shows that only a third of organizations that are using public cloud have a unified solution with full integration and central management. And of course it’s not just about public cloud. This integration, and the ability for platforms and products to talk to each other, need to be across all platforms from on-premise to private and managed cloud right through to public cloud.

Orchestration is going to be absolutely critical to efficient cloud security management and to avoid being overrun by security products and data. Tools such as cloud access security brokers (CASBs) are one way of doing this. CASBs deliver more centralized control and the ability to push standard security policies to data and applications in the cloud. Also, virtual IPS and firewalls are important for segmentation in the cloud, just as organizations already use them on-premise. This enables the enforcement of security between virtual servers, so if someone hijacks one virtual server the other virtual servers are not compromised at the same time.

The other big issue for cloud security management is open standards. Clearly, no organization has a security setup with just a single vendor’s products and services. Standards are vital so that different products from different vendors can all talk to each other. That means we need increased support for protocols such as the Data Exchange Layer (DXL), which Intel Security created and is supported by other security industry partners. These standards help create an integrated security ecosystem that works across vendors and brings together threat data and insights from siloed security technologies and systems.

Support for open standards will enable CISOs and IT security professionals to get the best out of innovative security technologies to gain greater visibility and security management across all of their cloud deployments. Regaining control and visibility means the business can then reap the cost, flexibility, and productivity benefits of a cloud-first strategy that the modern IT environment demands.