Cloud security has growing needs and lots of challenges. Here are some thoughts on solutions and strategies. Credit: Thinkstock My esteemed colleague Doug Cahill did a great job at the RSA Conference with a killer presentation on hybrid cloud security. Unfortunately, Doug’s presentation occurred on Thursday afternoon, when many conference attendees were catching flights home, packing up their booths, or recovering at a bar somewhere else in San Francisco. Despite the timing, about 150 souls showed up, but I’m guessing that Doug’s conference room would have been overflowing if his presentation had been on Tuesday rather than Thursday.As I wrote in a recent blog post, it was important to focus on cloud security at RSA 2018. Why? Because organizations are rapidly adopting hybrid clouds, with DevOps leading the charge. This places a double whammy on security teams that have little cloud computing experience and a limited relationship with DevOps teams.Since Doug gave a stellar performance in explaining the problems and potential solutions to cloud security, allow me to provide a few highlights from his presentation:Cloud computing has become increasingly heterogeneous. Eighty-one percent of organizations leverage multiple cloud service providers (CSPs) for IaaS, including Amazon, Google, IBM, Microsoft, etc.Workloads are moving to the cloud quickly. Today, nearly one-third of organizations run at least 30 percent of all workloads in public clouds. In two years, more than half (55 percent) will run at least 30 percent of workloads in public clouds. Workload types also vary between bare metal servers, VMs, and a growing population of containers.Seventy-three percent of organizations use or will use containers for both legacy and new applications.From a security perspective, that means security teams must be able to monitor and protect a changing (and growing) array of cloud-based workloads across different public cloud services. What’s more, infosec groups must become tightly integrated into agile development and continuous integration/continuous delivery (CI/CD) DevOps processes. Cloud security challengesNot surprisingly, this has created several cloud security challenges:Twenty-five percent of security respondents say their organization is challenged with maintaining strong and consistent security across internal data centers and public cloud services.Twenty percent of security respondents say their organization is challenged with keeping up with the rapid pace of change associated with DevOps.Eighteen percent of security respondents say their organization is challenged because of the inability for traditional network security tools to provide visibility into the cloud.In summary, cloud security remains inconsistent because organizations don’t have the right tools or processes to monitor activities or keep up with DevOps. Since more and more workloads are moving to the cloud, all I can say is, YIKES! Emerging cloud security solutions and best practicesAll is not lost, however. Doug is on top of cloud security progress and hinted at some emerging solutions and best practices he sees, including:The rise of a new position – cloud security architect. Twenty-five percent of organizations have had this type of role in place for more than a year, while another 18 percent have had a cloud security architect for less than a year. This data demonstrates a growing trend.Merging security and DevOps. While this is challenging, 15 percent of organizations are aligning DevOps and cybersecurity extensively, while 19 percent are doing so somewhat. Another 41 percent are evaluating an amalgamation of security and DevOps, forecasting stronger integration in the future.Moving toward unified teams, technologies and processes for all security. Cloud security has been a tactical exercise thus far – 70 percent of organizations use different people, processes, and technologies to support hybrid clouds. This means inconsistency and redundancy across AWS, Azure, GCP, IBM, and VMware environments. CISOs recognize the growing problem here and are planning for 180-degree changes. In two to three years, 70 percent want common security teams, processes, and technologies that span all aspects of hybrid clouds. This blog post provides a few data points but only scratches the surface of Doug’s presentation. Fortunately, the good folks who run the RSA Conference provided links to all presentations. Those who want more detail can download Doug’s full presentation here. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe