Wrongly considered the new kid on the block by some enterprises, virtualization technology has been around for a decade and embraced by many technology-oriented businesses due to its flexibility and room for expansion, increased productivity, superior storage capacity, and lower costs, among others.
“By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one third fewer security failures,” Gartner writes. However, because the attack surfaces increase when enterprises opt for the cloud, CISOs should look into the most suitable security model and implement visibility tools for each network environment to secure operations.
Whether private, public or hybrid cloud, migrating to such an infrastructure comes with challenges. More than 51 percent of IT security experts and C-level executives have named lack of visibility a top concern, says a Bitdefender study, as well as a lack of policies (41%) and access from unauthorized devices (34%).
“Any data transfer between the client and the cloud service provider needs to be encrypted to avoid man-in-the-middle attacks that could intercept and decipher all broadcasted data,” Bitdefender security experts recommend. “More than that, any data stored locally or in the cloud should be encrypted to make sure cybercriminals cannot read it, in case of data breaches or unauthorized access.”
Leaving behind traditional data centers and transferring corporate data to the cloud is a bold move. It can make enterprises more vulnerable and expose them to more risks. One challenge IT managers face is the loss of a measure of control once the data is moved into the cloud.
“While the benefits of virtualizing applications, desktops, hardware and networks are self-evident, security has failed, thus far, to align to this new paradigm,” explains Viorel Canja, Head of Antimalware and Antispam Labs at Bitdefender.
Visibility is a vital function in safeguarding corporate assets and infrastructures, as well as in detecting breaches. As many as 47 percent of respondents said they can’t accurately monitor workloads across the cloud, while 44 percent feel there is not enough control over networks and cloud supervision, according to the same study.
A recent report from Ixia on over 200 senior IT professionals confirms that security breaches are most often detected through the network visibility solution, followed by forensic investigations and third-party contact. Some 81.2 percent of respondents said their employees are not properly trained to avoid causing data breaches, while more than half don’t monitor all network segments and don’t protect their firewalls with a bypass switch.
“Most enterprises today are struggling with network blind spots caused by increases in encrypted traffic on their networks and migrations to public and private cloud environments. They also need to get better visibility across their rapidly-expanding network estates to address performance issues and mitigate threats,” said Murali Ramalingam, Country Head - Sales, India at Ixia.
Transition to the flexible public and hybrid cloud deployments is affordable but cloud migration increases CISO responsibility. Their role is ever more complex as most IT managers have almost no overview of the security practices of the cloud and SaaS providers, the latter ranking as one of the riskiest in contrast with IaaS and PaaS, Ixia writes.