Race to the Cloud Creates Security Complexity

Cloud computing has gone mainstream as more organizations shift their applications and workloads from on-premise data centers to public cloud platforms.

Almost every company in the world—96 percent, according to one annual survey[1]—has moved some part, if not the majority, of their business to the cloud. Yet, the picture remains complex: A little more than half of all companies employ a hybrid cloud strategy, mixing on-premise infrastructure with public clouds, while 81 percent take a multi-cloud approach, tapping into multiple cloud providers simultaneously for infrastructure.

These complex cloud implementations make security really difficult, making the transition to the cloud a risky proposition. While cloud providers are responsible for securing the underlying infrastructure on which their cloud services run, businesses are on the hook for securing everything else – their data, applications, workloads and containers. The security mindset must also change with this shift to the cloud. Most security professionals know that security does not stop at the perimeter, but adopting the public cloud opens up new vectors of risk and threat.

Part of the solution is to use third party, cloud-native security tools to give you better visibility and improved security of the myriad cloud services that are being used across your company often outside the purview of IT. Cloud Access Security Brokers (CASBs) can give companies visibility into and help rein in the use of vulnerable or non-compliant SaaS applications by well-meaning—but in the end, short-sighted—employees.

Cloud Workload Protection (CWP) solutions have emerged in the past 2-3 years to address cloud workload risks deployed in Infrastructure-as-a-Service (IaaS). Defending workloads, containers and cloud storage against evolving, malware-based attacks (example: ransomware) as well as faulty configurations is necessary to guarantee security. Especially if your company deals with multiple cloud IaaS platforms, it needs a consistent way to govern security and enforce compliance.

Deploying CASB and CWP solutions together helps to secure SaaS applications, PaaS, and IaaS deployments without compromising the protection levels. Data loss prevention, threat protection and other data and application security controls are being integrated with CASB and CWP solutions to address the detection of sensitive data and malware in cloud apps and workloads.

There is an emerging category of capabilities called Cloud Security Posture Management (CSPM) that can assess your cloud infrastructure to ensure compliance with regulations and identify security vulnerabilities. This is a new way of securing the cloud IaaS management plane, which is used to manage and configure cloud resources such as launching virtual instances or configuring virtual networks.

Today, Symantec introduced a variety of innovations that will help companies secure their cloud applications, cloud infrastructure and the data that resides in the cloud, leveraging our field-tested, robust technologies and threat intelligence that has helped hundreds of thousands of global businesses defend their on-premises assets. We are bringing all of our industry-leading technologies—along with new products and cloud-delivered managed security services innovations - to market under the umbrella of Symantec’s Integrated Cyber Defense platform.

We are excited to announce the following new product and service innovations:

• Symantec Cloud Workload Assurance, the first full Cloud Security Posture Management (CSPM) solution integrated with Symantec CloudSOC CASB and Cloud Workload Protection, protects customers from cloud misconfigurations in Amazon Web Services and Microsoft Azure.
• Symantec CloudSOC is the first CASB to provide visibility, security and threat protection for any cloud application, including mobile and browser-based versions. Additionally, CloudSOC monitors risky app usage and significantly reduces the time it takes to identify and remediate security incidents.
• Symantec Cloud Workload Protection for Storage with Data Loss Prevention protects sensitive data in AWS S3 buckets and enforces compliance initiatives such as GDPR.
• Symantec Managed Cloud Defense provides customers with 24x7 monitoring of their AWS and Azure environments by our team of cyber security experts.

Is your cloud usage secure? Feel free to reach out and contact us for more information.

[1] RightScale, RightScale 2018 State of the Cloud Report, whitepaper, 13 Feb 2018, https://www.rightscale.com/press-releases/rightscale-2018-state-of-the-cloud-report.