{"id":88445,"date":"2023-03-10T18:19:33","date_gmt":"2023-03-10T18:19:33","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4046979"},"modified":"2023-03-10T18:19:33","modified_gmt":"2023-03-10T18:19:33","slug":"cloud-security-hampered-by-proliferation-of-tools-has-a-forest-for-trees-problem","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88445","title":{"rendered":"Cloud security, hampered by proliferation of tools, has a \u201cforest for trees\u201d problem"},"content":{"rendered":"<figure id=\"attachment_4046992\" aria-describedby=\"caption-attachment-4046992\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4046992 size-article\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/03\/cloud-security-hampered-by-proliferation-of-tools-has-a-forest-for-trees-problem.jpg\" alt=\"This illustration shows a cloud with a lock above a globe of the Earth.\" width=\"770\" height=\"433\"><figcaption id=\"caption-attachment-4046992\" class=\"wp-caption-text\">Image: Ar_TH\/Adobe Stock<\/figcaption><\/figure>\n<p>A new study Networks found that, on average, organizations rely on over 30 tools for overall security, and that degree of complexity is making for less security, not more.<\/p>\n<p>Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security still hamper their cloud migration efforts, according to the <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/research\/state-of-cloud-native-security-2023\" target=\"_blank\" rel=\"noopener noreferrer\">2023 State of Cloud-Native Security Report<\/a>.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/article\/crowdstrike-attackers-cloud-exploits-data-theft\/\">CrowdStrike: Attackers focusing on cloud exploits, data theft<\/a> (TechRepublic)<\/strong><\/p>\n<p>Three quarters of respondents to Palo Alto Networks\u2019 survey reported the number of cloud security tools they use creates blind spots that affect their ability to prioritize risk and prevent threats. Over three quarters said they struggle to identify what security tools are necessary to achieve their objectives.<\/p>\n<p>90% of C-Suites respondents said they could not detect, contain and resolve cyberthreats within an hour, and about half conceded that a majority of their workforce doesn\u2019t understand their security responsibilities.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"top\">Top challenges to providing comprehensive security, top to bottom, left to right<\/h2>\n<p>Respondents to the Palo Alto Networks\u2019 survey named the top challenges to providing comprehensive security, which include the following:<\/p>\n<h3>Managing security holistically across teams<\/h3>\n<p>It isn\u2019t enough to adopt a responsibility model between cloud service providers and users; companies need to look inward, and eliminate silos insofar as they prevent security processes that work for development, operations and security.<\/p>\n<h3>Embedding security across the cloud-native development lifecycle<\/h3>\n<p>Embedding the right cloud security solutions at every stage of the application development process from code to runtime is critical.<\/p>\n<h3>Training IT, development and security staff to use security tools<\/h3>\n<p>Cloud-native application development requires securing \u201cexponentially more cloud assets across code, workloads, identities, data, etc., and across multiple execution environments, such as containers, serverless, and platforms,\u201d noted the firm.<\/p>\n<h3>Lack of visibility into security vulnerabilities across cloud resources<\/h3>\n<p>Palo Alto Networks calls vulnerability management the \u201choly grail of application security.\u201d But achieving this means being able to mirror the scale, speed and agility of the cloud, according to the company. Successfully done, it can reward companies with near real-time detection of threats and vulnerabilities.<\/p>\n<h3>Using the right tools<\/h3>\n<p>In the report, the ideal cloud security solution is scalable and able to handle immediate security needs and additional use cases as the company expands cloud applications and uses.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<h2 id=\"csuites\">C-Suites executives unsure about secure cloud deployment<\/h2>\n<p>The report is based on a survey of 2,500 C-level executives worldwide in November and December 2022 that tracked enterprises\u2019 shift from on-premise software and services to the cloud and found a generally weak security posture. A common theme among executives surveyed was that their organizations need to improve visibility into multiple clouds as well as incident response and investigation.<\/p>\n<p>\u201cWith three out of four organizations deploying new or updated code to production weekly, and almost 40% committing new code daily, no one can afford to overlook the security of cloud workloads,\u201d said Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks.<\/p>\n<p>\u201cAs cloud adoption and expansion continues, organizations need to adopt a platform approach that secures applications from code to cloud across multicloud environments.\u201d<\/p>\n<h2 id=\"keys\">5 keys to best-in-class security capabilities and ease of use<\/h2>\n<p>According to the survey, the top factors companies consider when choosing security solutions for their cloud applications were:<\/p>\n<ul>\n<li>Ease of use.<\/li>\n<li>Best-in-class capabilities.<\/li>\n<li>Potential impact on enterprise performance.<\/li>\n<li>Familiarity with vendor or tool.<\/li>\n<li>Competitive pricing and\/or cost.<\/li>\n<\/ul>\n<p>The survey found that enterprises are split between a single security vendor\/tool approach and a multiple security vendor\/tool approach for each of their security needs.<\/p>\n<h2 id=\"arrows\">Companies keep too many security arrows in their quivers<\/h2>\n<p>Three quarters of the leaders Palo Alto surveyed said they struggled to identify which security tools were necessary to achieve their objectives, which led to deploying numerous single point security solutions \u2014 of the 30-plus security tools on average that organizations are using, six to 10 are dedicated to cloud security.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/article\/open-source-code-software-risk\/\">Open source code for commercial software applications is ubiquitous, but so is the risk<\/a> (TechRepublic)<\/strong><\/p>\n<p>A quarter of respondents reported using both in-house and open source tools, with most of the companies polled saying they deploy multiple vendors to secure their clouds, networks and applications (<strong>Figure A<\/strong>).<\/p>\n<p><strong>Figure A<\/strong><\/p>\n<figure id=\"attachment_4047368\" aria-describedby=\"caption-attachment-4047368\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4047368 size-article\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/03\/cloud-security-hampered-by-proliferation-of-tools-has-a-forest-for-trees-problem.png\" alt=\"This illustration shows a comparison table of security incidents.\" width=\"770\" height=\"241\"><figcaption id=\"caption-attachment-4047368\" class=\"wp-caption-text\">Image: Palo Alto Networks. Thirty-three percent of companies use multiple vendors\/tools to secure cloud assets.<\/figcaption><\/figure>\n<h3>Security gaps persist in spite of efforts<\/h3>\n<p>Palo Alto Networks\u2019 study reported that only about 10% of respondents couldn\u2019t detect, contain and resolve threats in less than an hour. In addition, 68% of organizations were unable to even detect a security incident in less than an hour, and among those that did, 69% couldn\u2019t respond in under an hour (<strong>Figure B<\/strong>).<\/p>\n<p><strong>Figure B<\/strong><\/p>\n<figure id=\"attachment_4046991\" aria-describedby=\"caption-attachment-4046991\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4046991 size-article\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/03\/cloud-security-hampered-by-proliferation-of-tools-has-a-forest-for-trees-problem-12.png\" alt=\"This illustration shows increase in security incidents.\" width=\"770\" height=\"247\"><figcaption id=\"caption-attachment-4046991\" class=\"wp-caption-text\">Image: Palo Alto Networks. Thirty-three percent of companies use multiple vendors\/tools to secure cloud assets.<\/figcaption><\/figure>\n<h2 id=\"blindspots\">How to avoid blind spots and poor overview of security risk<\/h2>\n<p>Recommendations from the study\u2019s authors include quickly identifying anomalous or suspicious behaviors that indicate a compromise, and focusing on the means of increasing near-constant visibility of cloud assets, in part by eliminating blind spots caused by the lack of a holistic approach to security tool deployment. The authors also suggested:<\/p>\n<h3>Incorporate security at all stages<\/h3>\n<p>Security teams should have a comprehensive understanding of how their company goes from development to production in the cloud to find the least disruptive insertion points for security tools.<\/p>\n<p>\u201cStarting by raising visibility and fix-recommendations for software with known vulnerabilities and container image scanning is a great first step towards getting early buy-in from DevOps or platform teams,\u201d the report said.<\/p>\n<h3>Adopt threat prevention techniques<\/h3>\n<p>Deployment tactics can actively block zero-day attacks and contain lateral movement in the event of a breach. Also, calculate net-effective permissions across cloud resources to ensure best practices for least-privilege access.<\/p>\n<p>\u201cAt the very least, organizations should consider applying prevention solutions to their mission-critical applications,\u201d said Palo Alto.<\/p>\n<h3>Align cyber tactics with cloud presence<\/h3>\n<p>Don\u2019t end up with dozens of tools siloed for specific security use cases in the cloud, leading to what Palo Alto Networks calls a \u201csprawl\u201d of tools that bog down cloud security teams and leave visibility gaps. The company suggests reviewing cloud adoption goals over a two to five year span.<\/p>\n<h3>Consolidate tools where possible<\/h3>\n<p>Unify data and security controls into a platform approach to obtain a comprehensive view of risk, versus the granular views provided by several siloed tools.<\/p>\n<p>\u201cBy consolidating tools, security teams can automate correlation and tackle the most important security issues across the application lifecycle,\u201d noted the firm.<\/p>\n<h2 id=\"actfast\">Acting fast when an incident occurs depends on a strong policy<\/h2>\n<p>Security incidents on computers and other devices, networks, applications and cloud services platforms requires a fast response. The sooner one reports to IT and relevant security teams the better when receiving suspicious messages, noticing unusual changes to system or device performance, discovering a misdirecting link or any other suspected attack or infiltration. Download TechRepublic Premium\u2019s <a href=\"https:\/\/www.techrepublic.com\/resource-library\/whitepapers\/security-incident-response-policy\/\">Security Incident Response Policy<\/a> to learn best practices for incident response.<\/p>\n<p> <!-- default newsletter at the end --> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Ar_TH\/Adobe Stock A new study Networks found that, on average, organizations rely on over 30 tools for overall security, and that degree of complexity is making for less security, not more. Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":88446,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,783,56,697,287],"tags":[],"class_list":["post-88445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloudsync","category-cybersecurity","category-palo-alto-networks","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88445"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88445\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88446"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}