Upload
trend-micro
View
1.875
Download
1
Embed Size (px)
Citation preview
And what it means for your business
reasons your cloud security teams are overwhelmed
Today’s cloud and security teams are asked to
Although the capabili:es and cost of select SecOps solu:ons have kept pace with the widespread adop:on of public-‐cloud services like AWS and Azure, many organiza:ons try to protect their expanding cloud workloads without the proper support.
DO MORE WITH LESS
It’s simple:
It’s no wonder so many companies are feeling overwhelmed by the demands of cloud security.
Organiza:ons that have moved to the cloud expect IT staff to protect more servers and resources than ever before—but oMen without the budget, training, or tools needed to do the job well. Their teams are forced to be firefighters, not innovators, which makes it difficult to focus on strategic goals.
Organiza:ons that have moved to the cloud expect IT staff to protect more servers and resources than ever before—but oMen without the budget, training, or tools needed to do the job well. Their teams are forced to be firefighters, not innovators, which makes it difficult to focus on strategic goals.
say that one of their top challenges is finding a balance
between day-‐to-‐day opera:ons and the :me they need to pursue innova:on and
business ini:a:ves.
62% of CIOs
Source: Data Centers in Flux: The IT Op5miza5on Challenge, Q3 2016, IDG Research, 2016
Why exactly are cloud and security teams stressed out?
Server sprawl
The wrong tools for the job
The human element
Too many servers, applica:ons, and data to effec:vely manage
Lack of specific cloud security skills
and training
Inadequate technology doesn’t
support business goals
LeD unaddressed, these three factors can create big problems for your business.
In the pages ahead, we’ll take a look at the root causes of these pain points and see how they can affect your business.
Server sprawl
The wrong tools for the job
The human element
Server sprawl Too many servers, applica:ons, and data to effec:vely manage
As many organiza:ons expand and new projects launch, they add IT infrastructure incrementally to meet short-‐term needs. While the cloud makes it easier than ever to add servers, this can result in addi:onal server sprawl.
Too oMen, this patchwork approach results in an underu:lized, expensive network that stands in the way of long-‐term goals.
SecFon 1 Server sprawl
It all starts with the servers.
Source: New data supports finding that 30 percent of servers are "Comatose," indica5ng that nearly a third of capital in enterprise data centers is wasted, Anthesis Group, 2015
Sound familiar? You’re not alone. Server sprawl is a global problem.
About 30% of all servers are unused
SecFon 1 Server sprawl
That’s an es:mated 10 million “comatose servers” worldwide
10M
SecFon 1 Server sprawl
Source: New data supports finding that 30 percent of servers are "Comatose," indica5ng that nearly a third of capital in enterprise data centers is wasted, Anthesis Group, 2015
LeD unchecked, server sprawl can have a big impact on your business—and not in a good way.
Businesses that suffer from server sprawl:
Lack real-‐:me visibility into their security state
Waste money keeping underu:lized
servers running
Spend too much :me on server management
Can’t respond to security
incidents promptly
SecFon 1 Server sprawl
UnderuFlized servers and lack of security
controls can cost you in more ways than one.
Security threats are becoming more frequent.
Approximately 82,000 serious cyber security incidents in 2016
=82K
SecFon 1 Server sprawl
Source: Cyber Incident & Breach Response, Online Trust Alliance, 2017
And more costly.
Average total cost of a data breach = about $4 million
SecFon 1 Server sprawl
UnderuFlized servers and lack of security
controls can cost you in more ways than one.
Source: Cyber Incident & Breach Response, Online Trust Alliance, 2017
The human element Lack of specific cloud security skills and training
The tradiFonal role of the IT security team has expanded. Many organiza:ons now expect their DevOps team to handle both deployment and cloud security. Without adequate skills and training, the demands of this hybrid “DevSecOps” role can be overwhelming—and IT professionals know it.
SecFon 2 The human element
Deployment
Security
+
Lack of resources
and exper,se
The #1 cloud challenge in 2016:
SecFon 2 The human element
Source: State of the Cloud Report, RightScale, 2016
Cloud workloads have vastly different protec:on requirements than on-‐premises data centers do. They need to be managed by staff with appropriate skills and adequate training. Your deployment specialists and coders may be experts in their field, but that exper:se may not apply to cloud security opera:ons.
SecFon 2 The human element
Many organizaFons rely on in-‐house talent for their security needs. Why?
In 2016,
46% of organiza:ons had a shortage of cyber security skills
SecFon 2 The human element
The global shortage in security professionals is one big reason.
Source: Through the Eyes of Cyber Security Professionals, ESG/ISSA, 2016
Many organizaFons rely on in-‐house talent for their security needs. Why?
That’s an
18% increase from 2015
SecFon 2 The human element
The global shortage in security professionals is one big reason.
Source: Through the Eyes of Cyber Security Professionals, ESG/ISSA, 2016
Most cyber security professionals begin their careers elsewhere.
Then gained cyber security training and cer:fica:ons 78% of security experts began as IT generalists
SecFon 2 The human element
Source: Through the Eyes of Cyber Security Professionals, ESG/ISSA, 2016
Due to the global shortage of cloud security specialists, it makes sense to look within your own IT department to develop the cyber security talent you’ll need.
Earn addi:onal security cer:fica:ons
Afend specific training courses
Join professional organiza:ons
Receive on-‐the-‐job mentoring
Promising IT staff should:
SecFon 2 The human element
Your cloud and security team can deploy and defend environments based on standardized, approved templates and rules—which saves :me and improves legal and security compliance.
With automa:on
SecFon 2 The human element
ShiDing workloads to the cloud enables greater automaFon, both in deployment and in protecFon.
Your overworked cloud and security teams must rely on :me-‐consuming, error-‐prone processes that introduce irregulari:es and expose you to the risk of compliance failure.
SecFon 2 The human element
Without automa:on
ShiDing workloads to the cloud enables greater automaFon, both in deployment and in protecFon.
Inadequate technology doesn’t support business goals
The wrong tools for the job
We’ve seen how an expanse of underu:lized servers and a deficit of skills can drive up costs and expose organiza:ons to risk,
SecFon 3 The wrong tools for the job
but how do the security tools you use every day impact your business?
Every business must strike the right balance between cost, usability, and effecFveness when considering cloud security opFons.
SecFon 3 The wrong tools for the job
Unfortunately, too many organizaFons don’t invest in the proper technology to ensure the longevity of their business. They rely on aging or ineffec:ve legacy systems or a patchwork of uncoordinated tools to manage data security opera:ons—and therein lies the danger.
SecFon 3 The wrong tools for the job
Legacy security. On-‐premises hardware and soMware may be familiar and inexpensive, but they lack the capabili:es to protect elas:c cloud and hybrid-‐cloud workloads, or may not work in the cloud at all!
SecFon 3 The wrong tools for the job
Why not just sFck with what you know?
Mul,ple-‐interface security. Businesses oMen arrive here organically aMer adding more systems incrementally over :me. Inefficiency, security gaps, and expensive licenses are hallmarks of this approach.
SecFon 3 The wrong tools for the job
Why not just sFck with what you know?
Visibility and vigilance are the keys to cloud security, but yesterday’s security soluFons struggle to provide real-‐Fme insights into your workloads.
Legacy security doesn’t provide visibility into dynamic cloud environments, which makes it difficult to defend against threats.
Mul:ple-‐interface security relies on numerous tools for management and repor:ng instead of a single view of your security state.
SecFon 3 The wrong tools for the job
Analysts predict that by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience 33% fewer security failures.
60% 33%
SecFon 3 The wrong tools for the job
Source: Gartner Predicts 2017: Cloud Security, Gartner, 2016
In addiFon to a lack of visibility, inadequate security systems can actually impact your organizaFon’s producFvity. Here’s how:
Lack of automa:on forces IT staff to manually perform processes like soMware and
policy updates
Minimal integra:on with third-‐party soMware creates inefficiencies and errors
Scans and patches slow down your en:re system
SecFon 3 The wrong tools for the job
OrganizaFons with inadequate IT budgets and decentralized security tools run the risk of ransomware a_acks, data breaches, or data security compliance issues.
$5,000 to over $100,000 per month + increased transac:on fees from financial provider
Fines for PCI DSS compliance viola:ons:
SecFon 3 The wrong tools for the job
Source: PCI Compliance Guide, PCI ComplianceGuide.org
$100 to $1.5 million per incident + possible criminal penal:es
Fines for viola:ng HIPAA rules:
SecFon 3 The wrong tools for the job
OrganizaFons with inadequate IT budgets and decentralized security tools run the risk of ransomware a_acks, data breaches, or data security compliance issues.
Source: HIPAA Viola5ons and Enforcement, American Medical Associa:on
Next steps The challenges posed by server sprawl, a lack of skilled human resources, and inadequate security tools create a perfect storm that can overwhelm an IT department of any size
Your IT staff are the appointed protectors of your organizaFon’s precious data.
They’re a crucial resource for combanng security threats and staying in compliance—and their job isn’t genng any easier.
Next steps >
The number of applicaFons the average enterprise IT department manages is growing every year.
They’ve got a lot on their plate, and they can’t tackle it all without the right mix of training, tools, and support from you.
376 applicaFons in 2016
426 applicaFons by 2018
Next steps >
Source: Data Centers in Flux: The IT Op5miza5on Challenge, Q3 2016, IDG Research, 2016
Overworked, underequipped IT departments can have a huge impact on the profitability, producFvity, and security of your business. Too many organiza:ons are unable to implement a solu:on that helps them solve this problem before it begins to compound into more serious issues.
Next steps >
But here’s the important thing:
Increasing your cloud security capabili:es doesn’t mean increasing your head count. With the right technology in place, your cloud and security staff can focus on work that helps grow your business instead of punng out fires.
Next steps >
How much do server sprawl, the human element, and the wrong tools for the job impact your business?
Fill out evalua:on
Next steps >
Complete our short cloud security evalua:on to get a befer understanding of the risks you face.
©2017 Trend Micro Incorporated. All rights reserved.