For many years, surveys among businesses operating in the cloud have reported cloud security and visibility (or the lack thereof) as their biggest concerns. However, rather than attempt to address the two concerns separately, it is better to address cloud security and the lack of visibility together.
Without visibility into your cloud environment, it is difficult to find out who is using what resources (and what for), and to identify misconfigurations or other vulnerabilities that could result in a cloud security failure. Effectively, you need to eliminate Line of Business or Shadow IT and see what is going on beneath the level of abstraction in order to secure your cloud environment and prevent cloud security failures. However, it’s not that easy.
Why Shadow IT environments develop
In 2014, McAfee commissioned a survey into why Shadow IT environments develop. The resulting report of the survey claimed that 81% of Line-of-Business employees and 83% of IT employees used unapproved SaaS services and applications, despite many respondents being aware they were circumnavigating the approval process and potentially introducing security threats. The reasons given for using unapproved services and applications included:
- Familiarity with the unapproved services and applications.
- Because the IT approval process was too slow.
- The unapproved services were better than approved services.
- The approved services didn’t have required capabilities.
The recommendation of the report was not to block unapproved services and applications, but to give employees the freedom to choose from a broad range of approved services while implementing a security solution to protect against malware and data loss. Inasmuch as that’s a good recommendation, it doesn’t solve the problem of employees using other, unapproved services; and, due to a lack of visibility into what services employees may be using in the cloud, you may never know.
Overcoming the lack of visibility in the cloud
Various solutions are available to overcome the lack of visibility in the cloud and address cloud security concerns. These are usually agent-based solutions that report back on activity below the level of abstraction. The data from the agents is then collated with data from above the level of abstraction in order to give businesses total visibility into their cloud environments. However, not all solutions for addressing cloud security and visibility work in the same way.
While some solutions simply notify businesses of any issues they find—potentially overwhelming cloud security teams—others can be configured to auto-remediate certain issues, which naturally is a better way to rapidly respond to a cloud security threat. However, within this second category, there are also solutions for addressing cloud security and visibility that allow businesses to create custom rules for what actions the solutions should take when identifying an issue.
Being able to see what is going on below the level of abstraction enables businesses to effectively eliminate the use of unapproved services and centralize IT management. Thereafter, businesses that implement a monitoring solution with customizable, auto-remediation capabilities meet Gartner´s requirement of “central management and monitoring plans to cover the inherent complexity of multi-cloud use”. In theory, these businesses are less likely to experience cloud security and visibility issues.
Address your cloud security and visibility concerns with CloudHealth
CloudHealth by VMware is a cloud management platform that offers the option of attaching agents to resources in order to provide total visibility of cloud environments. The platform also has advanced policy-driven automation capabilities that allow businesses to customize monitoring and auto-remediation rules. These two features integrate with VMware Secure State, not only to address cloud security and visibility concerns, but also to alert businesses to interconnected services and applications that might be impacted by auto-remediation choices.
In addition to enhancing cloud security, CloudHealth also helps businesses identify cost drivers and performance inefficiencies—which themselves can be masked by a lack of visibility. CloudHealth customers save an average of 30-40 percent in cloud costs per month and can govern their cloud environments more effectively using policy-driven automation in multiple use cases. Learn more about gaining visibility into your cloud security environment in our whitepaper here.