Business & Technology

Ensuring Cloud Cybersecurity at the Rate of Cloud Adoption

By Amy Thompson | October 18, 2017

In an effort to meet consumer demands and business needs, moving business-critical infrastructure and operations over to cloud environments is becoming less of an option and more of a requirement.

Recently, we wrote about the digital transformation that will, sooner rather than later, be adopted by our channel partner’s clients. This transformation will be focused on enabling business operations and consumers with such things as big data analytics, IoT devices, and new technology that is faster and more agile than ever. The ability to offer dynamic mobile services over the web and through applications will be integral to business success across all verticals. Technology differentiation will be a major driving force behind competitive enterprises.

To avoid obsolescence or financial losses, most organizations will implement a comprehensive digital transformation strategy within the next two years. In order for your customers to meet these goals, cloud adoption in some form (public, hybrid, private, or as a service) will be necessary.

Increased Cloud Adoption

This need to leverage the advantages offered by the cloud is reflected in high rates of cloud adoption throughout 2017. More than 80 percent of organizations have adopted a hybrid multi-cloud environment, while Infrastructure as a Service (IaaS) and Software as a Service (SaaS) are projected to grow 36.8 percent and 20.1 percent respectively this year. Additionally, 74 percent of tech CFOs say cloud computing will have the most measurable impact on their business in 2017.

How Cloud Adoption Enables Digital Transformation

Such infrastructural changes reflect the fact that organizations increasingly see cloud environments as the best way to support digital transformation. The believe this for a number of reasons.

  • Price: Building new on-premises infrastructure to contend with digital transformation would be incredibly resource intensive in terms of software, hardware, and personnel – especially since this infrastructure would always have to run to accommodate peak traffic. With cloud solutions, the infrastructure already exists, and organizations are only charged based on actual usage.
  • Flexibility: The cloud is able to scale to fit growing traffic, workloads, and storage needs, and is accessible from any device with an internet connection.
  • Agility: The cloud shortens product development cycles, supports the constant deployment of new infrastructure, applications, and services, and enables increased collaboration.
  • Regular Updates: Cloud service providers administer frequent necessary updates, meaning business IT teams do not have to focus on maintaining these platforms and infrastructure. This allows them to instead devote resources to other projects.

As the demands of digital transformation continue to affect organizations financially, your customers will likely, if they haven’t already, turn to the cloud to deploy new technical functionality.

However, while the cloud provides tangible benefits in terms of scalability and agility, it can also create security blind spots.

Cloud Cybersecurity Challenges

A well-known challenge of cloud adoption is reduced visibility into data usage and movement. This limitation makes it more difficult to detect unusual user behavior and data movement that could indicate a compromised system. In fact, 32 percent of IT professionals say they find it difficult to monitor cloud-based network traffic patterns in order to detect anomalous activity. To mitigate this challenge, cloud adopters often deploy an entirely new set of cloud-enabled security tools in order to gain security insight into data usage.

However, this approach is counterproductive. Extending the siloed security solutions strategy you currently use in your local network into the cloud will actually further diminish cloud visibility, and thereby security. Organizations adopt cloud solutions to optimize IT efficiency, and building security strategy around isolated security tools does precisely the opposite when security teams have to separately deploy, configure, monitor, and manage multiple security tools.

Additionally, with separate, non-integrated tools in place there is no streamlined, automated process for holistically gathering, correlating, and updating solutions with current threat intelligence. This lack of integration and automation is exacerbated by the accelerated rate of software updates and deployments IT teams are faced with managing within the cloud, because while cloud providers manage and maintain the cloud infrastructure, you and your IT team are responsible for maintaining many of the software and application tools you deploy. Overall, diminished data visibility combined with the need to hand correlate threat information and separately mange and update the isolated security tools deployed in the cloud is a major security hurdle. 

Another major challenge for your customers as they move to the cloud is ensuring they maintain regulatory compliance. This means having actively deployed robust security features that protect personal data, in accordance with regulations, such as GDPR, HIPAA, and FFIEC-IT, and ensuring those tools and processes are updated to reflect regulatory changes. This will become especially important as government sanctioned cybersecurity regulations become more common, and connected IoT devices produce an increasing amount of personal data. As a result, simply relying on the basic security implemented by cloud providers will not be sufficient.

Despite these documented cloud cybersecurity concerns, organizations are not slowing down their rate of cloud adoption. To mitigate these risks, organizations must adopt integrated, cloud-enabled cybersecurity solutions at the rate of their cloud adoption. This is where our Fortinet channel partners can provide real value to their customers.

Integrated and Automated Cloud Security

The automation, integration, and scalability provided by the Fortinet Security Fabric addresses each of these individual concerns while providing security teams with comprehensive threat intelligence and data visibility that spans the entire distributed network.

Fabric-enabled automation allows organizations to manage their security policies and automatically update each security device deployed in order to adhere to them. Additionally, the Fabric can automatically correlate threat intelligence from across the network and coordinate responses to detected threats. Because the Fabric is integrated, every tool, from end-point protection to firewalls and cloud-based security solutions, is able to communicates with each other in order to share the latest threat intelligence or any suspicious network behavior. And the Fabric’s inherent scalability means that as customers’ networks grow and become more distributed, their security protection grows accordingly in order to continue to detect and block threats.

Incorporated within the Security Fabric are multiple tools designed to further improve customer data security and visibility. Fortinet’s Cloud Security solution, for example, can be deployed in your customers’ public, private, or hybrid cloud environments. This solution is flexible and scales to protect your customers’ network and data as cloud use and traffic increase, so their network remains completely protected at all times. This tool additionally deploys internal segmentation and FortiCASBs, or Cloud Access Security Brokers. Segmentation isolates threats and provides enhanced visibility to lateral data movement across the network. CASBs act as gatekeepers between on premise tools and cloud environments. CASBs provide increased visibility into every application running within the cloud to ensure there are no unauthorized usages, and to enable compliance by making it simple to update organization’s security policies deployed within their cloud environments.

Final Thoughts

As the demand for digital transformation grows, your customers will have to adapt. This means they will likely adopt some form of a cloud strategy. Whether they use a public, private, or hybrid cloud environment, there will be security challenges that may be overlooked in the haste to achieve network transformation. To ensure a successful transformation in which critical company data remains secure, channel partner clients have to adopt the proper cloud security measures at the same rate that they adopt the cloud.