demonishen - Fotolia
Published: 01 Feb 2016
As public, private and hybrid cloud deployments gain traction, demand for cloud security products keeps growing, too, and cloud security vendors aim to keep up. IT and business professionals who participated in our 2015 North American data reported significant movement to the cloud, with an attendant demand for cloud security products that deliver much the same security as companies use on-premises.
An overwhelming majority of the readers surveyed -- 79% of 1,854 -- plan to invest in upgraded or new cloud security products in order to secure their current or planned cloud environments in the next 12 months. All but 3% of respondents' organizations have virtualized at least some part of their computing environment (44% have virtualized at least half, and 72% more than a quarter of their infrastructure). It should come as no surprise, then, that readers are seeking vendors who can provide a full spectrum of security services over the cloud.
Cloud security technologies in demand
When we asked survey respondents which types of cloud security products they were considering, 64% said "data protection," a broad category, which includes encryption, data loss protection, data activity monitoring, backup/recovery and more. Almost as many readers -- 57%--chose "network security," another large product area, which encompasses antivirus, firewall, intrusion detection and intrusion prevention systems, VPN and more. (See: What's Ahead in the Clouds.)
Too many point security tools, however, increase both complexity and operational cost. "Selecting security products for the cloud could exacerbate that issue," says Doug Cahill, senior analyst at Enterprise Strategy Group, who advises companies to seek technologies that operate in a hybrid environment and support cloud-native conventions.
"Support for hybrid, or multi-cloud, environments allows for consistency of policy to be applied across disparate infrastructures to unify an organization's security posture from on-premises to the cloud," he adds.
That includes being able to manage firewall rules, integrity monitoring and vulnerability scanning from a single management console that controls both on-premises and cloud resident servers.
"Because of the lack of access to the egress point -- and, thus, inability to deploy network security controls to protect cloud-resident workloads -- security professionals will also want to evaluate workload-centric security solutions, which are truly cloud-aware," says Cahill. These products support cloud computing conventions like ephemeral instances in an auto-scaling group, server tags and integration into DevOps automation platforms such as Chef Software and Puppet.
As for what it means to have a "cloud firewall," Cahill offered three different variations: a cloud security services model, a host-based model and an app-aware firewall outsourced from a software-as-a-service (SaaS) provider. "Some organizations are deploying the control plane in the cloud, including those for firewalls, to gain operational efficiency from eliminating the need to deploy and manage such management servers on-premises."
Data protection in the cloud
Symantec was the clear winner among readers both for cloud data protection (39%) and for identity and access management (33%). The software vendor builds on its broad base of security and storage products to extend coverage into the cloud (See Readers' Top Five: Cloud Data Security). The company sold its Veritas information management business to The Carlyle Investment Group in 2015 in order to focus on information security.
While major players such as IBM, RSA/EMC (acquired by Dell in 2015), CA Technologies and Trend Micro made the shortlist, SolarWinds, PGP (acquired by Symantec) and CipherCloud are also in the mix at many enterprises.
The Data Center Security product can support multi-cloud environments, according to Cahill, "with its ability protect disparate infrastructures comprised of on-premises and cloud-resident workloads from intrusion and compromise." He says it does this "by applying security controls such as integrity monitoring, tamper protection for server hardening across [environments], and more, from a central console enabling a unified security posture."
Symantec's Data Loss Prevention engine also integrates with products that cloud access security brokers (CASBs) like Skyhigh Networks offer, according to Cahill, which allows them to delegate "more resource intensive content inspection tasks for both monitoring and application of policy."
Encryption management in the cloud is a growing issue for many organizations. Security professionals need to decide whether "the control they gain from having custody and, thus, managing their encryption keys versus allowing their CSP to do so, is worth the incremental operational cost," says Cahill. An alternative is to take a hybrid approach and retain control over keys for the enterprise's most sensitive data assets. Companies that need to protect certain data elements in their SaaS applications should consider encryption technologies with native app integration.
Network security in the cloud
For cloud network security, 50% of readers surveyed chose Cisco. (See Readers' Top Five: Cloud Network Security.) The networking company offers a broad range of cloud security products, including Cisco Cloud Web Security, cloud-based services that monitor Web usage, including network and file behaviors, using threat information from the company's global network.
"By being cloud delivered, Cisco's Web proxy protects an increasingly mobile workforce's access to and use of email, the Web and a plethora of other cloud services," Cahill says.
Since most readers' organizations (77%) have to adhere to regulations or policies that make it imperative to know the physical location of sensitive data stored in the cloud, choosing Cisco for cloud network security may also have something to do with the company's efforts to comply with data security and protection standards across physical, logical and virtualized environments through Cisco's Intercloud Services. Cisco's cloud security offering adheres to "European data privacy principles, consent of individual data owners, and performance of contracts, including the EU Model Clauses," according to the company.
While Cisco got the most votes, enterprises are also considering cloud network security products from McAfee (Intel Security Group), Check Point Software Technologies, Juniper Networks and Barracuda Networks on their shortlists. Palo Alto Networks, Dell SonicWALL, Fortinet and HP were not far behind, followed by Rackspace and CloudPassage.
Peter Loshin is a site editor for SearchSecurity at TechTarget. He was previously a technical editor for software reviews at BYTE Magazine, as well as a TCP/IP network engineer at a research laboratory in Cambridge, Mass. He has written several books, including TCP/IP Clearly Explained and Simple Steps to Data Encryption: A Practical Guide to Secure Computing. Follow him on Twitter: @PeterLoshin.
More Readers' Top Picks for cloud security
Learn the differences between cloud firewalls and traditional firewalls
Challenges involved in transitioning to cloud data protection services