The implementation of managed cloud security in hybrid and multi-cloud environments presents several significant obstacles for organizations, according to Marina Segal, CEO at Tamnoon. In a recent interview with Help Net Security, Segal highlighted key challenges such as long onboarding times, legacy security gaps, vendor lock-in, and overlooked threats that can jeopardize organizations’ security posture.
One major hurdle faced by CISOs when deploying managed cloud security solutions is the lengthy onboarding process. Each organization has its own set of policies, workflows, and system architectures, which can complicate the onboarding process. Additionally, many teams tend to focus more on incident response rather than proactive security measures, leading to gaps in cloud security when transitioning from legacy solutions to cloud environments.
To ensure visibility across cloud environments when utilizing managed cloud security providers, organizations should prioritize collaboration between teams and vendors. It’s crucial to have comprehensive deployment of Cloud Native Application Protection Platforms (CNAPP) and Cloud Security Posture Management (CSPM) solutions to monitor and scan cloud environments effectively. Furthermore, organizations should pay attention to developer accounts and critical alerts to avoid overwhelming their teams with unnecessary information.
Vendor lock-in is another concern for organizations using managed cloud security services. To mitigate this risk, organizations should seek providers that offer compatibility with various CNAPP and CSPM solutions, enabling flexibility in choosing the right provider without being locked into a specific technology. Training and building in-house knowledge can also help organizations navigate vendor lock-in by empowering teams to direct strategy and review performance effectively.
When it comes to overlooked cloud security threats, CISOs should prioritize incident response time, real-time incident handling, and Identity and Access Management (IAM). Rapid response to incidents, operationalizing real-time threat handling in the cloud, and managing access permissions are critical aspects that organizations often neglect but can lead to significant security breaches if not addressed promptly.
Looking ahead, the threat landscape for cloud security is expected to evolve rapidly in the next 2-3 years, with AI and machine learning playing a significant role in both defending against and launching cyber attacks. Organizations should anticipate closer integration between cloud security and Security Operations Centers (SOC) to detect and remediate real-time alerts effectively. Addressing technical debt, deploying the right security solutions for multi-cloud environments, and prioritizing proactive remediation alongside visibility are key strategies for organizations to enhance their cloud security posture in the face of emerging attack vectors.
In conclusion, addressing the obstacles of managed cloud security implementation, ensuring visibility across cloud environments, mitigating vendor lock-in, addressing overlooked threats, and preparing for future challenges are critical components of a robust cloud security strategy for organizations operating in hybrid and multi-cloud environments.