Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Three Reasons Your Cloud Security Teams are Overwhelmed


Published on

Companies are feeling overwhelmed by the demands of cloud security. Learn what this means for your business.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Three Reasons Your Cloud Security Teams are Overwhelmed

  1. 1. And  what  it  means  for  your  business        reasons  your  cloud  security   teams  are  overwhelmed  
  2. 2. Today’s  cloud  and  security  teams  are  asked  to   Although  the  capabili:es  and  cost  of  select   SecOps  solu:ons  have  kept  pace  with  the   widespread  adop:on  of  public-­‐cloud  services   like  AWS  and  Azure,  many  organiza:ons  try   to  protect  their  expanding  cloud  workloads   without  the  proper  support.     DO  MORE   WITH  LESS   It’s  simple:
  3. 3. It’s  no  wonder  so   many  companies  are   feeling  overwhelmed   by  the  demands  of   cloud  security. Organiza:ons  that  have  moved  to  the  cloud   expect  IT  staff  to  protect  more  servers  and   resources  than  ever  before—but  oMen  without   the  budget,  training,  or  tools  needed  to  do  the   job  well.       Their  teams  are  forced  to  be  firefighters,  not   innovators,  which  makes  it  difficult  to  focus  on   strategic  goals.    
  4. 4. Organiza:ons  that  have  moved  to  the  cloud   expect  IT  staff  to  protect  more  servers  and   resources  than  ever  before—but  oMen  without   the  budget,  training,  or  tools  needed  to  do  the   job  well.       Their  teams  are  forced  to  be  firefighters,  not   innovators,  which  makes  it  difficult  to  focus  on   strategic  goals.     say  that  one  of  their  top       challenges  is  finding  a  balance             between  day-­‐to-­‐day   opera:ons  and  the  :me  they   need  to  pursue  innova:on  and   business  ini:a:ves.   62%    of  CIOs        Source:  Data  Centers  in  Flux:  The  IT  Op5miza5on  Challenge,  Q3  2016,  IDG  Research,  2016    
  5. 5. Why  exactly  are  cloud  and  security  teams  stressed  out? Server   sprawl   The  wrong  tools   for  the  job   The  human   element   Too  many  servers,     applica:ons,  and  data     to  effec:vely  manage   Lack  of  specific     cloud  security  skills     and  training   Inadequate     technology  doesn’t     support  business  goals  
  6. 6. LeD  unaddressed,  these  three  factors  can  create  big   problems  for  your  business.   In  the  pages  ahead,  we’ll  take  a  look  at  the  root  causes     of  these  pain  points  and  see  how  they  can  affect  your  business.   Server   sprawl   The  wrong  tools   for  the  job   The  human   element  
  7. 7.    Server  sprawl  Too  many  servers,  applica:ons,  and  data  to  effec:vely  manage    
  8. 8. As  many  organiza:ons  expand  and   new  projects  launch,  they  add  IT   infrastructure  incrementally  to  meet   short-­‐term  needs.  While  the  cloud   makes  it  easier  than  ever  to  add   servers,  this  can  result  in  addi:onal   server  sprawl.     Too  oMen,  this  patchwork  approach  results  in  an  underu:lized,  expensive  network  that   stands  in  the  way  of  long-­‐term  goals.     SecFon  1 Server  sprawl   It  all  starts  with  the  servers.
  9. 9. Source:  New  data  supports  finding  that  30  percent  of  servers  are  "Comatose,"  indica5ng   that  nearly  a  third  of  capital  in  enterprise  data  centers  is  wasted,  Anthesis  Group,  2015   Sound  familiar?   You’re  not  alone.  Server  sprawl  is  a  global  problem.   About  30%  of  all  servers  are  unused   SecFon  1 Server  sprawl  
  10. 10. That’s  an  es:mated  10  million     “comatose  servers”  worldwide   10M SecFon  1 Server  sprawl   Source:  New  data  supports  finding  that  30  percent  of  servers  are  "Comatose,"  indica5ng   that  nearly  a  third  of  capital  in  enterprise  data  centers  is  wasted,  Anthesis  Group,  2015  
  11. 11. LeD  unchecked,  server  sprawl  can  have  a  big  impact  on  your   business—and  not  in  a  good  way.   Businesses  that  suffer  from  server  sprawl:   Lack  real-­‐:me     visibility  into  their     security  state   Waste  money     keeping  underu:lized   servers  running   Spend  too  much     :me  on  server   management   Can’t  respond     to  security     incidents  promptly   SecFon  1 Server  sprawl  
  12. 12. UnderuFlized  servers   and  lack  of  security   controls  can  cost  you  in   more  ways  than  one. Security  threats  are  becoming  more  frequent.   Approximately  82,000  serious     cyber  security  incidents  in  2016   =82K SecFon  1 Server  sprawl    Source:  Cyber  Incident  &  Breach  Response,  Online  Trust  Alliance,  2017          
  13. 13. And  more  costly.   Average  total  cost  of     a  data  breach  =  about  $4  million         SecFon  1 Server  sprawl   UnderuFlized  servers   and  lack  of  security   controls  can  cost  you  in   more  ways  than  one.  Source:  Cyber  Incident  &  Breach  Response,  Online  Trust  Alliance,  2017          
  14. 14. The  human  element   Lack  of  specific  cloud  security  skills  and  training  
  15. 15. The  tradiFonal  role  of  the  IT   security  team  has  expanded.   Many  organiza:ons  now  expect  their  DevOps  team  to   handle  both  deployment  and  cloud  security.  Without   adequate  skills  and  training,  the  demands  of  this   hybrid  “DevSecOps”  role  can  be  overwhelming—and   IT  professionals  know  it.           SecFon  2 The  human  element   Deployment            Security               +          
  16. 16. Lack  of   resources   and   exper,se   The  #1  cloud   challenge  in  2016:   SecFon  2 The  human  element    Source:  State  of  the  Cloud  Report,  RightScale,  2016    
  17. 17. Cloud  workloads  have  vastly  different  protec:on       requirements  than  on-­‐premises  data  centers  do.  They   need  to  be  managed  by  staff  with  appropriate  skills   and  adequate  training.         Your  deployment  specialists  and  coders  may  be  experts   in  their  field,  but  that  exper:se  may  not  apply  to  cloud   security  opera:ons.   SecFon  2 The  human  element  
  18. 18. Many  organizaFons  rely  on in-­‐house  talent  for  their  security  needs.   Why?   In  2016,     46%     of  organiza:ons     had  a  shortage  of     cyber  security  skills   SecFon  2 The  human  element   The  global  shortage  in   security  professionals     is  one  big  reason.    Source:  Through  the  Eyes  of  Cyber  Security  Professionals,  ESG/ISSA,  2016        
  19. 19. Many  organizaFons  rely  on in-­‐house  talent  for  their  security  needs.   Why?   That’s  an     18%     increase     from  2015   SecFon  2 The  human  element   The  global  shortage  in   security  professionals     is  one  big  reason.    Source:  Through  the  Eyes  of  Cyber  Security  Professionals,  ESG/ISSA,  2016        
  20. 20. Most  cyber  security  professionals   begin  their  careers  elsewhere.   Then  gained  cyber  security    training  and  cer:fica:ons    78% of  security  experts     began  as  IT  generalists     SecFon  2 The  human  element    Source:  Through  the  Eyes  of  Cyber  Security  Professionals,  ESG/ISSA,  2016      
  21. 21. Due  to  the  global  shortage  of  cloud  security  specialists,  it  makes  sense  to  look   within  your  own  IT  department  to  develop  the  cyber  security  talent  you’ll  need.   Earn  addi:onal   security  cer:fica:ons   Afend  specific   training  courses   Join  professional   organiza:ons   Receive  on-­‐the-­‐job   mentoring   Promising  IT  staff  should:   SecFon  2 The  human  element  
  22. 22. Your  cloud  and  security  team  can  deploy   and  defend  environments  based  on   standardized,  approved  templates  and   rules—which  saves  :me  and  improves  legal   and  security  compliance.   With  automa:on     SecFon  2 The  human  element   ShiDing  workloads  to   the  cloud  enables   greater  automaFon,   both  in  deployment   and  in  protecFon.  
  23. 23. Your  overworked  cloud  and  security   teams  must  rely  on  :me-­‐consuming,   error-­‐prone  processes  that  introduce   irregulari:es  and  expose  you  to  the   risk  of  compliance  failure.   SecFon  2 The  human  element   Without  automa:on     ShiDing  workloads  to   the  cloud  enables   greater  automaFon,   both  in  deployment   and  in  protecFon.  
  24. 24. Inadequate  technology  doesn’t  support  business  goals       The  wrong  tools    for  the  job  
  25. 25. We’ve  seen  how  an  expanse  of  underu:lized  servers  and  a  deficit   of  skills  can  drive  up  costs  and  expose  organiza:ons  to  risk,   SecFon  3 The  wrong  tools  for  the  job   but  how  do  the  security  tools  you  use   every  day  impact  your  business?  
  26. 26. Every  business  must  strike  the  right   balance  between  cost,  usability,  and   effecFveness  when  considering  cloud   security  opFons.   SecFon  3 The  wrong  tools  for  the  job  
  27. 27. Unfortunately,  too  many   organizaFons  don’t  invest   in  the  proper  technology   to  ensure  the  longevity  of   their  business.   They  rely  on  aging  or  ineffec:ve  legacy   systems  or  a  patchwork  of  uncoordinated   tools  to  manage  data  security  opera:ons— and  therein  lies  the  danger.     SecFon  3 The  wrong  tools  for  the  job  
  28. 28. Legacy  security.  On-­‐premises  hardware  and  soMware  may  be  familiar   and  inexpensive,  but  they  lack  the  capabili:es  to  protect  elas:c  cloud   and  hybrid-­‐cloud  workloads,  or  may  not  work  in  the  cloud  at  all!   SecFon  3 The  wrong  tools  for  the  job   Why  not  just  sFck  with  what  you  know?
  29. 29. Mul,ple-­‐interface  security.  Businesses  oMen  arrive  here  organically  aMer   adding  more  systems  incrementally  over  :me.  Inefficiency,  security  gaps,   and  expensive  licenses  are  hallmarks  of  this  approach.   SecFon  3 The  wrong  tools  for  the  job   Why  not  just  sFck  with  what  you  know?
  30. 30. Visibility  and  vigilance  are  the  keys  to  cloud  security,  but  yesterday’s  security   soluFons  struggle  to  provide  real-­‐Fme  insights  into  your  workloads.       Legacy  security     doesn’t  provide  visibility  into   dynamic  cloud  environments,   which  makes  it  difficult  to   defend  against  threats.     Mul:ple-­‐interface  security   relies  on  numerous  tools   for  management  and   repor:ng  instead  of  a  single   view  of  your  security  state.   SecFon  3 The  wrong  tools  for  the  job  
  31. 31. Analysts  predict  that  by  2018,   the  60%  of  enterprises  that   implement  appropriate  cloud   visibility  and  control  tools  will   experience  33%  fewer   security  failures.   60%   33%   SecFon  3 The  wrong  tools  for  the  job    Source:  Gartner  Predicts  2017:  Cloud  Security,  Gartner,  2016      
  32. 32. In  addiFon  to  a  lack  of  visibility,  inadequate  security  systems   can  actually  impact  your  organizaFon’s  producFvity.     Here’s  how:   Lack  of  automa:on  forces  IT   staff  to  manually  perform   processes  like  soMware  and   policy  updates   Minimal  integra:on  with   third-­‐party  soMware  creates   inefficiencies  and  errors   Scans  and  patches  slow   down  your  en:re  system   SecFon  3 The  wrong  tools  for  the  job  
  33. 33. OrganizaFons  with  inadequate  IT  budgets  and  decentralized  security   tools  run  the  risk  of  ransomware  a_acks,  data  breaches,  or  data  security   compliance  issues.     $5,000  to  over  $100,000  per  month  +   increased  transac:on  fees  from  financial  provider     Fines  for  PCI  DSS  compliance  viola:ons:         SecFon  3 The  wrong  tools  for  the  job    Source:  PCI  Compliance  Guide,  PCI    
  34. 34. $100  to  $1.5  million     per  incident  +  possible  criminal  penal:es     Fines  for  viola:ng  HIPAA  rules:   SecFon  3 The  wrong  tools  for  the  job   OrganizaFons  with  inadequate  IT  budgets  and  decentralized  security   tools  run  the  risk  of  ransomware  a_acks,  data  breaches,  or  data  security   compliance  issues.      Source:  HIPAA  Viola5ons  and  Enforcement,  American  Medical  Associa:on  
  35. 35. Next  steps   The  challenges  posed  by  server  sprawl,  a  lack  of  skilled  human   resources,  and  inadequate  security  tools  create  a  perfect  storm   that  can  overwhelm  an  IT  department  of  any  size  
  36. 36. Your  IT  staff  are  the  appointed   protectors  of  your  organizaFon’s   precious  data. They’re  a  crucial  resource  for  combanng   security  threats  and  staying  in  compliance— and  their  job  isn’t  genng  any  easier.   Next  steps   >  
  37. 37. The  number  of  applicaFons  the  average  enterprise   IT  department  manages  is  growing  every  year. They’ve  got  a  lot  on  their  plate,  and  they  can’t  tackle  it  all  without  the  right  mix     of  training,  tools,  and  support  from  you.     376  applicaFons  in  2016 426  applicaFons     by  2018 Next  steps   >    Source:  Data  Centers  in  Flux:  The  IT  Op5miza5on  Challenge,  Q3  2016,  IDG  Research,  2016    
  38. 38. Overworked,  underequipped  IT  departments  can  have  a   huge  impact  on  the  profitability,  producFvity,  and  security   of  your  business.     Too  many  organiza:ons  are  unable  to  implement  a  solu:on  that  helps  them  solve  this  problem   before  it  begins  to  compound  into  more  serious  issues.   Next  steps   >  
  39. 39. But  here’s  the  important  thing: Increasing  your  cloud  security   capabili:es  doesn’t  mean   increasing  your  head  count.   With  the  right  technology  in  place,  your  cloud  and  security  staff  can  focus  on  work  that  helps  grow  your   business  instead  of  punng  out  fires.   Next  steps   >  
  40. 40. How  much  do  server  sprawl,  the  human  element,   and  the  wrong  tools  for  the  job  impact  your  business?   Fill  out  evalua:on     Next  steps   >   Complete  our  short  cloud  security  evalua:on  to  get  a  befer  understanding  of  the  risks  you  face.   ©2017  Trend  Micro  Incorporated.  All  rights  reserved.