Organizations continue to grow more distributed, virtual and complex. Over the last several years, they have sped up digital transformation projects, leaning hard into hybrid and multi-cloud deployments. This rapid movement comes with a price, however. Too many organizations lack the in-house cloud security expertise and resources needed to protect cloud assets effectively.
One option to address these challenges is managed cloud security. Outsourcing cloud security to a third party not only helps organizations with limited cloud security resources manage risks in the cloud, but it can, in some cases, save budget and free in-house security teams to focus on other pressing issues.
Let's look at the challenges of managing cloud security and the benefits and challenges of using managed cloud security services.
The cloud increases security complexity
The cloud introduces several new security issues organizations must contend with. Security teams struggle to detect and remediate cloud security threats, with 90% of the organizations surveyed in Palo Alto Networks' "The State of Cloud-Native Security Report 2023" admitting they can't identify and mitigate cyberthreats within an hour.
In addition, too many organizations deploy cloud applications too quickly. This can equate to limited testing time and DevOps teams deploying code with gaping security holes. Developers are also tapping commercial off-the-shelf software to accelerate deployment times -- some of which don't have the best security measures. An application's security is at risk if it has any vulnerabilities in the development software.
Organizations also struggle with the number of tools needed to manage cloud security. The Palo Alto Networks survey found teams use more than 30 discrete security tools, of which six to 10 are for cloud security. Plus, 75% said the large number of separate tools makes it difficult to get an accurate view of the cloud environment. They said, in this scenario, it is challenging to gauge where the most significant risks are and how to remediate them.
Lastly, cloud providers apply a shared responsibility model to security. IaaS providers are primarily responsible for infrastructure security, while the client is on the hook for securing the workloads running in the environment. Client cloud operations teams sometimes need help understanding where their obligations begin and end.
Benefits of cloud security managed services
Managed cloud security delivers many of the same benefits as outsourcing on-premises security. It can provide advanced threat intelligence and threat hunting capabilities, backed by the support of threat researchers and sophisticated tools, to expedite and improve threat identification. These services can also help organizations prioritize alerts and contain threats.
The best managed cloud security providers are trusted partners that can deliver innovative and effective technology, while alleviating the headaches associated with collating data from disparate tools. Managed cloud security services can also give organizations access to cloud-specific expert resources and partners with experience navigating evolving regulatory environments.
Outsourcing cloud security can also be more cost-effective than handling everything in-house; consolidating security operations under a third party can lower some operating expenses.
Challenges of cloud security managed services
Managed cloud security isn't perfect. Suppose the service only provides cloud security for one environment. The client's IT team must integrate data from the cloud security services with its other security resources, adding complexity to security management.
There is also always a risk the external provider and its partners could expose the client's cloud environment to new risks. This fear of loss of control keeps many organizations from adopting managed cloud security services.
Finally, using third-party cloud security services -- depending on the circumstances -- could prove more expensive than managing these protections internally.
Choosing outsourced cloud security
Many cloud security suppliers are available. All hyperscalers and cloud providers offer security controls as part of their IaaS and SaaS offerings, often for free. However, apart from Microsoft, which offers a full slate of managed cloud security services, most are discrete tools focusing on a single security aspect rather than providing a complete end-to-end perspective on the cloud environment. These primarily concentrate on security within their cloud, which complicates the security situation for organizations with hybrid and multi-cloud environments.
On the other hand, all major managed security service providers (MSSPs) offer cloud security services, as do many vendors that opt for a security-as-a-service model. MSSPs often provide security across cloud and hybrid environments. Most of their services are delivered via the cloud, translating to more rapid deployment. They can also mask much of the complexity associated with cloud security management, making it easier for internal security teams to tackle challenges as they arise.
One crucial aspect to consider is how cloud security fits into an organization's broader security strategy. It is essential to see the security perspective across the entire enterprise IT estate, including hybrid and multi-cloud. Tools such as extended detection and response offer protection from the customer premises to the cloud. These products amalgamate the tools that track, analyze and orchestrate responses across endpoints, infrastructure, workloads, networks and the cloud.
Cloud security services are available for organizations of all sizes, but under-resourced smaller and midsize organizations typically benefit the most. Finding the right provider comes down to trust -- and a proven track record. Cloud security providers should be able to demonstrate effectiveness in production cloud environments with customer testimonials. They must have integrations with all the hyperscalers and major cloud providers. It is also essential that cloud security services can integrate with any on-premises security infrastructure for more holistic management.
Amy Larsen DeCarlo has covered the IT industry for more than 30 years, as a journalist, editor and analyst. As a principal analyst at GlobalData, she covers managed security and cloud services.