New Report “State of Cloud
Threat Detection and
Response”
One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists.
“Our State of Cloud Threat Detection and Response report summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediating cloud-based threats.“
Now, you have three options:
- Just read the survey results document [PDF, 24 pages, with pictures!]
- Read the official blog, it is serious.
- Or, read this one, where I try to be a bit funnier. Then read the survey results anyway.
Before we go further, a quick reminder: this is a survey, thus it analyzes what people say they do, rather than what they actually do (so YMMV).
Now, let me introduce some of my favorites.
Cloud: Risk or Benefit?
Let’s address the elephant in the room: “The average security pro says cloud security is slightly more difficult than on-prem and involves a higher level of risk.“
Many respondents (more technologists than leaders, mind you) still think that “cloud is hard” and/or also believe in some form of “cloud is a risk” sentiment. However, my reading of the data is that they really say “cloud is a risk if you don’t know it” as these views strongly correlate with the view that their teams lack adequate cloud skills and knowledge. 82% (!) say their organization has to grow their public cloud skills and knowledge to thrive long-term.
This reminded me of this classic: “If I had my way, I would make it a crime to use automobiles on the public highways, because no man has a right to use a vehicle on the public highway that is dangerous to the safety of other people.” (Sen Joseph W. Bailey, 1909, quoted from this source). Whatever is new looks scary to people and more so to people who don’t understand it.
Despite all this, our report clearly shows that “Leaders see more opportunity in cloud, while SecOps recognize greater risk“
Cloud: Same Approach or Different
Here is another elephant in the room (oh, yes, there are two!): “Most organizations utilize the same approach for cloud vs. on-premise security. “
Say what? At first glance, this sounds, well, dangerous. We’ve ranted against “security lift and shift” on our podcast a lot, and so it seems like a surprise to me. Still, “the majority of survey participants (63%) believe they are using an approach that’s “mostly” or “exactly the same” in the cloud as compared to on-premise security.” However, in my mind this is probably correlated a bit with “… and it probably won’t work.”
Why do I say that? Look at the opposites: “Only 15% who apply a different detection and response approach to the cloud believe they are ill-equipped to safeguard their cloud presence.” Those practicing a different approach for cloud security seem more confident that it will work! I think they are also more right, not just more confident.
Still, if your cloud deployment is a straight lift/shift of your data center in the beginning, practicing security the same way may not be a mistake, as long as you plan to evolve it later.
Tools … But Who Made Them?
One question I wanted to ask in this survey is what type of provider is considered to be the “best” or primary source for cloud security tools for detection and response. The data is, frankly, inconclusive. Sure, cloud provider tools dominate, but ever so slightly.
Finally, my informal and “only-partially data driven” (let’s call them “data inspired”) conclusions:
- Cloud is hard, especially if you don’t understand it? Learn cloud before complaining about it!
- Cloud is similar, and also different from on-premise (not “just” somebody else’s computer). Start with what you know, but evolve to the cloud native way over time! Specifically, if your IT and business become more “cloudy”, your on-premise security will fail and will be left behind.
- If your cloud use is similar to your on-premise IT, then your threats are similar. If your cloud usage looks nothing like a 1990s datacenter, I bet your threats are very different too. Assess your cloud threats!
- Cloud calls for more automation, and also makes automation easier. Kill toil, automate!
Now, go and watch this fun video of me talking about this report!