When it comes to IT security, the days when a virus scanner and a firewall were good enough are long gone. As more enterprise software moves to the cloud, CSOs and other security professionals will have to evaluate, deploy, and manage a whole new set of tools to protect against today’s threats.
One of the most important of those new tools is cloud access security brokers. A CASB sits between a cloud service and an organization’s systems. It can give the organization a greater level of control over how its employees are using cloud-based services, and provide an additional layer of security. CASBs also allow organizations to centralize control and monitoring of multiple cloud services.
It’s a technology that’s catching on rapidly. Market research firm Gartner predicts that 85 percent of large enterprises will use a CASB by 2020. Still, Gartner warns that the CASB category is still developing. IT security professionals will have to shop around, as capabilities can vary from product to product.
EDRs, an IT jack-of-all-trades
Another emerging tool is endpoint detection and response, or EDR. As the name suggests, EDR tools help organizations secure endpoints and hosts. While tools like CASBs are about prevention, EDR tools are about detecting and responding to potential IT security issues as they’re happening. They can be used to detect suspicious activity, to investigate that specific activity, and to block and contain malicious activity, according to Anton Chuvakin, a research VP with Gartner’s GTP Security and Risk Management group, who coined the term EDR.
While EDRs can be powerful tools, that power comes with a level of complexity. “To effectively secure your organization’s endpoints, you need to understand the contextual details of your entire endpoint environment,” writes David Bisson at The State of Security, an online magazine created by Tripwire.
Don’t poke new IT security holes
EDR tools work best in an organization with mature security operations, policies, and processes. Even if an organization isn’t ready for a full-fledged EDR system, establishing an incident response plan—before any incidents—is essential. IT security professionals also need to think about how the systems they’re protecting are developed. DevOps, for example, has made software development and deployment faster, but it can also open up new security holes.
“If you are doing continuous delivery, then you are making hundreds of changes to your environment every day,” Derek Weeks, vice president and DevOps advocate for software-management firm Sonatype, told TechBeacon. “The old process does not work. If you are trying to check all components at the end of the development life cycle, you are in for a lot of rework.” The solution is continuous automated testing.
“A large proportion of security tests are essentially checks that known weaknesses have not been introduced and these lend themselves superbly to automation. In fact, using a human to perform these types of checks is a terrible waste of resources,” writes Stephen de Vries, the CTO of Continuum Security, at DevOps.com. As with CASB and EDR tools, organizations have a lot of options when it comes to how they want to automate DevOps security testing.
While not all of these tools will be right for every organization, any enterprise using cloud-based solutions is opening the door to new threats that require new approaches to IT security. It’s a pretty safe bet: You could probably use a tool.