Clouded Vision: How A Lack Of Visibility Drives Cloud Security Risk

By   ISBuzz Team
Writer , Information Security Buzz | Apr 05, 2019 04:30 am PST

Lora O’Haversenior solutions marketing manager at Keysight Technologies explains why a lack of visibility sits at the heart of cloud security concerns – and how that visibility can be achieved. 

Enterprises continue to migrate to the cloud with many using their cloud environments to support mission critical applications. According to RightScale, enterprises are on average running 38 percent of their workloads in public clouds, and 41 percent in private clouds.  

But as in weather forecasting, clouds can bring the risk of a storm. As cloud adoption gathers pace, so too do associated operating concerns. Ensuring the integrity of data, applications, and workloads processed in clouds is different than with on-premises infrastructure. Organizations migrating to the cloud – whatever their size, scope or industry – need to ensure adequate performance and security of workloads running on cloud infrastructure.
The question is, how do they achieve this? While cloud providers should offer a strong foundation for high-performance and security, the enterprise still needs to monitor cloud-based workloads. They are ultimately responsible for ensuring an adequate user experience and protecting sensitive customer data and applications.  

And one factor is fundamental to security, availability, and performance in the cloud. That factor is visibility. Ixia, a Keysight business, recently published the results of our survey on ‘The State of Cloud Monitoring,’ which polled 338 IT professionals at organizations from a range of sizes and industries globally. We found that 84 percent of companies placed additional workloads in the public cloud in 2018, and 21 percent reported that the increase was significant for them. The research also found that the top priority for cloud users is gaining visibility into application and data traffic – but fewer than 20 percent of participants said their company was currently able to properly monitor public cloud environments. 

Cloud obscures visibility 

Application performance and security are the two core concerns of any enterprise IT department. The former ensures effective operations and competitiveness; the latter ensures protection against a dynamic threat landscape. Cloud visibility is critical to both. Ninety-five percent of respondents to our survey had experienced either application or network performance problems because of cloud visibility issues, and 87 percent expressed concerns that a lack of visibility into cloud environments is obscuring security threats to their organization. 

Thirty-eight percent of participants cited insufficient visibility as a factor in application outages, and 31percent in network outages. Other issues, such as delays resolving a security alert (26 percent), problems with compliance (18 percent) and an inability to prevent security attacks (17 percent), underscore the significant consequences that respondents have experienced from a lack of cloud visibility. 

So, it’s no surprise that 99 percent of respondents stated that comprehensive cloud visibility has direct value to their organizations. The leading benefit was monitoring and ensuring application performance (cited by 60 percent). Security was also key, with 59 percent noting the value of visibility for threat prevention and 57 percent for identifying “indicators of compromise.” Respondents also cited the ability to monitor every link in the network (56 percent), the ability to balance workload between monitoring tools (37 percent) and the ability to monitor encrypted sessions (32 percent). 

Getting a clearer vision 

However, getting in-depth visibility to clouds isn’t always easy. Fewer than 20 percent of the IT professionals we surveyed reported they had complete, timely access to data packets in public clouds. In private clouds, the situation is somewhat better, with 55 percent reporting adequate access. In contrast, 82 percent have the visibility they need in their on-premises data center. Obviously, the visibility challenge of public clouds needs to be met head-on. 

Nine out of ten respondents believe visibility to packet data is what is required for effective monitoring. Eighty-six percent said it was important for network and application performance monitoring, and 93 percent stated it was valuable for security monitoring. Visibility is not only critical for understanding and maintaining workloads but is also vital for maintaining a good customer experience and service levels.      

Comprehensive cloud visibility is a must, not a nice-to-have 

As more applications and workloads migrate, organizations must focus more on managing application performance, documenting compliance, and maintaining security in their clouds. Claiming they can’t see what is happening in their clouds will carry no weight with an organization’s customers, board of directors, or auditors. But with the right approach to visibility, organizations can fully realize the benefits of the cloud, and eliminate the risks of storms caused by security breaches or poor user experiences.