When to Move TDIR to the Cloud
The pandemic spurred digital transformation unlike anything we have ever seen. While organizations faced an unknown road ahead, they were quick to adapt. Unfortunately, so were digital adversaries and cyberattackers.
In the face of these new challenges, businesses have evolved; many have changed radically since the beginning of 2020. Early in the pandemic, some shifted focus to help manufacture the emergency equipment needed to address a public health crisis. Others have adapted to lockdowns and facilitated remote working, either to embrace new opportunities or simply as a matter of survival. In almost every case, technology has played a vital role in facilitating and supporting these changes.
Unfortunately, the methods employed by cybercriminals have also evolved to exploit the broader importance of digital tech. Seeing the opportunity presented by the near-overnight closure of office spaces, for example, the volume of targeted phishing attacks skyrocketed. Adversaries also took advantage of relatively lax home network security to gain access to corporate networks, and there has been a dramatic increase in ransomware attacks—a 10,000% increase in late 2020 according to a ResearchandMarkets.com report—that have crippled businesses and critical infrastructure the world over.
In response to this challenging security landscape, investment trends have also changed. Gartner recently reported that there has been a 41% increase in cloud security spending by CIOs over the past year. It’s interesting to note, however, that across all the investment categories, cloud security was both the smallest amount of investment dollars spent but also the fastest growing area of security spending.
On one hand, these are encouraging developments. Organizations clearly see the need to protect the cloud-based apps and services now in ubiquitous use across every industry sector. More investment is also being directed at enhancing the security stack with cloud-first strategies instead of traditional on-premises spending. It makes sense that security budgets should follow to help protect these increasingly diverse and flexible architectures.
On the other hand, why does cloud security represent the smallest level of spend? What’s preventing organizations from allocating more funds to technologies that will make it easier to define, implement and operate effective threat detection, investigation and response (TDIR) programs? The key to this apparent contradiction is the role played by legacy tech and the limitations of security solutions designed before the cloud era.
Leaving the Legacy Behind
In most scenarios, CISOs have three choices when considering a move away from legacy tech to TDIR in the cloud:
- Take their security capabilities and extend them to cover new cloud locations and services.
- Buy a new set of tools that is purpose-built for threat detection.
- Opt for new, packaged security services with native capabilities built-in.
These choices can raise some challenging questions. Security teams may, for instance, be concerned about whether specific tools will work in their environment or whether they could be introducing risk by adopting something that is completely new. Similarly, do some of their existing cloud-based services come with security services already baked in? Is there actually a need to add another layer to absolutely everything? It’s understandable that the variety of choices can bring some analysis paralysis to the decision-making process that may explain the relatively low levels of investment.
So, what needs to happen to enable organizations to deliver better TDIR at a level commensurate with its importance to their infrastructure? The key to the process is evaluating what’s currently in place.
In making a transition from legacy tools, it’s important to understand why you are making the transition in the first place and determine what makes an existing solution ‘legacy’. Granted, tools can be older but still very functional, so organizations need to understand which of their tools still have relevance.
Next, is the organization consuming its current security tools in the right way? In the same way that organizations are using public cloud or Office365 because they are now more feature-rich than when they first appeared on the market, security is going through that same maturity curve. But by sticking with an on-premises security solution while cloud-based tools mature, IT teams could be shooting themselves in the foot; spending more time maintaining their solution than getting the value it was designed for. Ultimately, organizations need to assess the operational burdens inherent in their existing approach, especially if it is still primarily on-premises.
TDIR in a Digitized Future
Whichever situation applies, the momentum behind modern, cloud-centric tools that are built-for-purpose is growing. For instance, ESG recently revealed that over a quarter (26%) of enterprises reported the need for a dedicated SIEM focused on the cloud environment, while another 25% wanted more advanced analytics to enable faster response to cloud threats.
That’s why it’s important to focus on evaluating your security stack to ensure it can keep pace with the significant changes occurring across the IT landscape. In building more effective strategies, organizations can also look to initiatives such as The XDR Alliance, a group of security and IT technology providers who have organized to help customers more easily define, implement and operate effective TDIR programs and technology stacks.
As the post-pandemic norms continue to evolve, it seems certain that the challenges faced by organizations since early 2020 have served to accelerate the importance of cloud infrastructure and services across the globe. To ensure security keeps pace with the speed of change, security stacks must evolve with business needs and provide the levels of protection that organizations desperately require.
