In part two of our cloud security emerging products we see a little shift in product types. This time we see more emphasis on protecting - specifically - the data. Although we did have a couple of standout tools that did such things as create a virtual Security Operations Center (SOC) using the App Store concept for provisioning, the bulk of these products and services addressed rather prosaic challenges in innovative ways.
For example, a big challenge in any data center is compliance. There are lots of tools that do compliance pretty well. It is a relatively mature market space. However, cloud computing - aka, "someone else's computer" computing - poses lots of challenges that simply do not exist in the hardware or software data center on the organization's premises. We saw some good tools that, among other things, address that.
Another emphasis - and this is a big deal in our view - is the so-called "shadow IT" problem. Simply put, this means that the users are taking care of themselves. They are becoming their own IT shop - shadow IT. You have a couple of choices in this case. You can allow it and hope that the people who have decided to be their own support, provisioning and configuration team actually know enough not to mess things up too badly. Or, you can look for products that accept that there will be shadow IT and make it as hard as possible to throw a spanner in the works affecting that entire organization. These products are super user-friendly and extremely comprehensive. They have heavy automation that, once deployed in the enterprise by the "real" IT shop, nearly run on autopilot.
Also in this group of products we saw a trend toward extremely simple policy development. The policy engines in many of these products are as elegant as any we've seen and more elegant than most. They come with a slew of policies ready to go out of the box and a very simple point-and-click approach to creating new policies. These usually can be created from scratch or built as modifications to clones of supplied policies.
We also saw some of the most innovative user interfaces we ever have seen. True, there were a lot of the tried-and-true sort of SIEM-looking user interfaces (UI), but there also were some remarkably creative and different ones. This is a big part of getting past the shadow IT problem. If the UI is so intuitive that it is hard for the user to make a substantive error, the probability of that spanner in the works goes way down.
Amazingly, we did not know much about many of these products. There were a couple of old standbys, all spruced up in their 2015 best. But many of the tools we looked at in this bunch were new names to us. That said, some had been around an embarrassingly long time. Embarrassing, that is, for folks such as we who spend a lot of time in the virtual universe. But, no matter. This was interesting stuff and it leads to a sort of "how to buy it" analysis.
First, accept that one size does not fit all. To their credit, few if any of these vendors made that claim. You may well need multiple tools depending on what you need to protect, what your infrastructure looks like (private, public or hybrid cloud), who your cloud provider is, your level of resources to manage your cloud, and how extensive your enterprise and cloud deployment are.
Also, be sure to verify compatibility if you do need multiple tools and, especially, if you have some legacy tools deployed - although "legacy" is a pretty iffy term given that the cloud as a mainstay of computing is way less than 10 years old.
Next, not all tools work in all clouds. Be sure that you know what compatibility issues at the hypervisor exist. Remember also that there are agentless tools, and tools that use lightweight agents. Which do you want and why? And about that shadow IT issue? Do you have that challenge and, if so, how do you plan on addressing it?We saw products that live in the cloud, products that live on-premises and products that can live either place. From an administration perspective, which makes most sense to your organization? And administration is not the only issue. There are potential architectural, size and distribution issues. An organization that can live on a single instance of a cloud provider - a relatively small organization - is much different from one that has offices all over the world and needs a widely distributed cloud infrastructure. The tools to support those two will be, likely, somewhat different.