Google Cloud’s security experts this week said that the top challenge security operations centers will face in the year ahead is grappling with the cloud.
Security teams will have to focus in on how they will deal with expanding cloud environments, including various public clouds, multi-cloud, and the proliferation of SaaS.
“To me, this is both a prediction and a wish and a trend, and I feel like we're behind enough already compared to other teams,” said Anton Chuvakin, security advisor at Office of the CISO, Google Cloud. “So that I think SOCs need to catch up, and next year is the year to catch up.”
Cloud changes everything — including how we do threat detection and response in the SOC, said Phil Neray, vice president of cyber defense strategy at CardinalOps. Neray said traditional ways of securing endpoints simply don't apply to serverless functions in the cloud.
“How do you monitor and govern serverless functions that have access to your sensitive data,” posed Neray. “And how do you do forensics on them if they typically exist for no more than 60 seconds? Another example is how you manage your SIEM, which is the heart of the SOC. Securing the cloud requires entirely new data sources to be ingested by the SIEM, such as logs from cloud storage buckets and cloud admin consoles, while traditional log sources such as Windows Event Logs are likely not required anymore.”
Claude Mandy, chief evangelist, data security at Symmetry Systems, said each cloud's approach to configuration of identity and access management within their environment is slightly differently. Mandy said it’s important to remember that as part of the shared responsibility model, it’s incumbent on the organization, and not the cloud service provider, to configure this at the data and object layer: a complex challenge to lay at the feet of an understaffed and under-tooled security team.
“Until organization's take the opportunity to secure at scale what matters most — data — organizations' understaffed security teams will never be able to enforce the same level of control across a multi-cloud environment,” Mandy said.