Advertisment

Can you see through the clouds?

author-image
Soma Tah
New Update
ID

Soma Tah

Advertisment

Cloud has, no doubt proved beneficial for the enterprises in many ways, but there are a couple of downsides to it as well. One of the top concerns is that the users have very less control over the hosting infrastructure, which leaves them more exposed to security and privacy risks. While the security breaches into clouds can cause users to avoid or mistrust cloud, cloud visibility can restore customer confidence.

Visibility remains a challenge across hybrid and multi-cloud environment as well. Bhaskar Agastya, Country Manager, Ixia- India speaks more on the concern and shares some of the best practices for organizations which can help them migrate to the Cloud without compromising the security in any way.

To what extent visibility is a concern for the businesses opting for the cloud in India? 

Advertisment

The rapid growth of cloud adoption has shifted the concerns from migration to security and data visibility now. The threat landscapes are changing drastically, forcing organizations to think about the privacy and the security of their data, applications, and workloads that now reside in a cloud-based environment.

In a recent survey, we found that the top priorities for organizations with public cloud environments include securing data and applications, meeting compliance requirements. In India, the top three challenges companies experience due to lack of visibility into their public cloud data include, troubleshooting application performance and network performance issues, application outages as well as in responding quickly to the security alerts and network outages.

These concerns make organization realize why it is important to know where your data is located and how it is protected. The security concerns these companies face are well-founded and they are rooted in the fear of becoming the next security breach headline. No CEO or CIO wants to see their business’ name dominating the news cycle for a major network outage or network attack. In today’s world, the lack of insight and ability to quickly identify data may prevent users from being able to fully trust and leverage their cloud for a fear of vulnerabilities. A state of constant monitoring is necessary to prevent these repercussions and maintain the trust of organizations as they embark on a “cloud first” strategy.

Advertisment

Is achieving visibility across hybrid and multi-cloud environment a challenge?

As business data is exchanged among on-premises applications in private data centers and applications running in multiple public clouds, end-to-end visibility extending across the hybrid environment is a challenge. The lack of granular access to cloud traffic, regardless of the cloud service provider, creates blind spots in the network which could compromise application performance or security, resulting in a degraded customer experience and increased network security risk. Hybrid and multi-cloud environments create challenges for security teams who need to manage multiple segments and does not have the packet visibility to secure their network.

How does Ixia help in this scenario?

Advertisment

Ixia’s CloudLens solves this challenge with a service-provider agnostic platform that supports AWS, Microsoft Azure, IBM Bluemix, Google Cloud, Alibaba Cloud, CenturyLink cloud and more, as well as Windows and Linux also. It can access data directly from instances, filter it in the cloud and then send it directly to security and monitoring tools to simplify management and configuration. Delivered as a pure Software-as-a-Service (SaaS) solution, this provides comprehensive visibility across different cloud environments—public, private, and hybrid clouds and is designed to retain the benefits of the cloud – elastic scale, flexibility, and agility, while enabling security, analytics, and forensics tools.

Cloud providers say security is a shared responsibility- could you please share some best practices to stay secure?

Each business is exposed to different types of threats, which can be overwhelming at times. Hence, it is important for your business to identify and analyze potential threats. A risk assessment of relevant threats provides a clear understanding of which risks are applicable to the business, how often it is expected to occur, and the estimated loss. Irrespective of the size of the business, every organization must have a clear security policy in place. A policy that defines the usage of IT resources by employees is an absolute necessity these days. To provide the foundation for a secure network, it is important to create awareness and undertake user education about the policy and its objective.

Advertisment

When designing a secure network you shouldn’t rely on a single device or product for administrative purposes. Make sure to explore the security capabilities of your firewall or a router and confirm that software and servers are up-to-date. Keep track of the operating systems running on the network. This will help in understanding what vulnerabilities exist in each operating system in order to take relevant precautionary measures. Additionally, put in place an aggressive method of patching the operating system frequently to reduce exposure to vulnerabilities.

What will you do to address the aftermath of a security breach? The answer is to develop an organized method an incident response plan to detect, respond and limit the impact of a security breach. Every business must have a plan in place to quickly respond in the event of an incident.

Growth in online and digital data has played a significant role in driving the security market in India. Indian enterprises are more vulnerable to security attacks as they have not adopted and implemented the best of security solutions available. We recommend organizations to look at security as a continuous practice than just an IT function. Test before you deploy, monitor when you go live and secure continuously, do not wait for an attack to occur. For cloud environments, a virtual packet broker should be used.

cloud security