Among enterprises' objections to cloud computing, the one that comes up the most frequently is security. Organizations that handle sensitive or legally protected data, such as consumer financial information or Personally Identifying Information (PII), are understandably reluctant to give up control over the protection and storage of that information to a third party, especially since the businesses themselves remain on the legal hook in the event of a data breach or exposure via a third party cloud service provider. One specific fear is that the company will not be able to perform intrusion detection on its cloud deployments and will not be able to respond to incidents in a timely manner. Overcome these objections with the following facts.
1. Cloud adoption does not always mean a loss of control.
For enterprises used to relying on their own in-house intrusion detection systems to keep watch over their in-house network and data assets, cloud computing can be particularly scary. And it's true that when an organization adopts a third-party cloud service, the organization will end up relying on the cloud provider to take over those intrusion detection duties. That does not have to mean that the organization loses visibility into its data, however. By negotiating deals with the cloud service providers that enable enterprises to receive critical logs in order to perform their own regular monitoring and alerting, organizations can continue to stay on top of their data's safety and incident response procedures, even in the cloud.
2. Virtual infrastructure in the cloud allows for extensive intrusion detection.
Virtual infrastructure, such as that offered by Microsoft and VMware, has proven a boon to many enterprises unable or unwilling to invest in build-outs of their own on-premises data environments. Luckily, this virtual infrastructure is often just as amenable to enterprise intrusion detection solutions as physical machines on-prem. In fact, virtualization presents many intrusion detection options, ranging from intrusion detection tools installed in the virtual machines (VMs) themselves, to hypervisor-based intrusion detection, or even intrusion detection purpose-built to monitor the virtual network connecting all of a business's VMs. And that's on top of the traditional intrusion detection systems that can be deployed to the physical network underlying the virtual one. All these potential layers of intrusion detection can actually enhance incident response in virtualized environments over traditional ones.
3. The future of intrusion detection in the cloud looks bright.
Cloud computing has been on the scene for some time now, but, as with most other technological innovations, security has remained a few paces behind it. When it comes to intrusion detection and incident response in the cloud, for example, it took some time for developers to get a grip on the demand for intrusion detection in cloud-based environments. The security industry is catching up now, however. Look forward to a future in which vendors will offer cloud-based intrusion detection and incident response systems that make the task of maintaining control over cloud and virtual infrastructures just as familiar as the task of performing intrusion detection on traditional systems. In fact, solutions are emerging that will unify cloud and on-prem intrusion detection technologies into a single user interface, further bringing public cloud into the enterprise fold.
Organizations with objections to cloud computing often raise valid concerns. As a reseller, however, you are well placed to counter those objections with the facts about the rapidly evolving cloud computing security landscape. Just about any business, in just about any vertical, can reap massive benefits from the cloud. If you can help enable that by reassuring your customers about security in the cloud, you'll find new doors opening and new sales opportunities arising to reward your efforts.
How much do you know about intrusion detection and incident response in the cloud? If you don't know enough, talk to one of our security experts today to learn more.