In the past few years, we’ve seen a massive uptick of interest in leveraging cloud infrastructure from Logrhythm customers. Just a few years ago, organizations viewed cloud as an interesting proposition for a few use cases. Today, we see many critical business functions either being migrated to cloud platforms, or new cloud solutions completely replacing their on-premise counterparts.
With the proliferation of “cloud-first” initiatives, partially fueled by the rise of DevOps practices, cloud is becoming a first-class citizen of many businesses. In response to this, the need for IT to effectively monitor these cloud environments is rapidly becoming an integral and critical part of both IT security and IT operational monitoring.
The pace of technological change makes it hard for me to remember what enterprises were like even a few years ago. Back then, your company probably consisted of employees with smartphones, internal IT systems for a common function such as HR, Marketing, and Sales Management, and on-premises data centers containing customer-facing systems, IP, and other assets. The perimeter was well defined, and what kept you awake at night was security concerns surrounding an employee visiting a malicious website or opening a malicious email.
Just when the smartphone revolution was brewing, another radical shift in IT was starting to take hold – cloud computing. In 2019 the cloud, just like the smartphone, is both a revenue and company growth accelerator. But understanding and fully leveraging all aspects of the cloud can be confusing. I would like to start with some basics about the different flavors of cloud deployment models, and then explore some security challenges you need to consider as you embark on the journey to the cloud.
Enterprises have changed the way they interact with data and where their workloads reside. Approximately a decade ago, enterprises directly owned and housed servers that IT personnel maintained. These servers sat in data centers protected by multiple security controls around a well-defined perimeter.
All that has changed. More and more enterprises are now transitioning data and enterprise applications to the public cloud, oftentimes turning to Amazon Web Services (AWS), Azure, or Google Cloud. They make the shift to take advantage of the flexibility of elastic computing resources, lower costs, and easier maintenance.
Some organizations are shutting down their data centers entirely and moving all computer resources over to Infrastructure-as-a-Service (IaaS) providers like AWS. However, many enterprises are moving some, not all, of their servers to the public cloud. It’s likely that this hybrid infrastructure consisting of on-premises and cloud-based assets will dominate the market for the few next years, requiring security on two fronts, if you will.
Either way, there’s an old adage in security – wherever the data goes, so go the criminals.