Here are some I’ve come across:
- IP address means less for tracking all the transient and replaceable instances
- Rapid provisioning makes assets to appear and disappear, go up and down, in and out of scope, etc
- Auto-scaling busts tool licensing limits (!) and disrupts node-based asset tracking (“we have 400 assets…ooops…3000..ooops 200 now!”), creates large volumes of monitoring data for some periods of time
- Remote cloud environments are sometimes accessed via links of limited bandwidth, making it harder to move monitoring data from the cloud to the datacenter
- Different models for network security monitoring (only at instances, not in between “on the network”)
- PaaS and SaaS
- There are layers of the computing stack that are not under enterprise control; no network monitoring, no host monitoring (SaaS)
- No concept of “asset IP” or, in fact, of a computer as an IT asset
- For both SaaS and PaaS, lack of any traditional “IT infrastructure” such as OS
- No OS logs – “apps all the way down” (SaaS)
- No perimeter monitoring.
On top of this, many cloud environments run under a very “alien” (aka DevOps) IT operations model, often dissimilar from traditional data center management models, that further breaks down the effectiveness of on-premise security tools.
What others examples of traditional, on-premise security tools not working in the cloud have you seen?
Related blog posts: