Here are some I’ve come across:
- IP address means less for tracking all the transient and replaceable instances
- Rapid provisioning makes assets to appear and disappear, go up and down, in and out of scope, etc
- Auto-scaling busts tool licensing limits (!) and disrupts node-based asset tracking (“we have 400 assets…ooops…3000..ooops 200 now!”), creates large volumes of monitoring data for some periods of time
- Remote cloud environments are sometimes accessed via links of limited bandwidth, making it harder to move monitoring data from the cloud to the datacenter
- Different models for network security monitoring (only at instances, not in between “on the network”)
- PaaS and SaaS
- There are layers of the computing stack that are not under enterprise control; no network monitoring, no host monitoring (SaaS)
- No concept of “asset IP” or, in fact, of a computer as an IT asset
- For both SaaS and PaaS, lack of any traditional “IT infrastructure” such as OS
- No OS logs – “apps all the way down” (SaaS)
- No perimeter monitoring.
On top of this, many cloud environments run under a very “alien” (aka DevOps) IT operations model, often dissimilar from traditional data center management models, that further breaks down the effectiveness of on-premise security tools.
What others examples of traditional, on-premise security tools not working in the cloud have you seen?
Related blog posts:
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.