Gartner Blog Network

Trouble In The Cloud?!

by Anton Chuvakin  |  June 22, 2015  |  8 Comments

What challenges does the usage of traditional, on-premise security tools [monitoring tools, like SIEM or DLP, in particular] creates in the cloud [SaaS, PaaS, IaaS models]?

Here are some I’ve come across:

  • IaaS
    • IP address means less for tracking all the transient and replaceable instances
    • Rapid provisioning makes assets to appear and disappear, go up and down, in and out of scope, etc
    • Auto-scaling busts tool licensing limits (!) and disrupts node-based asset tracking (“we have 400 assets…ooops…3000..ooops 200 now!”), creates large volumes of monitoring data for some periods of time
    • Remote cloud environments are sometimes accessed via links of limited bandwidth, making it harder to move monitoring data from the cloud to the datacenter
    • Different models for network security monitoring (only at instances, not in between “on the network”)
  • PaaS and SaaS
    • There are layers of the computing stack that are not under enterprise control; no network monitoring, no host monitoring (SaaS)
    • No concept of “asset IP” or, in fact, of a computer as an IT asset
    • For both SaaS and PaaS, lack of any traditional “IT infrastructure” such as OS
    • No OS logs – “apps all the way down” (SaaS)
    • No perimeter monitoring.

On top of this, many cloud environments run under a very “alien” (aka DevOps) IT operations model, often dissimilar from traditional data center management models, that further breaks down the effectiveness of on-premise security tools.

What others examples of traditional, on-premise security tools not working in the cloud have you seen?

Related blog posts:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud  monitoring  security  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on Trouble In The Cloud?!

  1. Roopak Patel says:

    Hi Anton,

    Great summary; your points are spot on. Here’s where there is an opportunity for companies to create and provide greater visibility into the activities around their SaaS applications. Salesforce comes to mind but don’t forget others like Box and GoogleApps just to mention a few. I also this this space is ripe for new technologies to be used to track user activities, like machine learning, unsupervised modeling and threat identification. I spent time at FireEye always worrying about how objects can deliver bad stuff to networks but now I am at a start up that focuses on using ML, data science and activity logs to identify anomalous behavior across networks and SaaS applications. I’d be happy to have a deeper conversation if you’d like.

    Roopak Patel

  2. […] Chuvakin from Gartner lists some of the challenges he has come across for security in the move to IaaS, PaaS and SaaS services. He is spot-on that […]

  3. […] Chuvakin from Gartner lists some of the challenges he has come across for security in the move to IaaS, PaaS and SaaS services. He is spot-on that […]

  4. Adrian says:

    How about not knowing where all your data is? I mean, maybe there are some legal restraints…

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.