There are many challenges around cloud and IoT security. 

This article quotes an AlienVault report I wrote on this topic based on interviews with security professionals and a survey at RSA. 

Some key points:


  • Although there are concerns around the use of IoT devices, nearly half of respondents believe that the benefits of IoT technology outweigh the risks.
  • Approximately one-fifth of security professionals don’t know how many cloud services are in use within their organization, and 40 percent of them are not consulted before a new cloud platform is deployed.
  • Nearly half of security professionals prefer to monitor cloud environments rather than on-premises ones.
  • Gaining visibility into the cloud was a significant concern, with 42 percent responding that the lack of visibility presents a security risk.

Conclusions

It’s vitally important to know what assets you have and where. Cloud and IoT each present different challenges in this regard. Cloud can spin instances up and down on demand, but what you don’t always know is how many different cloud apps are in use at a particular point in time in a given environment. IoT, on the other hand, introduces physical devices into the environment and while keeping track of the assets might be easier than with cloud, physical security becomes a larger concern. Ultimately, you can’t stop progress. Instead, you need to adapt to it and find ways to make it better through better monitoring.

Regardless of how technologies continue to change and evolve, the principles of threat detection will largely remain the same. This involves knowing which assets you have, identifying where vulnerabilities exist, and monitoring to detect when attempts are made to exploit those vulnerabilities, be it directly, or indirectly. Growing complexity remains an ever-increasing challenge for security professionals. For this reason, steps should be taken to streamline the technology stack and associated business process. Unification of security utilities can prove invaluable to streamline monitoring for threats across the different cloud, on-premises, and physical environments. Finally, it’s important to understand that for many new businesses, and indeed even traditional businesses, the value of the business no longer resides in the physical premises or inventory – rather it is contained within its data. This makes data security all the more important from an organizational point of view.

Criminals are also wise to the value of corporate data and continually evolve attack techniques that can increase their chances of success. For this reason, a reliable and continuous source of threat intelligence can help keep companies on top of all the latest attack techniques and emerging threats, whether they affect the public cloud, private cloud, onpremises infrastructure, or Internet of Things devices.