In response to these new complexities, cloud security providers are adapting to bring people intuitive security solutions for risks resulting from inconsistency.

“Organizations are rapidly moving toward a multi-cloud model where they may be using SaaS [Software as a Service] applications like Office 365, Box or SalesForce.com alongside of AWS or Azure,” explained Mark Anderson, President of Palo Alto Networks. “This results in data distributed in a variety of places, and the security challenge is how to establish and enforce a policy that protects data in a consistent manner from their physical, on-premise data center to their SaaS applications to their public cloud deployments.”

Consistency and prevention

“The old days of detect and respond aren’t going to work,” Anderson said. “With any cloud deployment — public, private, hybrid or SaaS, you need a breach-prevention mindset.” Anderson stressed that being able to enforce a security policy that goes across your enterprise is vital along with a consistent policy that can be enforced no matter where your data is.

“A next-generation mindset is needed to architect solutions to security challenges in cloud deployments,” said Anderson. “Whether your workloads are moving back and forth [between the cloud and SaaS], prevention-minded next-generation security uses automation to successfully protect you at real-time speed and enables organizations to embrace the cloud with confidence that their data is secure.”

“An integrated platform tries to recognize threats, work quickly to identify the threat as unknown and then reformat to best fight it.”

Agile and automated

Some customer attacks come from sources or ways people didn’t even know were possible. But prevention-focused security is the best response. “An integrated platform tries to recognize threats, work quickly to identify the threat as unknown and then reformat to best fight it,” said Anderson. “Reprogramming as quickly as possible to protect against both unknown threats and known ones — which aren’t trivial — requires an agile and automated platform.”

Anderson knows that customers want to work with fewer security vendors, not more. They want less complexity. Small businesses that might not have as much in their budget for security as the larger companies might want to consume their data completely in the cloud or in a single managed service like Verizon. An integrated security platform would appeal to them.

Employees can help

“Palo Alto Networks instills security organizationally and functionally into the DNA of the company,” Anderson said. “We believe that security has to be addressed not just with great technology and an innovative next-generation security platform. All organizations also need to consider the role people, namely employees in an enterprise organization, and processes play in establishing a breach prevention-oriented security posture.” Anderson advises educating all employees — not just IT and security operators, but the entire workforce — on good cyber hygiene and how to spot phishing emails a year-round and programmatic priority.

Additionally, processes throughout an organization (such as authorizations for wire transfers), should be evaluated frequently to take into consideration the advance ways cyber adversaries may try to intercept or take advantage of weaknesses. Employees across a company can play a role in this kind of process evaluation and adjustments to ensure a breach-prevention mindset and practices are in place. This is important in every aspect of the business and IT infrastructure, especially as new cloud operating models introduce new frontiers for adversaries to breach an organization and access data.”

One final consideration Anderson shared specific to securing cloud deployments: “When considering cloud security providers, do your research. Don’t trust what’s on their website. Don’t even trust a third-party web review. Do the proof of testing yourself.”