By Augusto Barros, Cybersecurity Evangelist, Securonix
Businesses are rapidly moving to the cloud with recent statistics showing that 50% of all corporate data is stored in the cloud. Many organizations also find themselves implementing multi-cloud adoption to keep pace with the demands of modern business. In fact, 81% of all enterprises report a multi-cloud strategy already laid out or in the works. With data spread across multiple cloud platforms, how are security teams able to effectively consolidate data, monitor for threats, and maintain visibility across environments?
The reality is many organizations today struggle with security monitoring in multi-cloud scenarios. Three out of four enterprises today list cloud security as a top concern, yet only 21% of organizations report having a centralized view of their security posture and policy compliance across all cloud accounts.
Why is security monitoring so difficult in multi-cloud environments? More importantly, what can security teams do to centralize data, maximize visibility, and effectively monitor threats across multiple cloud platforms?
In our recent webinar I spoke with Teddy Lewis, Principal of Data-Cloud Strategy at Snowflake spoke about how to address these questions and discuss cloud-native analytics and storage solution offered by Securonix and Snowflake.
Challenges of multi-cloud environments
Threat detection is challenging enough in one cloud environment–not to mention the increased difficulty of multi-cloud scenarios. The unique nature of each technology stack complicates security in the cloud compared to the traditional data center, with rapid growth forcing many organizations to disperse across major cloud providers. Multi-cloud adoption often introduces new threats and furthers technological disparities. Teddy Lewis confirms the trend, “The technology problem becomes bigger here because of the multi-cloud scenario.”
Why is this?
As you might imagine, the technology used by different cloud providers can differ significantly. System components are often fundamentally different, as are the methods for collecting and formatting data. Collection and formatting are minor obstacles compared to the limitations and contrasts of individual cloud providers relating to the consolidation and centralization of data. Many organizations favor varying consolidation methods widening the gap between cloud platforms. These disparities result in critical data becoming siloed, making security monitoring in multi-cloud environments infinitely more challenging.
It’s important to keep in mind that divergent cloud processes can require different methods and means of monitoring threats. Behavior analytics often must be applied differently across cloud platforms–behavior considered normal in one cloud environment may trigger an alert in another. Messaging can also vary between environments, and teams will need people with environment-specific skills to interpret and translate threat communications. The unfortunate result is siloed data sitting within repositories in cloud platforms.
Why DIY isn’t the answer
Some organizations attempt a do-it-yourself solution to create a centralized view of multi-cloud environments–usually with less than stellar results and at a high cost. Numerous hurdles include the challenge of scale and the difficulty of attempting to successfully replicate necessary tools, processes, and people. Indeed, data can be collected and stored in a secure platform such as Snowflake but then how can it be used for security purposes? How does your team look for threats in the data? A successful do-it-yourself initiative requires the in-house knowledge and expertise to properly utilize data for security. Unfortunately, many teams lack these necessary skill sets and pay the steep price to transport data to a third-party SIEM.
The power of a next-gen, cloud-native SIEM
What would happen if you built a SIEM to include access to a modern cloud data platform? You would no longer need to download vast amounts of data from the cloud because your SIEM environment would be part of the cloud–easily accessing data for analysis and providing cloud threat detection. Data silos would be eliminated–all data would reside in the same platform and be available across all cloud environments.
Bring Your Own Snowflake by Securonix brings this powerful union to life–blending the secure analytics of next-gen SIEM with Snowflake’s secure data storage platform for successful threat detection and response at cloud scale. Securonix’s Next-Gen SIEM can quickly feed data adding real-time enrichment, applying analytics, and delivering rapid automated responses. Barros explains, “Because the data flows through Securonix first, you’re going to have faster detection and response to threats as Securonix is doing all the analytics before putting the data into Snowflake. You don’t lose any agility by adopting this type of solution.”
The expertise needed to work data for threats across multiple cloud environments is critical, and Barros explains Securonix’s essential role, “Threat detection content is not easy to develop. It’s not just about rules. We’re talking about how to parse this type of data and connect to each of those hundreds of data sources you may have to do enrichment of the data. These processes require much effort to develop. This is what Securonix brings to the mix–the expertise for skillfully applying security analytics.”
Snowflake also brings advantages to this unique partnership which boosts visibility and makes monitoring multi-cloud environments simpler and less costly. “Snowflake is incredibly cost-effective, offering one affordable cloud pricing model where many of our customers enjoy a log data compression of seven to 10 times. There are no limitations to how much log data you can throw at Snowflake, and we recently introduced a new foundational layer known as Snow Grid. Snow Grid connects all regional deployments of Snowflake across all three clouds creating one integrated and unified network where data can seamlessly flow,” says Lewis.
Securonix + Snowflake meets the challenge
Consolidating data across disparate cloud environments to create the needed visibility for effective threat monitoring is undoubtedly one of the stiffest challenges facing security teams. Teams must navigate the obstacles of cloud security multiplied by various environments–plus the added complexity of divergent technology. The inevitable results are siloed data, lagging analytics, and poor threat visibility across disparate cloud environments.
It doesn’t have to be this way. A centralized, analytics-driven approach to multi-cloud security monitoring is here. Securonix + Snowflake brings cloud-agnostic storage for data consolidation and critical out-of-the-box content in a cloud-native SIEM together for advanced analytics capability and multi-source threat visibility. As modern organizations grow, the need for multi-cloud adoption appears here to stay and the challenge of monitoring threats across disparate environments does not have to be the daunting task of days past.
For more information on the Securonix and Snowflake partnership, please check out our webinar “Multi-Cloud, Not Multi-Silos: Consolidate Your Security Data” here.
Related Resources
Rain, Hail, or Insider threat? A Risk-Based Approach to Cloud Threats.
Bring Your Own AWS: SaaS Security Analytics on Data Lakes
Data-Driven Methods to Detect Nation-State Actors