Earlier this week, Forrester released its Vendor Landscape report for cloud workload security solutions (CWS), authored by Andras Cser, Vice President and principal analyst at Forrester. According to the report, 52% of North American infrastructure decision-makers believe public cloud implementations are a critical business priority. There’s no question the future belongs to the cloud. The implications for security, however, are not as clear.
Fortunately, the Forrester report helps clear things up. Cser offers two critical observations:
- Security and risk (S&R) professionals can’t secure cloud workloads with manual tools and traditional technology.
- CWS solutions are expected to monitor both the workload guest OS and the platform itself.
Manual Tools and Traditional Technologies are No Longer Adequate
In the cloud, manual tools and traditional technologies are challenged by 3 key dynamics: speed, complexity, and legacy pricing.
The cloud is quick. Quick to get going, quick to update, and quick to scale. But speed isn’t usually good for security. Speed often equals haste, and hasty solutions aren’t usually secure.
Lacework accelerates cloud workload security in two ways. First, our platform immediately delivers visibility and insights into how applications, VMs, containers, and users interact with each other. This gives your team the clarity they need to secure these entities. Second, Lacework helps S&R professionals and DevOps to collaborate better by giving them a common viewpoint that enables S&S professionals to operate security at the speed of DevOps.
Humans instinctively equate simplicity with speed – but that intuition breaks down in the cloud. Scaling up a cloud solution, for example, happens by replicating entities and increasing, not decreasing complexity. Ephemeral workloads, the use of external APIs, and hybrid environments also contribute to cloud complexity.
Lacework fights complexity by focusing on fundamental cloud behaviors, not on individual cloud entities. When functionally identical connections, processes, or containers grow to scale a solution, we automatically aggregate them to reduce complexity. We reveal the essentials of the cloud and make security far simpler.
Public clouds are the ultimate capital expense of eliminators. They’re also designed for elasticity. Decrease resources when you don’t need them, add when activity peaks. A usage-based pricing model is a perfect fit for the cloud. Traditional on-premises security tools that have retained legacy pricing models are ill-fitted for the cloud.
Lacework was not only born in the cloud, but we also run our business in the cloud and have a deep appreciation for a flexible subscription model. Our pricing correlates to usage and delivered value and makes Lacework easy to procure and use.
Protect the Platform, Protect the Guest OS
Forrester highlights two CWS architectures. In one, lightweight agents monitor every guest OS. In another, solutions use the APIs provided by the IaaS to monitor and intercept calls and data flows. Cser notes that agent-based solutions deliver deeper levels of monitoring and interception, while agentless solutions reduce operational complexities associated with agents. As with most things, each approach has its strengths and weaknesses.
Lacework leverages both architectures to optimize protection for each attack surface. Our agentless solution defends against attacks on the AWS account while our agent-based approach delivers the visibility and depth of coverage needed to protect the implementation itself. The result is an extraordinarily robust and complete CWS solution.
The CWS market is rapidly coming of age. We’re grateful to Forrester for delivering a great new resource for S&R pros struggling to understand how to best protect their public cloud implementations.
If you’re interested in learning more about Lacework, I’d like to suggest the white paper from the SANS Institute. They did a hands-on review of Lacework, how the platform works and the benefits of using it for cloud security. Enjoy the read!