First there was cloud. Then there was public cloud and private cloud… which (as we know) spawned hybrid cloud as the much-loved progeny of the two.
Then there was multi-cloud, a coming together of compute resources where an organization uses different cloud services from different Cloud Services Providers (CSPs) to run workloads for different applications, departments, subsidiaries or perhaps even for different specific workflow functions.
Then, after all that, there came the notion of so-called poly-cloud, the separation of different parts of an application or data service workload across different CSPs, an action taken when the price, performance, latency, legislative or other core requirements of a workload can be segmented accurately (and securely enough) to warrant splitting that workload apart over different cloud providers.
What all that creates is a world of many clouds and therefore many concerns… this is the world of the multi-cloud poly-hybrid mechanics.
Continuous intelligence, across the ether
The complexity created here presents a challenge for enterprise organizations seeking to lock down cloud-based resources that now span a hitherto unimaginably complex and interconnected landscape of computing resources.
Aiming to provide a degree of what it likes to brand as continuous intelligence, Sumo Logic has now built a multi-cloud and hybrid threat protection offering powered by Amazon Web Services Inc. (AWS). The Sumo Logic Cloud SIEM Powered by AWS is built on Sumo Logic’s own branded Continuous Intelligence Platform, with the SIEM denoting Security Information & [software code] Event Management as it does.
This is not anti-virus malware protection at the traditional consumer-level that you might be urged to install when you set up your new laptop; this is software code-centric protection and security intelligence with functions focused on areas like compliance, security analytics and cloud SIEM technologies.
MORE FOR YOU
The companies say they have worked together to offer out-of-the-box integration with key AWS security services, plus integrations with cloud-based SaaS and on-premises security services. This is all about creating technology that can perform deep internal inspection of cloud services and eliminate security blind spots across multi-cloud, hybrid (and indeed poly-cloud) environments.
Contextualized data intelligence
Both Sumo Logic and AWS talk about contextualized data intelligence and, in this case, contextualized threat data. That doesn’t mean context surrounding where the source of malware might emanate from, in this case it is contextualized cloud reports to highlight where an enterprise’s weak spots might be based upon:
- a) an organization’s installed stack of virtualized cloud technology
- b) an organization’s “operations maturity” and its ability to act and fix the internal mechanics of its cloud apps when called upon
- c) an organization’s ability to have created its own Security Operations Center (SOC) to work with cloud developers to lock down its IT stack
For companies that don’t have an internal or outsourced Security Operations Center (SOC), the offering will provide security monitoring, visibility and alerting. For organizations modernizing their SOC, the offering will in provide cross-source threat correlation with machine learning detection, automation and orchestration.
Sumo Logic VP Greg Martin claims that his company provides a comprehensive approach to quickly uncover activity that can indicate an “early-stage computing event” (that could be related to a risk) by identifying spikes and anomalies based on the organization’s baseline of historical data.
“Unrestricted by the processing power of on-premises hardware, Sumo Logic’s Cloud SIEM solution addresses the challenges facing today’s security practitioners by providing full visibility across their IT, application development and security ecosystem, automating the manual work for security analysts, saving them time and enabling them to be more effective by focusing on higher-value security functions,” said Martin and team.
Dear CTO/CIO, how is our ‘security posture’?
This is another one of those “would the CEO actually question this element of company operations in the board meeting” questions. Captains of industry may not be familiar with the term security posture today, but as companies spanning a multiplicity of cloud computing supply pipes start to realize the breadth of their own IT footprint, it is arguably among the workable buzzphrases for any self-respecting business manager going forward.
“Companies today take in huge amounts of data from their cloud services and applications, because everything tells you what it is doing in immense detail. It’s what you can do with that data, is where things get interesting. Security is one area, but this data can be applied to operations and for improving software development. When your business process is digital, you can see the impact of your decisions in real-time, whether that is a software update or IT redesign or something like a marketing project,” said Christian Beedgen, chief technology officer at Sumo Logic.
Organizations should know that data coming in can be consolidated — and at this point, everyone can make use of it for their own understanding. Beedgen suggests that the smartest companies use this as an opportunity to consolidate their tools and build up their observability approaches across the whole business, as this stops duplication and saves on cost.
Long term trends
The long term trend here is companies have lots of tools gathering data and this can lead to problems around the volume of data coming in over time. Data obviously has a cost to store, so having multiple copies of the same data will lead to more expense and Beedgen reminds us that this can lead to financial challenges
“Companies thinking about their data strategy using cloud providers might feel like resources are infinitely scalable, but the reality is that the organization will ultimately run out of budget. Consolidating and cutting duplicate data in different tools reduces that problem, keeps the business on the right side of the data cost curve and ensures that you can carry on innovating,” concluded Beedgen.
Many of the resources inside our technology stacks are being exposed (in a positive way) to the benefits of automation and Artificial Intelligence (AI), so that factor needs to be resonated in our cloud operations management layer. In the case of this story, it is. Sumo Logic and AWS have brought together Machine Learning (ML)-driven detection, integrated threat intelligence correlation and deep search-based investigation to look into systems and provide insight. That insight is surfaced through rich data visualization (graphs, dashboards and data speedometers, basically) so that any business manager can see what’s happening.
Once we can say we have sorted out our cloud security posture we can perhaps all straighten our backs and work out whether we need a lumbar support pillow. Until then, sit up straight and keep an eye on the multi-hybrid-poly cloud engine room.