- Security teams are one of the slowest departments to adopt cloud enabled solutions, according to Peter Firstbrook, vice president and analyst at Gartner, while speaking at the Gartner Symposium in Orlando Monday.
- Without the cloud, security professionals are hanging onto boxes, firewalls, proxy servers and internal endpoint solutions that need maintenance. To change this, IT and security departments need a culture hack — breaking free of a "bro culture" and becoming more inclusive, said Firstbrook.
- Attackers aren't using files anymore, they're using scripts, like Powershell and Java. The only way to meaningfully analyze the harmfulness of changes in an application is analyzing its behavior.
Security, just as much as other aspects of technology, is asserting itself as a integral part of overall business strategy. As a result, executive leadership and boards are embracing strategic shifts in the security ecosystem despite the possibility of disruption.
"Perimeters are dissolving" and people are beginning to ask why do I need a firewall on my network when it can be in the cloud, said Firstbrook. The cloud offers security teams the benefits of accuracy, agility and staff augmentation.
Companies that choose to stick with on-premise security solutions need to justify it, if they're choosing it over the cloud, said Firstbrook. With the exception of a few things, the cloud doesn't need much justification.
Still, there are some concerns relating to the cloud and security. Companies have to be aware of what kinds of data needs to be inspected before being uploaded in the cloud. Companies need to know the location of where data will be stored.
The cloud is also a prime target because it is a concentrated risk and attackers know it.
While the cloud's benefits often outweigh its drawbacks, it needs human augmentation. When hackers "inject" themselves into a script, security professionals have to look at the data recording activity, said Firstbrook. Sometimes data on appears harmless, but the sequence of it could indicate a larger threat.