War Stories: ‘Lift-and-Shift’ Does Not Work for Cloud Native Security
Prisma Cloud from Palo Alto Networks sponsored this podcast.
Legacy on-premises security practices and processes cannot be directly transferred to cloud native security and management.
In this episode of The New Stack Makers podcast, Alex Williams, founder and publisher of The New Stack, hosts a roundtable with customers of IT security firm Palo Alto Networks who share their experiences and insights about cloud native security and other related topics. The guests are Brian Cababe, director of cybersecurity, architecture and governance for IT consultancy, Cognizant; Tyler Warren, director of Internet of Things security for commercial warehouse real estate provider, Prologis and Alex Jones, information security manager for security penetration testing firm Cobalt.io.
The shift to the cloud is certainly not easy. It requires a high level of expertise and significant investments in time. “I have seen companies get into a lot of issues when they just do a ‘lift and shift’ in the cloud for whatever reason,” said Warren. “If you are going that route, make sure your house is in order, because you’re going to replicate any issues you have on-prem in the cloud — and you’re going to make it more difficult and more complex once you’re in the cloud.”
Some organizations may also not see the cost-savings and security benefits they might have imagined they would in the immediate future as they begin to make the shift to cloud native — but in the long term, the prospects for improving security and leveraging other opportunities are significant, Cababe said.
“When you start to leverage a lot of the services in the cloud is when you really start to take advantage of the cost-savings opportunities — and there’s a lot you can do in the security space,” said Cababe. “It used to be that you had less visibility in the cloud. But now, I feel like there are a lot of tools available to provide more visibility to the extent that when I’m working on efforts that are on-prem, sometimes I’m frustrated with what I feel like I’m limited to as to what I can do in that environment.”
But while there are hundreds of cloud native security and other tools available today, organizations should also seek to reduce complexity when possible. “Security teams can run into problems where you have too many tools, too many blinking lights that are on-prem,” said Warren. “And you can have that problem in the cloud.”
Capping the number of security tools on which an organization’s DevOps relies is thus a sound policy. “I try to minimize the amount of tools, screens and alerts that you have,” said Warren. “And a lot of the security providers and vendors out there have those tools available, so they do touch many different clouds.