Cloud security consolidation - improve your results

By Paul Baird, Chief Technical Security Officer at Qualys.

  • Saturday, 21st October 2023 Posted 1 year ago in by Phil Alsop

The share of companies that want to consolidate their security plans and solutions has grown massively. Gartner estimates that around three quarters of companies are working on security consolidation, up from 29 percent in 2020. The challenge is that any time the word ‘consolidation’ is mentioned, the automatic assumption is that this is driven by saving on costs. However, while normally consolidation is linked with saving money, the main goal for security consolidation is to improve how companies manage risk and increase their operational efficiency

To make these kinds of projects successful, you will have to consider your customers’ current security approach, where opportunities to consolidate exist, and how you can deliver those results over time. Security consolidation reduces gaps in customer security, but it also leads to other opportunities as well. For example, as you consolidate security for your customers, you can also deliver more advanced security capabilities like automation to speed up their operations and reduce alert fatigue.

Understanding your risk profile

Every organisation will have an arsenal of security products and services at their disposal, all used to meet a specific need. According to IBM, 30 percent of organizations have more than 50 tools and technologies for security. However, these products will have been brought in over time. Each vendor will update its products or services to try and meet customer demands, or to expand their product in response to new challenges. These products then overlap in terms of functionality, but not in terms of process and workflow. These areas can have significant gaps.

At the same time, security teams are struggling to keep up with demands on their time. According to ISC2, there are 3.4 million cybersecurity roles open around the world, putting more pressure on existing staff. The number of tools that staff have available to them should make things easier, but those gaps still exist. For companies that have the dilemmas of more threats and less staff resources, how can they cope?

This is where consolidation can make a difference. In order to help customers on their security consolidation journey, you can start with understanding their current approach to managing risk. This involves looking at the products that they have in place, but also at their processes and team management as well. Are they reliant on manual work, and how does this affect their ability to respond to threats? Can you help them replace those manual efforts with more effective integration and automation instead, freeing up their staff to be more productive?

Security consolidation is less about tooling, although removing excess and unnecessary products is part of the approach. Instead, consolidation involves looking at your customers’ existing processes and removing any elements that are not efficient. By integrating tools together and using this to support better workflows, you can help your customers architect their processes to be more efficient across their business security. At the same time, this can be an opportunity to remove superfluous software products from the mix or make use of more suites of products rather than multiple best of breed options. This should improve results and incidentally pay for that consultation on consolidating in the right way.

Automation and consolidation

In IT security, we have a vision of threat actors against defenders, with both sides working based on their skills. However, this vision is now out of date. Rather than hands on keyboard-style exploits based on hacking skills, the majority of issues in IT security are due to misconfigurations and software vulnerabilities. These problems are exploited using automated scanning to find issues - rather than that vision of bad guys against defenders, we are fighting against automated attacks.

To keep up with this, IT security teams have to automate as well. The days of relying on the security team alone to keep up with potential risks are now in the past. With more companies moving to the cloud - and even running across multiple cloud environments - the sheer volume of data involved is problematic for teams to track and use effectively. For company security teams, any help around how to use automation will have an immediate impact.

At the same time, misconfigurations in the cloud can lead to potential exploits and vulnerabilities too. For example, our Qualys TotalCloud Security Insights research report for 2023 found that the average failure rate for Center for Internet Security benchmarks for cloud security on AWS was 34 percent, rising to 57 percent for Microsoft Azure and 60 percent for Google Cloud Platform. These best practices exist, yet they are not being used effectively to prevent issues in the first place.

The challenge here is that teams are not able to manage all the moving parts that exist across IT. There are so many issues that demand attention, from new exploits and vulnerabilities to change requests and configuration updates, that knowing where to put your effort is hard. When this applies to multiple different platforms, the problem multiplies exponentially. Consolidating security helps security teams get their ability to focus back, as it makes it easier to prioritise those problems that are most pressing. Rather than getting multiple views of the security truth, consolidation should make it easier to see where efforts are needed and then make those decisions faster and easier to implement. For channel partners, providing this path forward is an effective way to engage with customers and help them to improve their approach.

Automation is an essential part of this approach. It involves understanding each customer’s specific risk profile, what their most critical applications are, and how those systems might be updated in the event of a problem being discovered. Security consolidation helps customers see where they have the most pain points to address and which ones are the most serious. With this view in mind, they can then use automated patching and remediation to work more effectively. Based on our data, automated patching and remediation delivers results faster around the applications and services that companies prioritise.

Microsoft Windows and Google Chrome are good examples as the most commonly used operating system and web browser respectively. These software products are essential to the vast majority of workers, so they get attention around updates. The mean time to remediate weaponised vulnerabilities for Windows and Chrome is 17.4 days, with an effective patch rate of 82.9 percent, compared to 30.6 days and 42.3 percent for non-Windows and Chrome applications. According to the Qualys TruRisk Research Report, these critical applications are therefore patched twice as fast and twice as often as other applications. Bringing this same approach to other applications will improve security performance.

Consolidation and security planning

Security consolidation can be a tricky subject to broach with customers. They may want to protect their budgets and their teams. But no company can stand still in the face of the continuing growth of cyber attacks. Threat actors are happy to use automation to increase their chances of getting into new targets, so we have to help customers adopt and use the same approaches in their security processes and workflows.

Consolidating security processes and deploying automation can help teams make the most of the skilled people that they have as well as reducing gaps in their enterprise environments. Most importantly, it can provide an opportunity to get data on how well these teams are doing

with their efforts over time, which is essential for internal reporting and to keep improving. By looking at consolidation overall - not just reducing the number of security products involved - you can ensure that your customers stay secure.