Security monitoring remains ‘complex and chaotic’ – and cloud and IoT will only make it worse

One in three respondents in a survey conducted by AlienVault said the state of security monitoring in their organisation was ‘complex and chaotic’, adding a ‘major disconnect’ was still in place between beliefs and actions in cloud security.

The survey, conducted at the RSA conference in San Francisco back in February, polled 974 attendees. One in five (21%) admit they don’t know how many cloud applications are being used in their organisation, while 39% say it is more than 10. 42% of respondents say lack of visibility into their cloud activities is a ‘significant’ concern.

Almost two thirds (62%) said they were worried about Internet of Things (IoT) devices in their environment – yet 45% added that they saw the benefits of IoT outweigh the risks. 43% of respondents said their company does not monitor IoT traffic at all – a finding which was described as ‘frightening’ by AlienVault – while 20% said they didn’t know what traffic was monitored.

“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way,” said Javvad Malik, AlienVault security advocate. “If data is misused, or inadequately protected, the consequences can be severe.”

Writing for this publication earlier this month, iland director of EMEA marketing Monica Brink argued that this was the year when IoT ‘moved up the agenda’ for business investment in cloud technologies. “IoT data tends to be heterogeneous and stored across multiple systems; as such, the market is calling for analytical tools that seamlessly connect to and combine all those cloud-hosted data sources, enabling businesses to explore and visualise any type of data stored anywhere in order to maximise the value of their IoT investment,” she wrote.

“It’s time for organisations to focus on what they do have control over – threat detection and incident response – and implement a unified solution that can monitor on-premises, cloud and hybrid environments,” added Malik. “Simplifying security in this way enables companies to immediately identify and respond to threats, and in today’s cybersecurity landscape, this is the best strategy to mitigate risk.”