What insight do information security professionals share in their cloud security reviews?
How do users' software of choice serve their company's IT infrastructure monitoring needs? Which of their pain points are addressed? Which monitoring features could be improved, and how so?
As the cloud security landscape evolves and introduces new challenges to IT professionals, software reviews written by real users provide first-hand experience of how these cloud solutions impact the security needs of businesses.
Monitoring AWS Accounts
When asked to describe some of Evident.io’s valuable features, an IT Security Manager at a comms service provider with 1,001-5,000 employees shares:
“The ability to audit each AWS account at a high level so we can see critical vulnerabilities that might otherwise be overlooked. The granular approach helps me to drill down and deal with each alert properly and individually.”
Securing AWS Accounts
A Supervisor Architecture & Infrastructure Platform Delivery at a recruiting/HR firm with 10,001+ employees writes about how Evident.io has improved his company’s security processes:
“The ability to scan our AWS accounts to understand what is not in alignment with best practices is huge for us...This improves our overall security process to an acceptable level.
We are building out new AWS accounts that are secured from the beginning instead of fixing problems as they are detected. This ensures that everything is consistent and secure from the beginning. Previously, we had to wait until our security team identified a problem.”
IT Security professional at a comms service provider with 1,001-5,000 employees suggests that improvements be made to the PCI auditing capabilities:
“I would like to see integration of PCI audits into the dashboard. That would help greatly in passing our PCI audits for AWS in an easy-to-view method.
I would also like the ability to integrate Evident with AWS in such a way that we could make basic changes to the AWS environments based on security alerts. For example, the ability to lock down unsecured security groups, apply PW policies, and rotate IAM keys.”
A Supervisor of Architecture and Infrastructure Platform Delivery at a recruiting/HR firm with 10,001+ employees adds that “This product needs to focus on real-time analysis. Currently, it only focuses on configuration settings. Giving us the ability to analyze CloudTrail results would enable us to take security to the next level.”
Powerful Query Options
A Senior Information Security Analyst at a financial services firm with 1,001-5,000 employees discusses OpenDNS’s powerful query options:
“The various powerful query options are the most valuable features of this product to me. Using the Investigate API, we can gather the detailed history of a domain, whois information, DNS records, etc. All of this information helps us determine whether a domain is malicious or not.”
Oleg Simonov, Cloud Solutions Architect at a hospitality company with 1,001-5,000 employees, praises OpenDNS for how it “transparently protects users from rogue websites”;
“OpenDNS filters DNS query/reply without any software to be installed on the client side, so in my mind, the transparency I was talking about relates to:
No changes on the client side required, i.e. software or configuration changes;
The complete communication is not proxied as such, only DNS query/response filtered.”
Eric Witham, Vice President of Information Technology at a Consumer Goods with 1,001-5,000 employees, suggests that OpenDNS’s network security capabilities be improved:
“One thing I can mention is network security. There's no real mention about the potential of malware & virus protection for locations that we are using OpenDNS on. In certain areas, we only have a few people on-site and there’s no real need for a firewall at that point.”
Box API Access with DLP Capabilities
A Cyber Security Engineer at a recruiting/HR firm with 51-200 employees shares how his organization benefits from Skyhigh’s Box API integration:
“Our organization is moving much of its non-sensitive data to Box and we needed the ability to have full visibility into what was occurring within the Box infrastructure.
With the Skyhigh to Box API integration, we can not only see everything that occurs but we can set up many DLP policies to block or monitor what is occurring in Box.
You can also run a custom DLP query against your Box infrastructure to look for specific DLP issues that may have been created since the older data was loaded.”
Shadow IT Capabilities
Spencer Jackson, Cyber Security Analyst at a tech services company, describes Skyhigh’s shadow IT capabilities and cloud risk registry as “the two most helpful tools for our organization”;
Jackson elaborates that “We are able to see what cloud services are being used with much more clarity than with our proxies and more importantly identify that we are using many cloud services we were not aware were even cloud services. Especially collaboration services.
The cloud risk registry has been great for getting a quick and clearer understanding of the risk of proposed services that we are looking at allowing. Previously, we were paying for expensive industry reports.”
Paul Dumbleton, Manager of Infrastructure Security Engineering at a pharma/biotech company with 1,001-5,000 employees, suggests that improvements be made to Skyhigh’s console performance:
“The console performance is sometimes slow, meaning that switch screens or generating reports can sometimes feel sluggish. Data and graphics take time to load in the browser, and also performance can depend on which browser you are using.”
Dumbleton also finds that Skyhigh’s custom attributes capabilities need UI-related improvements.
He explains that his company uses these attributes “to identify and record details of our own interactions with the cloud service to show which are reviewed, which services are approved, blocked, sanctioned, etc…
Entering information into these custom fields requires you to confirm changes for each field individually, a UI improvement could be to add a save or update button to the site instead of doing each field individually.”
Application Discovery & Control Feature
An IT Security Specialist at a financial services firm with 1,001-5,000 employees has seen particular value added by CloudLock’s Application Discovery & Control feature;
“We use the Application Discovery & Control feature. With Google’s G Suite, it is very easy for a user to give full control of their Google data to a third party.
For example, when Pokémon Go was first released, it gave the vendor full access to do anything with a user’s Google account and to act as the user. In the wrong hands, this access is far worse than compromised passwords or any standard breach.
With RegEx-based reporting on Google Drive data, we can report any inappropriate or privileged data that should not be stored in Google.”
Scope of Application
A Principal at a tech company with 51-200 employees discusses the need for CloudLock to “increase its scope of application”:
“CloudLock’s security consists of eight core security services including content analysis, context analysis, user behavior monitoring, policy automation, central auditing, incident management, encryption management, and security analytics. We have been using it in Google App for work purposes. It depends on API-based, cloud-to-cloud integration.
The API availability from CSP limits their option to integrate and scope for expansion, especially since the cloud service provider’s ecosystem has been growing very fast. I would recommend taking a different approach to integration which is similar to the SkyHigh or Splunk software.”
What else do users share about their experiences with monitoring their IT infrastructure and controls?