All posts by liorcohen

Securing distributed clouds with an integrated approach: A guide

As digital innovation and resulting transformation increase, organisations also face the rise of traffic volumes from end user and IoT devices, SaaS applications and data from employees, consumers, and partners. As a result, many big data and large-scale applications simply outpace the centralised data centre infrastructure and the IT teams who have to manage and maintain distributed clouds.

New hybrid designs allow applications and compute to adjust to growth and sudden surges in traffic levels by extending storage and compute resources to the public cloud in order to scale on demand. Leveraging a hybrid approach can help DevOps teams through their rapid experimentation processes and enterprises can accelerate the prototyping of applications and services since critical resources can be provisioned on the fly.

A hybrid approach also provides greater agility for business-critical workflows that cross thousands of services, provides better support for advanced applications, and optimises communication patterns to shorten round trips between essential data and compute resources – all with a fraction of the manpower required for legacy data centre environments.

The challenge is that because today’s applications and data exist across on-premises, co-located, private, and multiple public clouds, organisations that own these applications and data are increasingly vulnerable to attacks that target their expanding attack surface. To address these risks, many IT leaders often try to bolt on individual point security solutions to patch the resulting defensive gaps while also trying to cover evolving regulatory compliance requirements.

Unfortunately, such a piecemeal approach simply cannot address the diversity of the compute infrastructure and full spectrum of vulnerabilities being introduced. Instead, IT leaders require an integrated security strategy that includes deeply integrated solutions with advanced capabilities designed to span and protect today’s hybrid IT environments. All without compromising the speed, scalability, or functionality that today’s applications require.

Three key elements of network and security integration

To address the expanding attack surface, network and security teams must integrate security across all parts of their hybrid IT environments. These tools not only need to function as native solutions on whatever platform they are deployed, but they also need to work seamlessly between different environments to ensure three critical functions:

Visibility: Hybrid IT environments render a mix of disparate tools each offering different level of visibility and different management systems causing major challenges to assess risks, trace security and performance issues, achieve compliance and more. This is why organisations need a consistent underlying security management platform interconnecting the distributed environments, enabling consistent visibility and management across the entire distributed cloud environment. This also better supports troubleshooting, consistent policy enforcement and other cloud operations.

Scalability: As workloads increasingly spread out across the hybrid IT infrastructure, security requirements should follow suit. In order to do so, security solutions must exhibit the same level of elasticity, scalability and resilience as the cloud so they can keep up with application demand. As hybrid IT environments expand and diversify, security solutions should be integrated into the underlying infrastructure operations in order to ensure continuous reliability and business continuity.

Automation and orchestration: An integrated security architecture must also leverage the power of automation across the hybrid cloud infrastructure. This requires individual network and security components to not only communicate with each other, but also support consistent operational attributes and APIs in order to support the provisioning of consistent policy enforcement as data and workflows move from one environment to the next. An integrated security architecture must also consist of real-time management and provisioning of application and workflow classifications and enforcement policies across multiple virtual, WAN, or cloud environments.

At the same time, intelligent networking protocols need to be combined with automated security responses and accelerated management features to shrink the windows of risk exposure and reduce staff workflow burdens, human errors, and operating expenses (OpEx). Where possible, the management and orchestration of these automated networking and security functions don’t just need to be centralised, but fully integrated into a single-pane-of-glass management to ensure that configurations and policies are consistent and reliable across the distributed environments.

Dynamic cloud security requires new standards for integration

As data and the delineation between private public and hybrid cloud blurs, organisations need to evolve towards a distributed cloud security strategy. An organisation’s attack surface will naturally expand, adding new risks and complexities that can often overwhelm limited resources and budgets.

Far too often, to meet the demand for increasing levels of compute performance, cloud security operators end up compromising security to meet user demands for performance. This is almost always the result of a security strategy that does not realise the dynamic nature of distributed cloud infrastructures. What is needed is a strategy and security solutions that are designed to operate at scale across a heterogenous environment.

In the face of increasingly sophisticated cyber threats and the growing cybersecurity skills gap, it’s time for organisations to revisit their plans for securing their distributed cloud infrastructure. To deliver both security and agility, especially across diverse computing environments, IT leaders must embrace an integrated security architecture strategy based around the principles of dynamic cloud security, combined with an integrated security platform designed to deliver agility, resiliency, scalability and automation.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

How leveraging APIs will help to enable comprehensive cloud security

Cloud computing has utterly transformed the IT industry, requiring organisations to make fundamental changes to how they design, deploy, manage and optimise their security strategy. Many organisations, however, are simply using the same security model they have relied on for over a decade in their traditional networks to the cloud. But true cloud security requires more than deploying isolated cloud-enabled network security tools to protect cloud-based resources.

The future is multi-cloud

According to research published by the IBM Institute for Business Value, 85% of enterprises already operate in multi-cloud environments, and by 2021, 98% of companies plan to use multiple clouds. And according to Rightscale’s 2018 State of the Cloud Report, organisations are typically running applications in 3.1 clouds, and are testing 1.7 more, with an average of 2.7 of those being public cloud environments.

And given the nature of digital business, those clouds don’t operate in isolation. Instead, organisations are bridging their business processes, applications, and workflows across and between their physical networks, WAN-based branch offices, mobile workforce, and multiple cloud networks. The challenge is ensuring that data, workflows, and applications can move quickly and seamlessly across and between these different physical and virtual environments.

In such an environment, security cannot afford to function as a static and limited set of solutions. Instead, this new compute model requires creating a consistent security posture across all local and cloud-based resources, so that policies and enforcement can follow and protect those communications.

Unfortunately, given the after-the-fact nature of most cloud security deployments, security policies are not being consistently enforced across a multi-cloud environment, especially when using a variety of tools from a variety of vendors. This can create challenges as workflows and applications move between different cloud environments, resulting in security gaps and blind spots that can be exploited.

Leveraging cloud native controls and APIs

The cloud’s management interface is one of the threat vectors that organisations need to address as they move to the cloud. In fact, Gartner predicts that through 2022 at least 95% of cloud security failures will be the result of misconfiguration.

Furthermore, many organisations are trying to use traditional security tools to deal with cloud security. And many of these tools have limitations in their ability to secure the cloud platform, scale to cloud requirements, and operate at cloud speeds. That’s because many of these security tools were never truly optimised for the cloud, but instead function as an overlay solution.

However, to meet the unique demands of a cloud environment, security tools need to natively integrate into the cloud. This enables them to run in the same elastic and distributed way that cloud applications run which is different from the way most traditional security tools function when operating as a cloud overlay solution.

Addressing this challenge, however, requires more than simply deploying those security tools to protect the infrastructure and application resources that have been placed there. Dedicated cloud security analytics and policy management tools also need to be put in place to provide organisations with the visibility and controls necessary for fully securing their public cloud infrastructures and the applications they have built in the cloud.

Such tools need to be deeply integrated into the cloud infrastructure through the use of the cloud APIs. This enables security teams to collect critical cloud security information and then share those findings more effectively with DevOps teams so that security issues can be addressed and incorporated into ongoing cloud development.

However, given the fact that so many organisations now rely on a multi-cloud ecosystem, this intelligence not only needs to provide the state of security within a single cloud environment, but also provide consistent compliance reporting across multiple clouds, enable streamlined and correlated incident investigation, and a provide a live, centralised cloud threat and heat map to provide real-time insight into the state of security across the entire cloud environment. And to be truly effective, this information needs to be able to be integrated into an organisation’s central security management system or SOC.

To make this possible, cloud security management and analytics tools need to be able leverage the public cloud API. This enables them to simultaneously monitor the activity and configurations of multiple cloud resources across regions and public cloud types. This level of consistent visibility enables such things as instant insight into regulatory compliance violations to enhance compliance with industry or government standards. They also empower threat and risk management tools to effectively trace misconfigurations to their source.

What you need to look for

An effective cloud security strategy needs to solve multiple cloud adoption challenges, from migrating applications and infrastructure to the cloud to building cloud native applications or consuming SaaS applications. To make this happen, organisations most certainly need to leverage tools designed specifically for cloud security with cloud native integration into the various cloud platforms being used.

However, these tools cannot function as independent or isolated security systems. They need to provide a centralised management capability that can not only span across a multi-cloud ecosystem, but also tie back into the security policies across the rest of the infrastructure.

But to ensure true visibility and control, cloud security also requires the implementation of a cloud security policy management and analytics solution that is seamlessly integrated into the various cloud management systems. Tools such as a cloud access security brokers (CASB) typically delivered as SaaS applications and support multiple cloud environments by leveraging cloud management APIs, can then effectively monitor all activity, enforce security policies, monitor user activity, and warn security administrators and DevOps teams about potentially hazardous activity, regardless of where across the multi-cloud ecosystem they happen to occur.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Addressing cloud sprawl: Combining security best practices with business foundations

The rate of cloud adoption has been nothing short of remarkable. According to IDG, 90% of organisations will have some portion of their applications or infrastructure running in the cloud this year, with the rest expected to follow suit by 2021. And while most organisations currently run more than half (53%) of their business on traditional networks, IDG also predicts that this will drop to less than a third (31%) within the next year or so.

The largest segment of the cloud market is IaaS. Forrester forecasts that the six largest public cloud providers (Alibaba, AWS, Azure, Google, IBM, and Oracle) will only grow larger in 2019, while Goldman-Sachs also predicts that they will consolidate IaaS, controlling 84% of the market within the next year.

However, while IaaS and PaaS are starting to consolidate, they are only part of the cloud phenomenon. Cloud-based storage and SaaS are markets that are also growing rapidly, and nearly every organisation on the planet participates in one or more of these whether they know it or not. In addition to big SaaS players like Salesforce, according to Gartner, shadow IT now represents 30 to 40 percent of IT spending in large enterprises.

The security challenge of cloud sprawl

For many organisations, the lure of the freedom and flexibility of the cloud has caused them to adopt and deploy solutions before they have put a comprehensive security strategy in place. In fact, the majority of cloud-based spending in organisations bypasses the CIO, as lines of business are increasingly making decisions for implementing some form of cloud solution within an organisation. According to IDG, 42% of organisations now have a multi-cloud deployment in place. And yet, most organisations do not have a unified system in place for monitoring, managing, or securing these resources.

Failing to address the security challenges of cloud sprawl puts your organisation at risk. For example, Gartner predicts that by 2020 a third of successful attacks experienced by enterprises will be on their Shadow IT resources. Getting out in front of this challenge requires security teams to develop a two-pronged campaign that focuses on human intervention and the adoption of new technologies.

The human approach

Security leaders need to lead an internal PR campaign that educates leaders and users alike on the risks associated with freewheeling cloud adoption. The CIO and his leadership staff need to regularly meet with board members, C-suite leaders, and directors of lines of business to engage in business strategies that include the adoption of cloud services. The challenge is to establish yourselves as enablers rather than someone looking to restrict business opportunities.

Individuals and groups looking to adopt new cloud services usually have very good reasons for doing so, and your job is to help them get to yes without putting the organisation at risk. This involves understanding their requirements and objectives, informing them of the range of solutions already available or that can be easily integrated into your existing IT strategy, and educating them about risks that could negate any business advantages. This requires a lot of listening, trust building, and diplomacy—all soft skills that today’s security leadership team needs to possess.

The technical approach

In addition to working directly with business decision makers, there are a range of solutions that organisations need to put in place to control the security issues arising from cloud sprawl.

  • Integrate your security tools: The most essential, baseline components are having a security policy in place that covers cloud, and having security tools in place that enable you to see, control, and respond to security threats even as the network they are defending evolves. Broad deployment, deep integration, centralised management and orchestration, and coordinated threat response needs to span the entire network—including those cloud elements of which you may not even be aware
     
  • Leverage native cloud controls: Bolting a security solution onto a cloud environment does not ensure that protections will be sufficient or consistent. Look for security solutions that are fully integrated into the cloud environments and that use native controls to manage and secure cloud data and transaction
     
  • Integrate cloud security using connectors: Security features and functions do not always operate consistently in different cloud environments. This can leave gaps in coverage and critical blind spots that cybercriminals can exploit. Cloud connectors designed specifically for each of the different IaaS vendors enable organisations to quickly and easily deploy cloud-based security solutions that can ensure consistent visibility and control across a multi-cloud deployment
     
  • Implement logical (intent-based) segmentation: Secure segmentation solutions allow you to isolate resources and transactions based on a wide range of parameters, and include a range of segmentation approaches, including VLAN-like segments, micro-segmentation, and emerging macro-segmentation. Ideally, segmentation should allow you to dynamically establish a secure environment for a variety of use cases, and that can span from the originating devices—whether servers, mobile applications, or IoT—across the distributed network, including multi-cloud environments. In the cloud the traditional network constructs don’t necessarily exist – and there is a need to leverage cloud resources information and meta-data in order to associate policy with the application builder intent
     
  • Establish strong access controls: Any device, application, transaction, or workflow looking to interact with cloud infrastructures and applications needs to be analysed, processed, secured, and monitored. Recent advances in Network Access Control provide an extra layer of security without unnecessary overhead to secure the network and resources from transactions that need to join or move laterally across the network
     
  • Deploy a CASB solution: Cloud access security brokers (CASB) provide visibility, compliance, data security, and threat protection for any cloud-based services being used by an organisation—including the discovery of Shadow IT. A CASB solution should be able to provide insights into resources, users, behaviors, and data stored in the cloud, as well as advanced controls to extend security policies from within the network perimeter to IaaS resources and SaaS applications

Cloud computing based networking is utterly transforming how organisations operate and conduct business. But without comprehensive security policies and solutions in place, combined with a corporate climate committed to proactively protecting cloud-based assets and organisational resources, cloud adoption can introduce more risk and overhead than most IT teams can absorb.

To address this growing challenge, security leadership teams, beginning with the CIO, need to start now to foster a climate of business-focused enablement across the organisation, combined with an integrated security foundation that enables rapid and automated policy enforcement anywhere across the distributed network.

Read more: Gartner's latest Magic Quadrant shows the need for cloud access security brokers going forward

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.