Using the cloud to protect the cloud

Security solution offers single place to get holistic view of threats across multiple environments

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Busi­ness­es are increas­ing­ly mov­ing data through cloud-based archi­tec­tures to take advan­tage of the economies of scale they pro­vide. One study esti­mates that 60 per­cent of enter­prise work­loads will run in the cloud by 2018, and that 38 per­cent of enter­pris­es already have adopt­ed a cloud-first policy.

While this helps orga­ni­za­tions extend and scale their IT resources for geo­graph­ic expan­sion, acqui­si­tions and oth­er growth mile­stones, it also widens their IT secu­ri­ty gap.

Cloud vis­i­bil­i­ty challenge

Indeed, the state of cloud secu­ri­ty has matured con­sid­er­ably, but vis­i­bil­i­ty into cloud activ­i­ty is the No. 1 cloud secu­ri­ty prob­lem today. The extent of a secu­ri­ty team’s vis­i­bil­i­ty into net­work activ­i­ty in the cloud typ­i­cal­ly con­sists of a few flow logs or infra­struc­ture access con­trol logs from a cloud ser­vice provider.

Relat­ed pod­cast: Redefin­ing the net­work perime­ter for the cloud age

Mov­ing tra­di­tion­al secu­ri­ty to the cloud can work in a lim­it­ed num­ber of cas­es, but it requires sig­nif­i­cant re-archi­tec­ture, design changes and often a net loss of secu­ri­ty func­tion­al­i­ty. Secu­ri­ty should not be the thing that an orga­ni­za­tion gives up to ben­e­fit from the economies of scale and pro­duc­tiv­i­ty enabled by the cloud. Let’s look at the chal­lenges first.

Orga­ni­za­tions lever­ag­ing pub­lic cloud ser­vices need secu­ri­ty pol­i­cy and enforce­ment con­trols includ­ing priv­i­leged access, authen­ti­ca­tion and autho­riza­tion. Cloud Access Secu­ri­ty Bro­ker prod­ucts address some of these require­ments, but they lack a true view into an organization’s net­work traf­fic on a pub­lic cloud.

Old solu­tions don’t work

The tra­di­tion­al, appli­ance-based prod­ucts that secu­ri­ty teams have deployed at the perime­ter of their net­work to detect threats won’t get the job done out-of-the box in the cloud. These prod­ucts can scan inbound traf­fic but once data trav­els to or from the cloud, tra­di­tion­al secu­ri­ty los­es sight of it.

Fur­ther­more, ana­lyz­ing traf­fic in a tra­di­tion­al enter­prise net­work is fun­da­men­tal­ly dif­fer­ent from doing so in the cloud, whether it’s pub­lic or pri­vate. In a tra­di­tion­al enter­prise net­work, it is rel­a­tive­ly easy to mon­i­tor and ana­lyze net­work seg­ments owned by the orga­ni­za­tion. Secu­ri­ty ana­lysts might have access to traf­fic record­ing devices with full pack­et cap­ture, or full con­tent data.

This data con­tains all of the raw traf­fic flow­ing between com­put­ers and devices on the net­work and oth­er des­ti­na­tions, yield­ing high­ly gran­u­lar vis­i­bil­i­ty into the traf­fic. In the cloud, some­one oth­er than the enter­prise often owns the net­work and traf­fic instead flows through dynam­ic, vir­tu­al serv­er environments.

Infi­nite space is dou­ble-edged sword

In these envi­ron­ments, change is con­tin­u­ous and it is not uncom­mon for work­loads and infra­struc­ture to change mil­lions of times per day. Plus, one of the cloud’s great­est benefits—its lim­it­less capacity—also is a secu­ri­ty chal­lenge. Being able to con­sume mas­sive amounts of data means also hav­ing to mon­i­tor it.

The answer to secur­ing the cloud is the cloud. Mod­ern solu­tions lever­age sen­sors that can be placed wher­ev­er busi­ness work­loads flow regard­less of the under­ly­ing own­er of the net­work. Secu­ri­ty ana­lysts now can uni­fy their analy­sis of cloud and on-premis­es infra­struc­ture in a sin­gle view.

This cloud-based approach also makes it pos­si­ble for enter­pris­es to pur­sue a sin­gle, uni­fied strat­e­gy for secur­ing oper­a­tions across tra­di­tion­al, cloud and indus­tri­al con­trol sys­tems envi­ron­ments. Orga­ni­za­tions of all sizes can ben­e­fit from the uncom­pro­mised vis­i­bil­i­ty, detec­tion and inci­dent response capa­bil­i­ties enabled from this holis­tic view of security.

More sto­ries relat­ed to cloud security:
Busi­ness­es must remem­ber shared cloud secu­ri­ty requires shared responsibility
Be selec­tive about what data you store and access from the cloud
6 tips to avoid a cloud secu­ri­ty hor­ror story