For enterprises, the very real benefits of moving applications to the cloud also come with significant challenges. Whether they are using the public cloud, a private cloud or, as is often the case, a hybrid of the two, it’s necessary to optimize application performance to get the full benefits of cloud technology and enable a better business model. Just as importantly, though, you must be able to secure your people and your information as they traverse your network, from on-premises to the cloud and back, and you must be able to secure that distributed environment from attacks.
There are many types of public cloud services, with the primary categories including infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS). Increasingly, enterprises are adopting a hybrid cloud environment where, on top of their private cloud, they have deployed applications and data across multiple IaaS/PaaS/SaaS public clouds – creating a multidimensional cloud ecosystem. In this environment, applications and data are extremely flexible, dynamic, and agile. Resources can be consumed by different cloud-based solutions and applications, and data is often shared and migrated between these clouds. Securing those environments and the data traveling through them is extremely important, but it can also be extremely challenging.
When evaluating a cloud security solution, there are a few general questions to start with:
Is it scalable? A comprehensive security strategy must be elastic in both depth (performance and deep inspection) and breadth (end-to-end).
Is it really secure? The different tools that protect your network need to work together, as an integrated system, with network-wide visibility and control.
Is it actionable? You need continuously updated threat intelligence and centralized orchestration that allows security to dynamically adapt as new threats are discovered.
How open is it? Well-defined, open APIs allow technology partners to become part of your security fabric — helping to maximize investments while dynamically adapting to changes.
Is it aware? You need to not only track how data flows in and out of your network, but also how it moves within the perimeter and who has access to it.
To maintain a strong security posture in today’s dynamic and fast-paced environments, an enterprise must implement a system that is:
Cloud computing enables rapid development and delivery of highly scalable applications. Security needs to be equally elastic to scale with the cloud infrastructure itself and to provide transparent protection without slowing down the business.
Today’s cloud environments require both physical firewalls for private clouds and virtual firewalls for public clouds, to provide not only north-south protection but east-west as well. Working together, your security has to be able to protect your data as it travels throughout your multicloud ecosystem and also protect that environment from attacks coming in and data being taken out.
Powerful, high-performance firewalls and network security appliances need to scale vertically to meet volume and performance demands, and laterally to seamlessly track and secure data from Internet of Things (IoT)/endpoints, across the distributed network/data center, and into the cloud.
Finally, you need a hypervisor that is advanced enough to give you a single control center from which to deploy and manage all your virtualized services – one that has the power, storage, and memory to produce optimal compute, network, and security performance.
With the IT efficiencies gained by pooling resources (e.g., compute, storage, network) through technologies such as virtualization and software-defined networking (SDN), cloud environments have become increasingly aggregated – to the point where entire data centers can be consolidated. If a hacker or advanced threat breaches the cloud perimeter via a single vulnerable application, however, there’s typically little to protect critical assets within the flat and open internal network. To minimize that serious potential for damage and loss, organizations need to isolate business units and applications. Networks need to be intelligently segmented into functional security zones to control east-west traffic.
End-to-end segmentation provides deep visibility into traffic that moves east-west across the distributed network, limits the spread of malware, and allows for the identification and quarantining of infected devices. A robust end-to-end segmentation strategy includes internal segmentation firewalling across data centers, campuses, and branch offices.
Solutions should also be built on an extensible platform with programmatic application program interfaces (APIs) (REST and JSON) and other interfaces to integrate with hypervisors, SDN controllers, cloud management, orchestration tools, and software-defined data centers and clouds. This enables security that dynamically adapts to the evolving network architecture and the changing threat landscape.
Being able to connect all your security devices—even those from different vendors—allows you to optimize your security investments, reduce visibility and enforcement gaps that attackers exploit, and streamline your security operations and incident response.
In addition to scalability and segmentation, your underlying security infrastructure should offer automatic awareness of dynamic changes in the cloud environment to provide seamless protection. It’s not enough to detect bad traffic or block malware using discrete security devices. Security should be integrated into security information and event management (SIEM) and other analytics in private and public clouds, providing the ability to orchestrate changes to security policy/posture automatically in response to incidents and events. Individual elements need to work together as an integrated security system with true visibility and control.
With these very complex, diverse environments, it becomes increasingly difficult for a human to make decisions intelligently, taking all the variables into consideration, and quickly enough to keep up with threats. Automating security is the goal. What you need is a feedback loop, with tools that are continually monitoring network traffic automatically. Ideally, this loop goes from your firewall to your advanced threat protection tools like a sandbox to your SIEM system. Your firewall takes logs of network traffic and sends them to the sandbox, which examines the data and sends anything questionable to the SIEM . If the SIEM decides it doesn’t trust that data, it then tells the firewall to mitigate that type of traffic.
This is where threat intelligence is extremely important. To automate security effectively, you must have the most up-to-date threat intelligence that keeps up with how quickly threats are evolving. It’s about being able to know what traffic you want to let into your network and what you don’t.
So, what is the future for automation? The goal is for your security system to be learning on the fly at some point, without human intervention. This means that to be really good at security, you will eventually need to start introducing AI. Security simply can’t happen as close to real time with user intervention as it can with automation. The question is, then: How do you take automation further? How do you make learning happen without human intervention? Because that’s the only way it’s going to be possible to protect the network in the future.
When designing security for today’s borderless, dynamic, highly-distributed networks, enterprises need to look at security not as a platform, but as a fabric that ties everything together. A security fabric woven through your entire complex network, including the cloud, gives you a single pane of glass to view devices and events and allows you to share information, integrate your different security solutions, and automate actions in response to threats.
How much you automate, how much you trust to the machines, will change over time. But automation is absolutely essential to be able to keep up with today’s fast-changing threat environment. A truly effective security solution for today’s enterprise must be flexible, powerful, and truly integrated to help organizations embrace the benefits of an evolving infrastructure while anticipating and responding to both current and emerging threats.
This blog post orginally appeared in SDxCentral.