Organizations today are not only aggressively moving many of their workloads to the cloud, but many of them are doing so using a multi-cloud model. They leverage one provider for specific functionality and another for location or for cost. At the same time, critical data is being distributed and processed across a variety of additional cloud-based applications and services. Nearly all of them have some sort of a private cloud as well, with nearly half using multiple hypervisors to manage those environments.
Complicating things further, data, resources, and workflows moving across these hybrid environments are not only being accessed, but are also managed using a wide range of applications running on highly mobile devices, from corporate-owned assets like laptops and PCs to personal smartphones.
This is all part of the digital transformation that is allowing organizations to not only be more elastic to the changing demands of their customers and employees, but to those of the data itself. Time to respond is essential, and it requires constant data tending.
Organizations looking to secure a multi-cloud environment need to consider the following four challenges.
Organizations understand that security needs to be applied at every stage along the potential attack surface. But because many organizations deploy their multi-cloud infrastructure in an organic manner, security is often deployed on a per-project basis. This often leads to solution sprawl, with multiple devices being managed across separate consoles. This makes it difficult to correlate threat intelligence, centralize visibility across the extended threat landscape, orchestrate a threat response, or consistently apply and enforce security policies or protocols.
Given the need to respond immediately to user demands, organizations are increasingly relying on automation to accelerate decision-making. At the same time, billions of connected Internet of Things (IoT) devices and Software-as-a-Service (SaaS) applications running at higher throughputs have increased the volume of data that needs protection. To complicate matters further, more than half of that traffic is also encrypted. The challenge is that CPU-intensive SSL inspection at scale drives many security devices to their knees. But in such an environment, where success is often measured in microseconds, businesses cannot afford for security to become a bottleneck. Thus a growing percentage of data is simply not being inspected or secured.
The power of a cloud-based business environment lies in its scalability and elasticity. Compute resources can be added almost infinitely to address shifts and spikes in data and workload processing demands, and data can be rerouted dynamically to meet user and resource demands. Data routes are not only asynchronous; they can change instantly in unpredictable ways. For many security solutions, however, data predictability is important. In a complex, asynchronous environment, it can be easy for an isolated security device to lose track of data streams and packets, making enforcement difficult if not impossible.
Cybercriminals understand that the complexity of multi-cloud environments makes it difficult to detect and track sophisticated attacks. They are counting on the fact that different security devices can’t see or talk to each other. This allows them to exploit the seams and gaps that exist between different network segments and environments, and then move undetected across the extended network using evasion techniques that allow them to mimic authorized traffic.
It can be virtually impossible to adequately secure a dynamic and highly elastic multi-cloud environment using traditional security solutions and strategies. Isolated devices designed for traditional network edge environments with predictable data flows and performance requirements are simply not up to the job. Instead, today’s digital environments require an integrated, fabric-based approach to security – to make the “virtually impossible,” possible.
This starts with selecting security devices and solutions designed to operate effectively at the speed that today’s networks require. Threat protection and performance needs to be measured with all essential functions turned on, including advanced firewalls, application controls, intrusion prevention (IPS), antivirus/anti-malware, zero-day detection/sandboxing, and SSL inspection. Because different manufacturers use different standards and methodologies to promote their technologies, comparison shopping can be difficult. This is where test results from reputable third-party labs can become especially helpful.
Security technologies deployed across the network need to be able to share the threat intelligence they gather. Naturally, tools such as next-gen firewalls (NGFW), web application firewalls (WAF), internal segmentation firewalls (ISFW), antivirus and antimalware (AV), and advanced threat protection (ATP) may need to be deployed separately at different places in the network and in a variety of form factors.
However, to be truly effective, these all need to automatically correlate intelligence and coordinate an effective response to any threat detected anywhere across the distributed network.
Centralized visibility, orchestration, and control are the lifeblood of any effective security strategy. We must select technologies that not only work together to provide a holistic view, but that are also capable of taking action on the shared threat data and reporting on these threats, along with implementing any security enforcement changes. Because of the speeds at which cyberthreats can compromise a system, data correlation across solutions also needs to be as automated as possible. For enterprises, security operation center (SOC) teams, and managed security service providers (MSSPs), the inclusion of integrated SIEM (security, information, and event management) technologies will bolster their ability to detect advanced threats, prioritize indicators of compromise, and automate a collective response.
Finally, security solutions need to be network-savvy. They need to understand dynamic workflows and hypervisors, be able to address on-demand changes in resources, including shadow IT, and dynamically adapt security policies and protocols to these highly elastic attack surfaces. By working together in a coordinated fashion, integrated security tools are also able to track and secure traffic even as it moves between and across multi-cloud domains.
The digital transformation driving the adoption of multi-cloud networks requires an equivalent security transformation. Organizations need to start now by implementing a fabric-based security framework that enables organizations to secure their data, workflows, and resources while meeting the performance, scalability, and complexity challenges of these ever-evolving multi-cloud environments.
This byline originally appeared in SDxCentral.
Read about Fortinet customers who have transitioned to the cloud and maintained control.
Download our paper on securing dynamic cloud environments.