Cloud computing has utterly transformed the IT industry, requiring organizations to make fundamental changes to how they design, deploy, manage and optimize their security strategy. Many organizations, however, are simply using the same security model they have relied on for over a decade in their traditional networks to the cloud. But true cloud security requires more than deploying isolated cloud-enabled network security tools to protect cloud-based resources.
The future is multi-cloud
According to research published by the IBM Institute for Business Value, 85% of enterprises already operate in multi-cloud environments, and by 2021, 98% of companies plan to use multiple clouds. And according to Rightscale’s 2018 State of the Cloud Report, organizations are typically running applications in 3.1 clouds, and are testing 1.7 more, with an average of 2.7 of those being public cloud environments.
And given the nature of the digital business, those clouds don’t operate in isolation. Instead, organizations are bridging their business processes, applications, and workflows across and between their physical networks, WAN-based branch offices, mobile workforce, and multiple cloud networks. The challenge is ensuring that data, workflows, and applications can move quickly and seamlessly across and between these different physical and virtual environments.
In such an environment, security cannot afford to function as a static and limited set of solutions. Instead, this new compute model requires creating a consistent security posture across all local and cloud-based resources so that policies and enforcement can follow and protect those communications.
Unfortunately, given the after-the-fact nature of most cloud security deployments, security policies are not being consistently enforced across a multi-cloud environment, especially when using a variety of tools from a variety of vendors. This can create challenges as workflows and applications move between different cloud environments, resulting in security gaps and blind spots that can be exploited.
Leveraging cloud-native controls and APIs
The cloud’s management interface is one of the threat vectors that organizations need to address as they move to the cloud. In fact, Gartner predicts that through 2022 at least 95% of cloud security failures will be the result of misconfiguration.
Furthermore, many organizations are trying to use traditional security tools to deal with cloud security. And many of these tools have limitations in their ability to secure the cloud platform, scale to cloud requirements, and operate at cloud speeds. That’s because many of these security tools were never truly optimized for the cloud but instead function as an overlay solution.
However, to meet the unique demands of a cloud environment, security tools need to natively integrate into the cloud. This enables them to run in the same elastic and distributed way that cloud applications run which is different from the way most traditional security tools function when operating as a cloud overlay solution.
Addressing this challenge, however, requires more than simply deploying those security tools to protect the infrastructure and application resources that have been placed there. Dedicated cloud security analytics and policy management tools also need to be put in place to provide organizations with the visibility and controls necessary for fully securing their public cloud infrastructures and the applications they have built in the cloud.
Such tools need to be deeply integrated into the cloud infrastructure through the use of cloud APIs. This enables security teams to collect critical cloud security information and then share those findings more effectively with DevOps teams so that security issues can be addressed and incorporated into ongoing cloud development.
However, given the fact that so many organizations now rely on a multi-cloud ecosystem, this intelligence not only needs to provide the state of security within a single cloud environment but also provide consistent compliance reporting across multiple clouds, enable streamlined and correlated incident investigation, and a provide a live, centralized cloud threat and heat map to provide real-time insight into the state of security across the entire cloud environment. And to be truly effective, this information needs to be able to be integrated into an organization’s central security management system or SOC.
To make this possible, cloud security management and analytics tools need to be able to leverage the public cloud API. This enables them to simultaneously monitor the activity and configurations of multiple cloud resources across regions and public cloud types. This level of consistent visibility enables such things as instant insight into regulatory compliance violations to enhance compliance with industry or government standards. They also empower threat and risk management tools to effectively trace misconfigurations to their source.
What you need to look for
An effective cloud security strategy needs to solve multiple cloud adoption challenges, from migrating applications and infrastructure to the cloud to building cloud-native applications or consuming SaaS applications. To make this happen, organizations most certainly need to leverage tools designed specifically for cloud security with cloud-native integration into the various cloud platforms being used.
However, these tools cannot function as independent or isolated security systems. They need to provide a centralized management capability that can not only span across a multi-cloud ecosystem but also tie back into the security policies across the rest of the infrastructure.
But to ensure true visibility and control, cloud security also requires the implementation of a cloud security policy management and analytics solution that is seamlessly integrated into the various cloud management systems. Tools such as a cloud access security brokers (CASB) typically delivered as SaaS applications and support multiple cloud environments by leveraging cloud management APIs, can then effectively monitor all activity, enforce security policies, monitor user activity, and warn security administrators and DevOps teams about potentially hazardous activity, regardless of where across the multi-cloud ecosystem they happen to occur.