Securing today’s increasingly complex multi-cloud environments requires much more than simply having a security platform available on a particular infrastructure.
For the last several years, one of the hallmarks of digital transformation has been the market’s rapid transition to the cloud, from applications and services to complete infrastructures. But a growing number of organizations have begun to pull away from that trend, primarily because of security concerns.
The rapid adoption of new technologies almost always introduces challenges for which enterprises haven’t adequately prepared. The security challenges of vulnerable IoT devices is an excellent example. In the case of cloud adoption, there are two critical concerns. First, because market demands forced many organizations to move too quickly, their cloud adoption strategy wasn’t always planned as well as it might have been. As a result, many organizations now find themselves with a complex cloud-based environment that has become too expensive to manage, maintain and secure.
Second, because each cloud environment is unique, organizations are also challenged to deploy consistent security across them. Part of the problem is that not all vendors they have previously been using have a security solution available for the various cloud platforms organization’s want to adopt. Even for those vendors that do, their security solutions aren’t always equivalent when deployed in different environments.
Of course, enterprises unfamiliar with cloud-specific security capabilities often don’t have the internal resources necessary to come up to speed to properly evaluate such things as cross-platform solution integration, consistency in features and functionality, and unified management. As a result, organizations are facing administrative overhead challenges when it comes to security policy orchestration, enforcement, and management across multiple clouds. But that is only part of the problem. The lack of solution consistency has also required organizations to re-architect critical applications, forcing them to neglect security once they realize that things don’t always work or, at the least, aren’t supported in the public cloud in the same way they work in their physical or private cloud environment.
There are three primary requirements for organizations to adopt and transition to multi-cloud environments securely.
The first requirement is for security solutions to integrate seamlessly across the different cloud platforms on which they are deployed. Because cloud environments don’t exist in a vacuum, organizations need to be able to implement seamless network security solutions across complex, multi-cloud networks. In such environments, it is expected that the security solutions integrate into the native services offered in the cloud such as auto-scaling, high availability, and automation scripting. This is similar to how an on-premises device is expected to integrate with Ethernet ports. Integration is important as these capabilities are expected to be similarly available across multiple public clouds, private clouds, SD-WAN, and traditional data center and branch networks using a common set of tools that can interoperate to detect, prevent and respond to threats.
At the same time, since security is as strong as its weakest link, and since security management personnel availability is limited, organizations require consistent security capabilities and functionality across different platforms. They need the same capabilities that exist on their on-premises solutions to be available on the web, cloud, or SD-WAN/branch versions of these tools. Only then can they implement consistent security policies for regulation compliance, ad hoc patching of applications, and protection against zero-day vulnerabilities to all applications, regardless of deployment mode. This consistency needs to apply various levels of security functionality from next-generation perimeter firewalls, internal segmentation, web application firewalls, VPN gateways, sandboxes, and all the way to IPS solutions.
The third requirement is a single management tier to manage security across all environments uniformly. IT teams need to be able to manage their distributed security infrastructure without having to touch every device that they have deployed and become experts in each of the technologies that are used in different clouds. Instead, they need to be able to simply define one policy that can be distributed, implemented, and enforced in the same way, regardless of where it has been applied.
A logical network segmentation policy, for example, that ensures that web applications can only be accessed by devices or users over SSL needs the ability to be automatically applied across multi-cloud, SD-WAN, and on-premises environments through a single management interface and, ideally, using a single command set. At the same time, those same administrators also require consistent visibility across all those different environments to better evaluate the increased attack surface and related risk. This includes being able to trace events across all the different network environments from one single place.
The other management area that has been severely impacted by rapid cloud adoption has been the growing cybersecurity skills gap. Deploying a different security solution set for each cloud iteration requires organizations to add more and more expertise to manage those tools. Addressing this challenge requires additional personnel that needs to pick up additional skills quickly. Finding vendors that simplify management becomes a high priority due to the difficulty in finding qualified cloud security personnel. Deploying a solution that uses the same interface, management, and functionality that administrators are already familiar with allows the security team to move forward and continue to support the organization using their existing resources.
Preparation requires carefully selecting solutions
Cloud architects use a variety of cloud-based automation tools to automate processes and workflows, and they’re going to expect security solutions to integrate with these operational workflows seamlessly. This requirement is even more challenging when we get to a multi-cloud environment where different solutions are typically more suited to different clouds. To support this requirement, a more strategic evaluation of solutions is required. Effectively, beyond the common checklist approach that checks to see if a security solution supports a specific cloud-based application use case, an extensive evaluation of the overall automation support and cross-cloud capabilities – effectively integration, consistency, and unified management – is required.
Securing today’s increasingly complex cloud environments is about much more than simply having a security platform available on a particular infrastructure. It’s about being able to integrate these tools into the services and functions offered in—and across—complex, multi-cloud environments, including autoscaling, automation, extending and leveraging APIs, and implementing automation scripts, all to help integrate solutions into a single, unified multi-cloud operations workflow.
Lior Cohen, Senior Director of Products and Solutions – Cloud Security, Fortinet