Over the last decade, enterprises have increasingly migrated their IT systems to the cloud, and this trend only seems to be accelerating. Private cloud infrastructure, including virtualisation and software-defined networking (SDN), is transforming on-premise data centres, which host the majority of enterprise servers around the globe.
Enterprises are also embracing public clouds at an unprecedented rate, with most connecting back to on-premise environments to create a hybrid cloud environment.
However in spite of all their advantages – mainly in terms of increased agility and overall cost savings – these accelerated infrastructural changes raise major concerns about security, and organisations’ ability to protect end-users and sensitive data from ever evolving cyber threats.
As today’s enterprise data centres evolve from static internal environments to a mix of private, public, and hybrid clouds, organisations need to augment traditional firewalls and security systems – which normally focus on client-to server-traffic, between the data centre and the rest of the network, known as north-south traffic – with expanded protection for traffic within the data centre, or east-west traffic.
In order to maintain a strong security presence in private, public, and hybrid clouds, organisations need to increase security protocols to keep pace with these more dynamic, distributed, and fast-paced environments. Here are the four key areas to consider when looking to secure today’s cloud:
1. Scalability: Cloud computing allows for rapid development and delivery of highly scalable applications. Security needs to be equally elastic to scale with the cloud infrastructure itself and to provide complete protection without negatively affecting business output.
Today’s cloud environments require ultra-fast physical firewalls that provide highly scalable north-south data centre firewall and network security protection at the edge of the private cloud. There is also a need for virtual firewalls that provide north-south protection for public clouds. And they need virtual firewalls that provide east-west protection for data and transactions moving between devices which operate in the cloud.
>See also: The cloud and its security implications
High-performance firewalls and network security appliances need to be able to scale both vertically and laterally to meet performance demands, and seamlessly track and secure data from endpoints, across the enterprise network ecosystem.
2. Segmentation: Thanks to technologies such as virtualisation and software-defined networking (SDN), cloud environments have become increasingly aggregated to the point where entire data centres can be consolidated.
If a hacker or advanced threat breaches the cloud perimeter via a single vulnerable application, there’s typically little to protect critical assets within the flat and open internal network.
To minimise that serious potential for damage and loss, organisations need to isolate business units and applications. Networks should therefore be intelligently segmented into functional security zones to control lateral east-west traffic.
End-to-end segmentation will give you deep visibility into the traffic that moves east-west across the distributed network, limit the spread of malware, and allow for the identification and quarantining of infected devices.
A robust end-to-end security strategy should include internal segmentation fire-walling across data centres, campuses, and branch offices, and secure micro-segmentation for SDN and cloud environments.
3. Awareness: In addition to scalability and segmentation, your underlying security infrastructure should also alert you about any dramatic changes in the cloud environment in order to provide seamless protection.
It is not enough to detect bad traffic or block malware using discrete security devices. Security should be integrated into a security information and event management system (SIEM) and other analytic tools in private and public clouds that have the ability to collect and correlate data, and automatically orchestrate changes to security policy/posture in response to detected incidents and events.
In order to have complete visibility and control, the individual elements need to be able to work together as an integrated and synchronised security system.
4. Extensibility: Solutions should also be built on an extensible platform with programmatic APIs (for example, REST and JSON), as well as other interfaces to dynamically integrate with the wide array of deployed hypervisors, SDN controllers, cloud management consoles, orchestration tools, and software-defined data centres and clouds. This results in security protocols that are able to automatically adapt and evolve to the network architecture and the ever changing threat landscape.
A step-by-step guide to securing today’s cloud environment
When assessing a security solution, there are a few general questions that organisations should ask:
1. Is it scalable? A comprehensive security strategy must be elastic in both depth (performance and deep inspection) and breadth (end-to-end).
2. Is it aware? As well as being able to track how data flows in and out of your network, you should also consider how it moves within the perimeter and who has access to it the data.
3. Is it really secure? The different security tools you utilise in your network need to be able to work together in an integrated system to achieve complete visibility and control.
4. Is it actionable? You need a common set of threat intelligence combined with centralised orchestration that enables security to dynamically adapt as new threats are discovered and automatically deliver a synchronised response anywhere across the distributed network.
5. How open is it? Well-defined, open APIs allow technology partners to become part of the fabric — helping to maximise investments while dynamically adapting to changes.
Today’s evolving enterprise network combined with the transition to a digital business model has raised some serious challenges in terms of network security.
Alongside this evolution, the adoption of different cloud architectures also comes with its own set of security concerns.
The next generation of security systems needs to be more agile and scalable than ever before in order to comprehensively protect and secure enterprise networks. What is required is a segmented, integrated solution to anticipate the attack vectors of current and emerging threats.
Sourced by Mark Weir, regional director UK&I, Fortinet