Security Experts:

Rethink Your Cloud's Biggest Blind Spot

The integration of the cloud into global Internet and business strategies is the critical next step towards our officially entering the Digital Age. Advances in how we gather, share, and consume information have not only transformed business, but also society itself. In fact, we are now so accustomed to change that we adopt it and adapt to it without a second thought. And we have to. If you take the time to think twice, you are likely to get run over by the next innovation, or get left hopelessly behind.

The cloud has become a powerfully disruptive technology, allowing businesses to be more agile, responsive, and available than ever before by transforming traditional compute architectures and best practices that have been in place for decades. Of course, every time we extend or alter the network perimeter(s) we increase the potential attack surface, and the risks associated with adopting something new often catch us unaware because threats can suddenly come at us from unexpected directions and via technologies with which we only have limited operational experiences.

Rethink Your Cloud’s Biggest Blind Spot: SecurityIncreasingly the challenge from this distribution is that your intrinsically valuable corporate information no longer sits on isolated islands of data. Users, devices, and applications can access virtually any information or interact with virtually anyone, from any device or location, using an increasingly varied range of methods. The traditional security models and technologies we have been relying on simply can’t keep up. And as we have seen, cybercriminals are ready to exploit any weaknesses in our technologies, protocols, or services.

So, while we are reengineering our society, it is time to radically rethink security.

Of course, we are currently seeing the accelerated adoption of specialized security, such as virtualized, on-demand data center protection, web-application firewalls, security for mobile devices, thin clients, secure email gateways, advanced threat protection, and sandboxes. Some of these tools are deployed locally, some are being deployed on remote and mobile devices, and many are being deployed as services to protect critical cloud resources.

But dozens of isolated security tools and platforms, regardless of how relevant they are to new cloud-based networks, create their own problem. Overburdened IT teams are ill-equipped to adequately deploy, configure, monitor, and manage dozens of separate security tools, especially with no good way to establish consistent policy enforcement or correlate the threat intelligence each of these devices produces across an increasingly distributed network.

As a result, for many organizations, their cloud-based infrastructure and services have become a blind spot in their security strategy. And as we know all too well, a critical lapse in visibility or control in any part of the distributed network, especially in the cloud, can spell disaster for a digital business, and potentially even have repercussions across the entire emerging global digital economy.

Our approach to deploying security needs to be redesigned to meet this new challenge. What’s needed is an interconnected security framework that can dynamically expand and adapt as organizations venture into the cloud. Security policy and enforcement needs to seamlessly follow and protect data, users, and applications as they move back and forth between smart endpoints, borderless networks, IoT devices, and cloud-based environments.

For myself, it seems obvious that such an approach should be built around the three fundamental requirements outlined by the NSA in their Active Cyber Defense initiative in order to adequately protect today’s dynamically distributed networks:

Integration – Security, networks, and cloud-based tools need to be connected together as a single system to enhance visibility, correlate and share threat intelligence, and enable a unified single pane of glass for enhanced visibility, management, orchestration, and analysis.

Synchronization –To enable a coordinated response to attacks, security solutions need to synchronize real-time detection, analysis, and threat mitigation across critical networks and systems, even into the cloud, to effectively isolate affected devices, dynamically partition network segments, update rules, and remove malware.

Automation – In order for security solutions to adapt to dynamically changing network configurations and respond in real time to detected threats, security measures and countermeasures need to be applied automatically, regardless of where a threat originates or what devices or services are being targeted or compromised.

Of course, this is easier said than done. To make such an approach possible, security solutions also need to be designed around open Application Programming Interfaces (APIs), Open Authentication Technology, and standardized telemetry data. Such standards allow organizations to actively collect and share threat information, distribute mitigation instructions, improve visibility and intelligence, enhance situational awareness, and broaden a synchronized attack response.

As your organization accelerates its move into the cloud, you need to consider the following:

1. Ensure that the security tools and services available to you through your cloud provider are compatible with those you have implemented in your local network.

2. Make the support of open standards a critical requirement when evaluating new security solutions.

3. Make sure that your visibility and control extends into your cloud infrastructure, and that you can establish, distribute, and enforce security policies anywhere your data travels.

Such an approach will allow you to centrally analyze and share threat information, effectively generate and respond to cyberthreat alerts, and automate a unified effort to detect and defend against advanced cyberattacks anywhere across your distributed network environment.

view counter
Ken McAlpine is a 35+ year veteran of the IT industry and remembers when security was almost exclusively a physical challenge and "the Internet” was a 110 Baud Acoustic Coupler. McAlpine is currently the VP, Network Security Solutions and a member of the CTO Office for Fortinet. Prior to Fortinet, he was self employed and engaged in consulting with international customers primarily focusing on Security Technologies as well as Network and Systems Management technologies.