Connect with us

Hi, what are you looking for?


Cloud Security

Managing and Securing Distributed Cloud Environments

The complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories.

Navigating cloud security

Recently, on my morning jog, I saw a garbage truck making the rounds. This may sound like an odd way to open a security article, though, as you may have guessed, it reminded me of an important concept. It is remarkable how different circumstances can necessitate different solutions.

While I was watching the garbage truck, I noticed how the sanitation workers used different techniques to dispose of the garbage, depending on the type of trash bin. As you might expect, the workers lifted the smaller bins and emptied the contents into the garbage truck. Larger bins were connected to equipment on the truck that lifted and emptied those bins, which were too large and heavy for the workers to lift. For the largest bins, specialty trucks are required – not the standard garbage trucks that make the rounds in the morning.

Most of us have seen trash being collected thousands of times. What may not have occurred to us, however, is the concept that different circumstances often necessitate that different approaches be taken to solve problems. This is most certainly the case in the security field.

For an example in security, consider the need to apply security best practices in an enterprise environment. Whereas even a few years ago, this may have been a challenging but relatively straightforward undertaking, in the era of hybrid and multi-cloud environments (often called distributed cloud environments), this is anything but. The complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories.

What’s lacking in many hybrid and multi-cloud environments is a consistent and centralized way to manage and secure those environments. Thankfully, there are some solutions on the market to help in these distributed cloud environments.  Let’s take a look at a few challenges that can be addressed by leveraging one of these solutions:

  • Finding efficiencies: Having a distributed cloud solution in place opens up opportunities for enterprises to find efficiencies.  Centralized and unified management of hybrid and multi-cloud environments allows those environments to be managed more efficiently by the security team. This, in turn, facilitates improvements in securing those environments by reducing the chance of oversights or errors and reducing the time required to implement security policies and solutions.  As an added bonus, simplified management also allows enterprises to more easily optimize application and API delivery to end-customers.
  • Managing complex application infrastructure: It is no secret that the application infrastructure across distributed cloud environments is complex. This can lead to a number of security issues, including unknown, unmonitored, and/or uncontrolled API endpoints, leakage of sensitive data, difficulty in enforcing policy, improper access control, and increased numbers of vulnerabilities.  Distributed cloud solutions provide vastly simplified, more effective ways to manage complex application infrastructure and the security issues that come with it.
  • Overly-distributed cloud: Sometimes I think that “overly-distributed cloud” might be a more apt name for hybrid and multi-cloud environments.  While there are legitimate business reasons and advantages to have a distributed cloud infrastructure, there are also disadvantages.  The infrastructure can often get out of hand and can be overly complex. This can lead to situations where important pieces of infrastructure and important applications and APIs are, to use a colloquial term, all over the place.  This is not good, obviously, and generally requires leveraging a partner to help keep tabs on the infrastructure.
  • Lack of good inventory: It is rather difficult for even the best security teams to secure assets they don’t know about.  This is why asset management is so important. In distributed cloud environments, asset management can be challenging for a variety of reasons.  Developers may release new versions with updated API schemas without notifying the security and infrastructure teams.  Additional infrastructure may be instantiated without being properly inventoried and managed. These and other occurrences make maintaining accurate inventory important.  Working with a partner that brings good API discovery capabilities to the table can be a great way for security teams to improve their asset management capabilities in distributed cloud environments.
  • Consistent security: As the well-known phrase states, a chain is only as strong as its weakest link.  This is very much the case in security, as we all know. That makes consistency one of the most important aspects of security.  Attackers are clever, motivated, and incentivized to find our weakest links. Thus if we cannot apply security policy and best practices consistently, we are opening up our enterprises to an unnecessarily high level of risk. This is another way in which distributed cloud solutions can help security teams better protect their enterprises.
  • Lack of consistent controls: If you’ve ever worked with a risk register or with a Governance, Risk, and Compliance (GRC) team, you know the importance of controls.  You likely also know how complex these risk registers can get when the number and complexity of the environments grows.  Naturally, controls are far more effective when implemented consistently, regardless of how many environments there are or how complex those environments are. This makes being on top of managing the distributed cloud environment and applying controls consistently extremely important.

The complexity and challenge that hybrid and multi-cloud environments (often called distributed cloud environments) add for enterprises are not insurmountable.  By working with trusted partners, enterprises can more efficiently manage and secure their distributed cloud environments. This, in turn, helps those enterprises more effectively mitigate risk and improve their overall security posture.

Related: These Are the Top Five Cloud Security Risks, Qualys Says

RelatedSurvey Shows Reasons for Cloud Misconfigurations are Many and Complex

Advertisement. Scroll to continue reading.

RelatedQualys Flags Gaping Security Holes in Exim Mail Server

RelatedMost Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Security and Fraud Architect at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...