Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Why Multi-cloud Security Requires Rethinking Network Defense

The Need to Rethink Security For Our Cloud Applications Has Become Urgent

The Need to Rethink Security For Our Cloud Applications Has Become Urgent

Companies are utilizing the public cloud as their primary route to market for creating and delivering innovative applications. Striving to gain a competitive advantage, organizations of all sizes and in all vertical sectors now routinely tap into infrastructure as a service, or IaaS, and platform as a service, or PaaS, to become faster and more agile at improving services through applications.

Along the way, companies are working with multiple cloud providers to create innovative new apps with much more speed and agility. This approach is opening up unprecedented paths to engage with remote workers, suppliers, partners and customers. Organizations that are good at this are first to market with useful new tools, supply chain breakthroughs and customer engagement innovations. 

There’s no question that IaaS, PaaS and their corollary, DevOps, together have enabled businesses to leapfrog traditional IT processes. We are undergoing a digital transformation of profound scope – and things are just getting started. Companies are beginning to leverage the benefits of being able to innovate with unprecedented agility and scalability; however, to take this revolution to the next level, we must take a fresh approach to how we’re securing our business networks.

Limits to legacy defense

Simply put, clunky security approaches, pieced together from multiple vendors, result in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections. This level of human intervention increases the likelihood for human error, leaving organizations exposed to threats and data breaches. What’s more, security tools that are not built for the cloud significantly limit the agility of development teams. 

Cloud collaboration, fueled by an array of dynamic and continually advancing platforms, is complex; and this complexity has introduced myriad new layers of attack vectors. We’ve seen how one small oversight, such as forgetting to change the default credentials when booting up a new cloud-based workload, can leave an organization’s data exposed or allow attackers to leverage resources to mine cryptocurrency. 

Clearly the need to rethink security for our cloud apps has become urgent. What’s really needed is an approach that minimizes data loss and downtime, while also contributing to faster application development, thus allowing the business to experience robust growth. It should be possible to keep companies free to mix and match cloud services, and to innovate seamlessly on the fly, while also reducing the attack surface that is readily accessible to malicious parties.

Advertisement. Scroll to continue reading.

Frictionless security

The good news is that the cybersecurity community recognizes this new exposure, and industry leaders are innovating, as well, applying their expertise to prevent successful cyberattacks. It is, indeed, possible to keep companies free to mix and match multiple cloud providers, and to innovate seamlessly on the fly, while also reducing opportunities for attack. Ideally, cloud security should speed application development and business growth, while preventing data loss and business downtime.

This requires three key capabilities: advanced application and data breach prevention, consistent protection across locations and clouds, and frictionless deployment and management. Security delivered through private cloud, public cloud and SaaS security capabilities can work together to eliminate the wide range of cloud risks that can cause breaches. 

When you think about it, a different approach to cloud security is inevitable. There’s every reason to drive toward wider use of enterprise-class cloud security capabilities integrated into the cloud app development lifecycle. It’s vital to make cloud security frictionless – for both the development teams and the security teams. This is a linchpin to fulfilling the potential of cloud-centric commerce. We must move toward frictionless security systems, designed to be just as fast and agile as the cloud-based business operations they protect.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.