When it comes to securing cloud environments, organisations have lots of options. The marketplaces provided by cloud vendors are filled with a wide array of security solutions. Many are from vendors who also build a broad set of security products spanning cloud and on-premises environments, while others are from vendors focused exclusively on purpose-built cloud security tools. Given all of this, selecting the right tool can be bewildering.
One of the most important places to start is to determine whether a solution has been optimised to run natively in that cloud environment. Many cloud security offerings are simply a hardware operating system ported to a virtual instance. Such solutions may seem like a good idea – for example, a solution may be from a known vendor – but if the solution is not designed to run as a cloud native solution, it may be more trouble than it is worth.
Non-native cloud network security tools simply do not perform as fast or efficiently as cloud-native solutions, and when it comes to security, performance and effective policy enforcement are essential. The best solutions are designed and optimised for cloud specific network implementations from the ground up. And even better are those from a vendor that provides cloud-native integrations with performance enhanced offerings from multiple cloud platforms, such as Azure Accelerated Networking, Oracle native mode, and AWS C5n instances.
However, as organisations become increasingly reliant on a multi-cloud strategy, if they aren’t careful, they can end up with a complex set of technologies in place, each with different security controls deployed in various cloud environments. Such complexity can diminish visibility and control while increasing management overhead. The point is, selecting a cloud optimised network security solution shouldn’t be done in a vacuum. The best strategy is to choose a tool that can run natively and is optimised for a variety of cloud environments.
The advantages of cloud-native security solutions
There are many advantages to selecting security solutions that are optimised for and natively integrate with public cloud platforms. One of the most obvious is that they deliver higher performance, eliminating the need for over creativity in designing the solution to scale. They provide broader scalability because they leverage cloud service optimisations for delivery and cloud APIs for control. And they deliver greater efficiency because they have access to cloud-native features and APIs, which enable more efficient use of the cloud’s underlying resources.
Other benefits of a cloud-native security solution include:
Ease of deployment: Native integration of security capabilities with public cloud platforms makes it easy for security teams to leverage things like cloud automation services and deployment. As public cloud adoption accelerates, and as new cloud environments are adopted, having a cloud-native solution deployed on each cloud platform can make a huge difference in things like management overhead.
Cloud connectors: Cloud-native solutions running on different cloud platforms, even from the same vendor, may vary in terms of policy implementation and enforcement from one cloud network to the next. And that can create security gaps that cybercriminals are all too motivated to exploit. Cloud connectors facilitate abstraction of resource and service definition between different cloud platforms. They’re used to normalise the different types of resource metadata in use across multiple clouds. Because cloud resources typically use metadata and labels to indicate their logical function or to classify information, and because IP address information cannot be relied upon to make security decisions, cloud connectors are essential.
These connectors can also be used to help build and enforce consistent security policies across regions and clouds. They help facilitate communications between security fabric solutions deployed in different environments, including in the core network and even branch offices. Such connectors can easily translate configurations, policies, and threat intelligence between different security devices, as well as facilitate consistent communications with a central management platform.
Centralised management: A central management platform that can span multiple cloud environments enables administrators to quickly and easily assess configurations, update policies, examine events, and collect and correlate threat data across a multi-cloud deployment. This single pane of glass management approach is essential for properly securing each cloud environment, while ensuring the broadest visibility and most granular controls possible across the entire distributed network.
Broad automation: Automation is essential for simplifying things like configuration management, rapid threat identification, and unified response to cyber events across the entire network. It works even better when automation frameworks span multiple cloud environments, thereby reducing management overhead. Cloud automation should include such things as automation stitches, the ability to implement automation templates, and robust support for programmatic management via RESTful application programming interfaces (APIs). Automation stitches are especially useful as they allow an organisation to programmatically automate responses across different components of a distributed security framework – decreasing the response time to a security event – without requiring any programming experience or deep cloud domain expertise.
Autoscaling: One of the primary benefits of a cloud infrastructure is its elasticity and on-demand capabilities. This includes the ability to scale services in and out based on fluctuating business needs, while only paying for what is used. Combining native integration with the auto-scaling capabilities of the cloud enables the security infrastructure to keep up with cloud infrastructure scaling based on volume and demand, ensuring that applications are continuously protected.
A cloud security strategy starts with cloud-native solutions
A cloud strategy, including a multi-cloud approach, offers organisations immense business opportunities. But without the right security infrastructure in place, the cloud also introduces serious security challenges, especially when business-critical applications and data are scattered across multiple clouds. However, because the decentralised adoption of cloud services often results in a complex set of security tools and policies managed in individual silos, organisations need to have a cloud security strategy in place that is understood by everyone.
Because each cloud platform relies on different tools and approaches security differently, enterprises must leverage a consistent set of security tools to protect their applications. This starts with tools that provide native integration across all major cloud providers, combined with connectors that enable consistent instrumentation, event correlation, and centralised management across the entire infrastructure. Next is integrating all security elements deployed across the entire attack surface, and automating security operations across multiple clouds, followed with centralised policy management for consistent enforcement and regulatory compliance. With such a strategy in place, organisations can deploy an effective cloud security strategy that spans their entire growing IT infrastructure.
Read more from Cohen: How to manage the risk of cloud sprawl with centralised management
Photo by eberhard grossgasteiger on Unsplash
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.