The key to securing cloud environments is understanding that they are not the same as data centers, and that everything you see and manage is virtual. Cloud operations are managed primarily by APIs, are dynamic and often serverless. In many cases, cloud operations are application-centric rather than infrastructure-centric, and they might be managed via code directly by DevOps or site reliability engineers (SREs). Public cloud environments are also highly dynamic with auto-scale groups and the ability to define, manage and change infrastructure and applications programmatically.
As IT teams accelerate cloud operations, cyber-criminals have also evolved their attack techniques to target vulnerabilities. According to Gartner, 99% of cloud security failures will be the customer’s own fault. Thus, to understand the behavior of your environment, you must be able to monitor changes and scan code in an automated fashion. In addition, network diagrams are becoming increasingly obsolete. The real definition of how the network is intended to look and behave can be found within code. This has significant implications for how security professionals document, support and maintain audit readiness.
Finally, cloud-native applications take advantage of containers for compute, function-as-a-service and the hundreds of services that public cloud providers make available, and therefore will never require a single server. Historically, security professionals have managed and monitored security with server and network-based technologies. In their absence, an alternative is required.
Given those dynamics, here are five steps organizations can take to simplify multicloud security:
- Utilize cloud-native security tools: Each provider has a suite of purpose-built security tools for analyzing security configuration, monitoring misconfigurations and compliance, protecting workloads, and identifying events. In AWS, this includes AWS Security Hub, Amazon GuardDuty and Amazon Macie. In Azure, it includes Security Center and Azure Defender. These tools are a great place to start to understand the security of your cloud infrastructure. Some providers also have integrated SIEM technology, such as Azure Sentinel and Google Chronicle, which extend the ability to maintain and correlate logs from both the cloud and data centers.
- Take advantage of automation: Automation is the key to good security hygiene in the cloud. Secure your VMs by building security configurations and applying them via terraform templates or other scripting mechanisms. If you choose not to use a scripting mechanism, build your VMs into base images. Automated scanning tools can also identify configuration or component library vulnerabilities. Next, build automation to respond to events from cloud-native security tools. Automated tools can be built into DevOps CI/CD pipelines to scan for code vulnerabilities and insecure third-party software components.
Automation can also be used to identify and respond to potential issues. If your servers are immutable (meaning they are never changed manually and never logged into) and someone or something attempts to log into them, it’s a security event, which automation can help you respond to. You can also use cloud-native scaling and resiliency to your advantage by automatically snapshotting suspicious workloads within a container, server or application for later analysis while taking them offline immediately, then spinning up a new, clean instance. This ability to respond immediately means a potential adversary no longer has that window of time to do harm while you investigate.
- Make identity your new perimeter: While virtual networking allows you to apply micro-segmentation and limit network traffic, the dynamic nature of the cloud means that identity has become the critical access enforcement mechanism and perimeter. This means utilizing strong authentication for administrators, developers or anyone accessing your accounts. It also means utilizing certificates, SAML and appropriate API authentication mechanisms to secure infrastructure and applications.
- Augment with third-party tools: Some providers can help manage security across multiple clouds. Still, there are instances where layering a third-party tool to standardize security management across multiple cloud providers may make sense. For example, while cloud-native tools provide security and compliance configuration checks, a Cloud Security Posture Management (CSPM) tool enables you to apply policy and monitor compliance across multiple cloud providers from a single point. Further, you may want to standardize your edge security, utilizing WAF, DDoS protection and bot management within a single provider as you place application workload across multiple clouds.
- Monitor at scale: Traditional security monitoring assumes that you have fixed IP addresses and that network behavior is relatively predictable. But cloud security monitoring requires being able to monitor virtual, dynamic environments and identify breaches. This requires a tremendous amount of security telemetry that you must consume and correlate. In many cases, this may take specialized tools and skill sets. And in all cases, it requires a significant amount of computing power, storage and monitoring tools.
As businesses try to address a growing execution and operations management gap by working with multiple security providers and partners, they must evolve their security operations to break free of traditional reactive approaches to threats. A multicloud security strategy that provides an agile, proactive and end-to-end framework for effective threat detection and incident response against increasingly sophisticated attacks is the answer.
Forget future-proofing and focus on future-enablement
About the Authors
VP, Security Solutions
Gary Alterson is VP of Security Solutions at Rackspace. In this role he acts as GM for Rackspace’s security solutions focused on supporting digital transformations and cloud acceleration. Previously, Gary led Customer Experience and Services Product Management at Cisco Systems where he built professional, managed, and support services addressing cloud security and advanced threats. At Cisco and at Neohapsis, a nationally recognized cybersecurity boutique consultancy, Gary and his teams were instrumental in transforming enterprise and government security programs to effectively address shifting business models, emerging technologies, and the evolving threat environment. As a previous CISO and security architect, Gary has over 20 years experience on the front lines of security, protecting and responding to threats across multiple industries. Gary is often sought out to speak on secure digitization, cloud, and emerging technology security frameworks as well as enterprise security.Read more about Gary Alterson