Managing the mix: simplifying cloud security management

Clouds never stay still:  they constantly move, expand and disperse, influenced by both local and wider weather conditions.

And it’s the same with enterprise cloud environments:  they are constantly changing according to organizations’ business needs, as they spin up new resources or move applications from on-premise to cloud environments, to take advantage of the agility, flexibility and economies of scale it offers.

The latest Cisco Cloud Index shows just how significant a role the cloud is already playing in enterprise IT estates – and how this role will continue to grow in the near future. It predicts that by 2021, traditional on-premise data centers will host just 6% of enterprise applications and workloads, with virtualized and cloud datacenters handling the remaining 94%. The Index also forecasts that in 2021, 73% of workloads will use the public cloud, up from 58% in 2017. At the same time, workloads handled in private clouds will decline gradually from 42% back in 2017 to 27% in two years’ time.

Cloud security concerns

So the future is cloud. However, this also brings new challenges, because it introduces new levels of complexity and risk to organizations’ security postures. The security controls and network architectures offered by the leading cloud vendors are different from each other, and very different from those used in on-premise data centers. This creates problems for security teams in understanding the differences in the various cloud technologies, and in configuring and managing them separately using multiple consoles.

This is compounded by the multiple stakeholders involved in managing cloud deployments – such as application developers, DevOps, and cloud teams. It’s all too easy to lose sight of who is making changes to what, which increases the risk of misconfigurations. Even worse, in some cases, customers of cloud services often do not know how to use them securely.

The 2019 Security Report from Check Point found that 30% of IT professionals still consider security is the cloud service provider’s responsibility, rather than their own. Also, the leading public cloud security threat named by survey respondents was misconfiguration of cloud infrastructures (cited by 62%) As such, it’s no surprise that 18% of organizations globally had experienced a cloud security incident in the 12 months.

So how do organizations cut through all the complexity and get full control over their individual hybrid estate of public cloud, private cloud and on-premise deployments?

Getting cloud control

The starting point is for IT and security teams to get clear, holistic visibility across the entire hybrid estate. Our ‘Hybrid Cloud Environments: The State of Security’ report showed that a lack of visibility was the biggest obstacles facing enterprises when trying to manage their hybrid environments, followed by managing security policies consistently, demonstrating compliance with relevant industry regulations, and managing security controls consistently.

As such, teams should be able to see all of the assets that need protection across their multi-cloud estate, and the security controls that are protecting them in a single pane of glass, enabling them to continuously monitor changes to configurations, and assess potential vulnerabilities or risks. They should also be able to manage each type of security control – including cloud-native security groups, cloud security products such as Azure firewall, and third-party security controls, as well as on-premise firewalls – in a uniform, consistent way, giving a change management framework that spans the hybrid environment.

An intelligent, automated and cloud-native management solution gives IT and security teams (and other stakeholders) this comprehensive visibility and control. It can automatically discover and map the traffic flows and connectivity paths that serve business applications across the hybrid environment, and test those flows for any potential security risks or compliance violations before any changes are made.

It also gives teams the ability to configure and manage all security controls holistically, across multiple clouds, accounts, regions and VPC/VNETs, giving holistic change management for hybrid and multi-cloud environments. This automates security policy changes consistently, without compromising the organization’s security or compliance postures. It also avoids duplication of effort and error-prone manual processes. Organizations can define and enforce security across their entire network environment, whether cloud, SDN or on-premise, using a cohesive security policy to assess risk and compliance, and to troubleshoot connectivity issues and change management problems with everything fully documented for audit purposes.

As enterprise cloud usage continues to change and grow, organizations will need to adopt new approaches to protecting their assets and maintaining strong security across their hybrid, multi-cloud estates. Find out how AlgoSec helps to deliver that security here.