Four challenges in securing multi-cloud networks

Today's organizations are not only actively moving many of their workloads to the cloud, but many are transitioning to a multi-cloud model. They leverage specific capabilities of one cloud service provider and take advantage of location or cost advantages of another. At the same time, critical data is being distributed across a variety of other cloud-based applications and services for processing. Almost all have some form of private cloud, and nearly half use multiple hypervisors to manage these environments.

[[220580]]

Further complicating matters is the fact that data, resources and workflows moving across these hybrid clouds must not only be accessed but also managed using a variety of applications running on highly mobile devices.

This is part of digital transformation, which enables organizations to be more resilient not only to the changing needs of their users and employees, but also to the data itself. Response time is critical and constant data management is required.

Multi-cloud security is important

Organizations that need to secure their multi-cloud environments face the following four challenges.

consistency

Organizations understand that security needs to be applied at every stage of the potential attack surface. However, because many organizations deploy their multi-cloud infrastructure in an organic manner, security is often deployed on a per-project basis. This often results in a sprawling solution with multiple devices managed through separate consoles. This makes it difficult to correlate threat intelligence, centrally extend visibility across the threat landscape, orchestrate threat response, or consistently apply and enforce security policies.

speed

Given the need to respond immediately to user needs, organizations are increasingly relying on automation to accelerate decision making. At the same time, billions of IoT devices and software-as-a-service (SaaS) applications running at higher throughputs are increasing the amount of data that needs to be protected. Complicating matters further, more than half of all traffic is encrypted. The challenge is that large-scale, CPU-intensive SSL inspection paralyzes many security devices. But in such an environment, where success is often measured in microseconds, enterprises cannot afford security bottlenecks. As a result, more and more data is not inspected or protected.

Unpredictability

The power of cloud-based business environments lies in their scalability and elasticity. Computing resources can be increased almost infinitely to address changes and peaks in data and workload processing requirements, and data can be dynamically rerouted to meet user and resource needs. Data routing is not only asynchronous, but can change instantly in unpredictable ways. However, for many security solutions, data predictability is very important. In a complex asynchronous environment, isolated security devices may easily lose data flows and packets, making execution difficult or even impossible.

Complexity

Cybercriminals understand that the complexity of multi-cloud environments makes security risks difficult to detect and track. They count on the fact that different security devices cannot communicate with each other, which allows them to exploit gaps that exist between different network segments and environments, and then carry out attacks undetected throughout the network, enabling them to mimic authorized traffic.

Multi-cloud networks require an integrated security architecture

It is nearly impossible to adequately protect dynamic and highly elastic multi-cloud environments using traditional security solutions and strategies. Isolated devices designed for traditional network edge environments with predictable data flows and performance requirements are simply not up to the job. Instead, today's digital environments require an integrated, architecture-based security approach that makes the impossible possible.

This effort starts with selecting security devices and solutions designed to operate effectively at the speeds required of today's networks. Threat protection and performance need to be measured with all the essential features turned on, including advanced firewall, application control, intrusion prevention (IPS), antivirus/anti-malware, zero-day detection/sandboxing, and SSL inspection. Because different manufacturers use different standards and methodologies to promote their technologies, comparing devices can be difficult. This is an area where test results from reputable third-party labs become particularly sought after.

Security technologies deployed throughout the network need to be able to share the threat intelligence they collect. Of course, tools such as next-generation firewalls (NGFW), web application firewalls (WAF), internal segmentation firewalls (ISFW), antivirus and anti-malware (AV), and advanced threat protection (ATP) may need to be deployed separately in different places in the network and in various form factors.

To be truly effective, however, these need to automatically correlate intelligence and coordinate an effective response to any threat detected anywhere in the distributed network.

Centralized visibility, orchestration, and control are the lifeblood of any effective security strategy. We select technologies that not only work together to provide a holistic view, but also to act on shared threat data and report on those threats, and implement any security changes. Because cyber threats can impact the velocity of systems, data correlation across solutions also needs to be as automated as possible. For enterprises, security operations center (SOC) teams, and managed security service providers (MSSPs), integrated SIEM (security, information, and event management) technology will strengthen their ability to detect advanced threats, prioritize indicators of compromise, and automate collective responses.

Finally, security solutions need to be network savvy. They need to understand dynamic workflows and hypervisors, be able to account for on-demand modifications of resources, and dynamically adjust security policies and protocols to accommodate these highly elastic attack surfaces. By working together in an orchestrated, consistent manner, integrated security tools will also be able to track and protect traffic, even as it moves between and across multi-cloud domains.

The digital transformation that is driving the adoption of multi-cloud networks requires a matching security transformation. Organizations need to start implementing new security architectures now that will enable them to protect their data, workflows, and resources while meeting the performance, scalability, and complexity challenges of these evolving multi-cloud environments.