Cloud

1/23/2018
10:30 AM
Avishai Wool
Avishai Wool
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

5 Steps to Better Security in Hybrid Clouds

Following these tips can improve your security visibility and standardize management across hybrid environments.

When it comes to embracing innovation, we are all a little cautious by nature. For example, we know electric cars are the future, but the infrastructure to fully support them isn't ready yet. So sales of hybrid gas/electric cars are booming — giving drivers the benefits of new technology combined with long-established, proven systems.

It's the same with the hybrid cloud. It offers greater agility, rapid scalability, and cost-savings, as well as the promise of working seamlessly alongside organizations' current, on-premises networks. As such, it's no surprise that enterprises have embraced the hybrid cloud model. Nearly 50% of organizations we surveyed now run up to 20% of their workloads in public clouds, and another 25% used the public cloud for up to 40% of their workloads, according to our recent report, "The Hybrid Cloud Environments: The State of the Security".

Despite this, the survey reveals that enterprises still harbor significant concerns about security in public clouds, holding them back from wider adoption. Companies that are running business applications in public clouds say that their biggest worries are the risks of cyberattacks, breaches, and outages, and the complexity of managing security effectively across hybrid environments. So what's causing these cloud security concerns and challenges, and how can enterprises address them? 

Bumpy Road
Our survey shows that cloud security issues typically begin when enterprises start the process of migrating applications to public clouds: 44% of respondents say they had difficulties in managing security policies in the cloud after migration, and 30% report their applications didn't work at all post-migration. Fewer than one in five say they'd had no problems during the migration process.

This isn't surprising: migration is complex and error-prone, requiring detailed preparation if it's to be done smoothly without compromising security or compliance. 

Before starting any migration process, have a detailed map of the connectivity flows for the application that you plan to move. Making this map isn't easy. There's usually little or no documentation on existing application connectivity, and it can take weeks to gather all the information, understand the connectivity that's needed, and then migrate and update every rule and access control list for each security device to the new environment. 

It takes just one mistake in this process to cause an outage or to create security holes or compliance violations — which is why most enterprises have problems during migration.

Poor Visibility Affects Security
Even after successfully navigating problems encountered during migration, enterprises find new security challenges. Nearly two-thirds of survey respondents say the greatest obstacle they faced when trying to manage their hybrid environments was a lack of visibility into security and managing security policies consistently. Other problems were demonstrating compliance with relevant industry regulations, and managing a mix of firewalls consistently across their hybrid networks. 

A key reason for these problems is that organizations are using a range of different security controls to protect their environments: 58% of survey respondents say they used the public cloud provider's native controls, while 44% say they also use third-party firewalls deployed in their cloud environment.

This leads to fragmented security management processes: 20% of enterprises are using manual processes to manage their security devices, and 26% say they use cloud-native tools. Nearly half of enterprises are working with multiple, different security controls separately — adding complexity, duplication of effort, and management overhead to their security processes. 

How can enterprises address these challenges to make migrations and security management across hybrid clouds environments more automated and consistent? Here are the five key steps:

  1. Get clear visibility into all your networks. A lack of visibility in the cloud is the biggest security challenge cited by our survey respondents. As such, the first step is to gain visibility across not just the different environments but also across the security controls that exist both on-premises and in the cloud.
  2. Use single-console management. With organizations using a mix of their cloud providers' own security controls as well as host-based and on-premises firewalls, managing policies consistently is a huge challenge. The ability to manage all of these diverse security controls from a single console, using a single set of commands and syntax, enables security policies to be applied consistently and avoids duplication of effort and error-prone manual processes. 
  3. Automate security processes. Managing security policies consistently across their hybrid environment isbthe second-biggest security challenge cited in our survey. Alongside visibility, security automation is fundamental to managing a hybrid network environment efficiently, and orchestrating change processes across a complex mix of security controls. Companies that used automation benefited from speed and accuracy when managing security changes across their environments, accelerated cloud migrations, and were better able to enforce and audit regulatory compliance. It also helped these organizations overcome staffing limitations.
  4. Map apps before you migrate. To streamline the migration process, enterprises need to map all their existing applications, connectivity flows, and dependencies before the migration starts. With this set of application maps, connectivity flows in the cloud can be easily defined and all the underlying security policies can be adjusted to support the infrastructure and security devices used in the cloud.
  5. Tie cyberattacks to business processes for faster mitigation. Cyberattacks are one of the greatest concerns survey respondents cite for organizations running applications in the cloud. Policy management solutions that integrate with SIEM tools help address this challenge. Threats such as malware can be covertly active for months on enterprise networks, moving laterally from on-premises to the cloud or vice versa. When a threat is detected by the SIEM solution, a policy management solution can identify all the applications and servers it affects (or potentially affects) and map the lateral movement of the attack. A policy management solution can then mitigate the threat's risk by isolating any affected servers or devices from the network.

These five steps to improve security visibility and standardize and automate security management across a hybrid environment will help enterprises achieve a smoother, faster, and safer hybrid cloud journey. 

Related Content:

Avishai Wool co-founded AlgoSec in 2004 and has served as its CTO since its inception. Prior to co-founding AlgoSec, he co-founded Lumeta Corporation in 2000 as a spin-out of Bell Labs, and was its Chief Scientist until 2002. At Lumeta, Dr. Wool was responsible for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.