Cloud

1/23/2018
10:30 AM
Avishai Wool
Avishai Wool
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

5 Steps to Better Security in Hybrid Clouds

Following these tips can improve your security visibility and standardize management across hybrid environments.

When it comes to embracing innovation, we are all a little cautious by nature. For example, we know electric cars are the future, but the infrastructure to fully support them isn't ready yet. So sales of hybrid gas/electric cars are booming — giving drivers the benefits of new technology combined with long-established, proven systems.

It's the same with the hybrid cloud. It offers greater agility, rapid scalability, and cost-savings, as well as the promise of working seamlessly alongside organizations' current, on-premises networks. As such, it's no surprise that enterprises have embraced the hybrid cloud model. Nearly 50% of organizations we surveyed now run up to 20% of their workloads in public clouds, and another 25% used the public cloud for up to 40% of their workloads, according to our recent report, "The Hybrid Cloud Environments: The State of the Security".

Despite this, the survey reveals that enterprises still harbor significant concerns about security in public clouds, holding them back from wider adoption. Companies that are running business applications in public clouds say that their biggest worries are the risks of cyberattacks, breaches, and outages, and the complexity of managing security effectively across hybrid environments. So what's causing these cloud security concerns and challenges, and how can enterprises address them? 

Bumpy Road
Our survey shows that cloud security issues typically begin when enterprises start the process of migrating applications to public clouds: 44% of respondents say they had difficulties in managing security policies in the cloud after migration, and 30% report their applications didn't work at all post-migration. Fewer than one in five say they'd had no problems during the migration process.

This isn't surprising: migration is complex and error-prone, requiring detailed preparation if it's to be done smoothly without compromising security or compliance. 

Before starting any migration process, have a detailed map of the connectivity flows for the application that you plan to move. Making this map isn't easy. There's usually little or no documentation on existing application connectivity, and it can take weeks to gather all the information, understand the connectivity that's needed, and then migrate and update every rule and access control list for each security device to the new environment. 

It takes just one mistake in this process to cause an outage or to create security holes or compliance violations — which is why most enterprises have problems during migration.

Poor Visibility Affects Security
Even after successfully navigating problems encountered during migration, enterprises find new security challenges. Nearly two-thirds of survey respondents say the greatest obstacle they faced when trying to manage their hybrid environments was a lack of visibility into security and managing security policies consistently. Other problems were demonstrating compliance with relevant industry regulations, and managing a mix of firewalls consistently across their hybrid networks. 

A key reason for these problems is that organizations are using a range of different security controls to protect their environments: 58% of survey respondents say they used the public cloud provider's native controls, while 44% say they also use third-party firewalls deployed in their cloud environment.

This leads to fragmented security management processes: 20% of enterprises are using manual processes to manage their security devices, and 26% say they use cloud-native tools. Nearly half of enterprises are working with multiple, different security controls separately — adding complexity, duplication of effort, and management overhead to their security processes. 

How can enterprises address these challenges to make migrations and security management across hybrid clouds environments more automated and consistent? Here are the five key steps:

  1. Get clear visibility into all your networks. A lack of visibility in the cloud is the biggest security challenge cited by our survey respondents. As such, the first step is to gain visibility across not just the different environments but also across the security controls that exist both on-premises and in the cloud.
  2. Use single-console management. With organizations using a mix of their cloud providers' own security controls as well as host-based and on-premises firewalls, managing policies consistently is a huge challenge. The ability to manage all of these diverse security controls from a single console, using a single set of commands and syntax, enables security policies to be applied consistently and avoids duplication of effort and error-prone manual processes. 
  3. Automate security processes. Managing security policies consistently across their hybrid environment isbthe second-biggest security challenge cited in our survey. Alongside visibility, security automation is fundamental to managing a hybrid network environment efficiently, and orchestrating change processes across a complex mix of security controls. Companies that used automation benefited from speed and accuracy when managing security changes across their environments, accelerated cloud migrations, and were better able to enforce and audit regulatory compliance. It also helped these organizations overcome staffing limitations.
  4. Map apps before you migrate. To streamline the migration process, enterprises need to map all their existing applications, connectivity flows, and dependencies before the migration starts. With this set of application maps, connectivity flows in the cloud can be easily defined and all the underlying security policies can be adjusted to support the infrastructure and security devices used in the cloud.
  5. Tie cyberattacks to business processes for faster mitigation. Cyberattacks are one of the greatest concerns survey respondents cite for organizations running applications in the cloud. Policy management solutions that integrate with SIEM tools help address this challenge. Threats such as malware can be covertly active for months on enterprise networks, moving laterally from on-premises to the cloud or vice versa. When a threat is detected by the SIEM solution, a policy management solution can identify all the applications and servers it affects (or potentially affects) and map the lateral movement of the attack. A policy management solution can then mitigate the threat's risk by isolating any affected servers or devices from the network.

These five steps to improve security visibility and standardize and automate security management across a hybrid environment will help enterprises achieve a smoother, faster, and safer hybrid cloud journey. 

Related Content:

Avishai Wool co-founded AlgoSec in 2004 and has served as its CTO since its inception. Prior to co-founding AlgoSec, he co-founded Lumeta Corporation in 2000 as a spin-out of Bell Labs, and was its Chief Scientist until 2002. At Lumeta, Dr. Wool was responsible for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I told him all that cryptomining would crash his system."
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.