Cloud

1/23/2018
10:30 AM
Avishai Wool
Avishai Wool
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

5 Steps to Better Security in Hybrid Clouds

Following these tips can improve your security visibility and standardize management across hybrid environments.

When it comes to embracing innovation, we are all a little cautious by nature. For example, we know electric cars are the future, but the infrastructure to fully support them isn't ready yet. So sales of hybrid gas/electric cars are booming — giving drivers the benefits of new technology combined with long-established, proven systems.

It's the same with the hybrid cloud. It offers greater agility, rapid scalability, and cost-savings, as well as the promise of working seamlessly alongside organizations' current, on-premises networks. As such, it's no surprise that enterprises have embraced the hybrid cloud model. Nearly 50% of organizations we surveyed now run up to 20% of their workloads in public clouds, and another 25% used the public cloud for up to 40% of their workloads, according to our recent report, "The Hybrid Cloud Environments: The State of the Security".

Despite this, the survey reveals that enterprises still harbor significant concerns about security in public clouds, holding them back from wider adoption. Companies that are running business applications in public clouds say that their biggest worries are the risks of cyberattacks, breaches, and outages, and the complexity of managing security effectively across hybrid environments. So what's causing these cloud security concerns and challenges, and how can enterprises address them? 

Bumpy Road
Our survey shows that cloud security issues typically begin when enterprises start the process of migrating applications to public clouds: 44% of respondents say they had difficulties in managing security policies in the cloud after migration, and 30% report their applications didn't work at all post-migration. Fewer than one in five say they'd had no problems during the migration process.

This isn't surprising: migration is complex and error-prone, requiring detailed preparation if it's to be done smoothly without compromising security or compliance. 

Before starting any migration process, have a detailed map of the connectivity flows for the application that you plan to move. Making this map isn't easy. There's usually little or no documentation on existing application connectivity, and it can take weeks to gather all the information, understand the connectivity that's needed, and then migrate and update every rule and access control list for each security device to the new environment. 

It takes just one mistake in this process to cause an outage or to create security holes or compliance violations — which is why most enterprises have problems during migration.

Poor Visibility Affects Security
Even after successfully navigating problems encountered during migration, enterprises find new security challenges. Nearly two-thirds of survey respondents say the greatest obstacle they faced when trying to manage their hybrid environments was a lack of visibility into security and managing security policies consistently. Other problems were demonstrating compliance with relevant industry regulations, and managing a mix of firewalls consistently across their hybrid networks. 

A key reason for these problems is that organizations are using a range of different security controls to protect their environments: 58% of survey respondents say they used the public cloud provider's native controls, while 44% say they also use third-party firewalls deployed in their cloud environment.

This leads to fragmented security management processes: 20% of enterprises are using manual processes to manage their security devices, and 26% say they use cloud-native tools. Nearly half of enterprises are working with multiple, different security controls separately — adding complexity, duplication of effort, and management overhead to their security processes. 

How can enterprises address these challenges to make migrations and security management across hybrid clouds environments more automated and consistent? Here are the five key steps:

  1. Get clear visibility into all your networks. A lack of visibility in the cloud is the biggest security challenge cited by our survey respondents. As such, the first step is to gain visibility across not just the different environments but also across the security controls that exist both on-premises and in the cloud.
  2. Use single-console management. With organizations using a mix of their cloud providers' own security controls as well as host-based and on-premises firewalls, managing policies consistently is a huge challenge. The ability to manage all of these diverse security controls from a single console, using a single set of commands and syntax, enables security policies to be applied consistently and avoids duplication of effort and error-prone manual processes. 
  3. Automate security processes. Managing security policies consistently across their hybrid environment isbthe second-biggest security challenge cited in our survey. Alongside visibility, security automation is fundamental to managing a hybrid network environment efficiently, and orchestrating change processes across a complex mix of security controls. Companies that used automation benefited from speed and accuracy when managing security changes across their environments, accelerated cloud migrations, and were better able to enforce and audit regulatory compliance. It also helped these organizations overcome staffing limitations.
  4. Map apps before you migrate. To streamline the migration process, enterprises need to map all their existing applications, connectivity flows, and dependencies before the migration starts. With this set of application maps, connectivity flows in the cloud can be easily defined and all the underlying security policies can be adjusted to support the infrastructure and security devices used in the cloud.
  5. Tie cyberattacks to business processes for faster mitigation. Cyberattacks are one of the greatest concerns survey respondents cite for organizations running applications in the cloud. Policy management solutions that integrate with SIEM tools help address this challenge. Threats such as malware can be covertly active for months on enterprise networks, moving laterally from on-premises to the cloud or vice versa. When a threat is detected by the SIEM solution, a policy management solution can identify all the applications and servers it affects (or potentially affects) and map the lateral movement of the attack. A policy management solution can then mitigate the threat's risk by isolating any affected servers or devices from the network.

These five steps to improve security visibility and standardize and automate security management across a hybrid environment will help enterprises achieve a smoother, faster, and safer hybrid cloud journey. 

Related Content:

Avishai Wool co-founded AlgoSec in 2004 and has served as its CTO since its inception. Prior to co-founding AlgoSec, he co-founded Lumeta Corporation in 2000 as a spin-out of Bell Labs, and was its Chief Scientist until 2002. At Lumeta, Dr. Wool was responsible for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Symantec Intros USB Scanning Tool for ICS Operators
Jai Vijayan, Freelance writer,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10008
PUBLISHED: 2018-12-10
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended...
CVE-2018-10008
PUBLISHED: 2018-12-10
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace br...
CVE-2018-10008
PUBLISHED: 2018-12-10
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jen...
CVE-2018-10008
PUBLISHED: 2018-12-10
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
CVE-2018-10008
PUBLISHED: 2018-12-10
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy san...