Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

New Survey Illustrates Real-World Difficulties in Cloud Security

Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.

Cloud security is not as simple as picking up traditional network perimeter appliances and converting them into cloud services, a new study shows. But security may ultimately be better for the change.

Barracuda Networks surveyed 608 participants from organizations around the world. A majority (57%) say that their on-premises security is superior to cloud security, with the percentage answering that way growing in lock-step with the size of their organization.

That's a problem for many organizations when they begin planning for security in the cloud. 83% say they have concerns about deploying traditional firewalls in the cloud, with 39% naming "pricing and licensing not appropriate for the cloud," and 34% citing "lack of integration prevents cloud automation" as their primary concerns.

The report is based on a survey conducted by Dimensional Research on behalf of Barracuda. 

Tim Jefferson, vice president of public cloud at Barracuda, says these organizations have reason to be concerned. "Companies that are trying to cut and paste into the public cloud are having trouble. Security has always been around the network and a lot of appliances are built around architectures centralized in the data center," he says. "Firewalls tend to scale vertically and that's an anti-pattern for the cloud, where best practice is to keep everything federated and elastic. The tools don't fit."

The bigger issue, Jefferson says, is that many of the tools that companies struggle to place into the cloud aren't really needed for cloud security. "In a public cloud you don't need a lot of those functions," he says. "A next-generation firewall isn't required in the cloud - you don't have to match the user to the function and filter on that because a properly architected cloud application will do that for you."

APIs Over Firewalls

Relying on the cloud applications - and to put a finer point on it, the cloud application APIs with their controls and logging capabilities - allows forward-thinking security professionals to have better security in the cloud than they have in their traditional data center architecture, Jefferson says. According to the report, 74% of respondents cite "Integration with cloud management, monitoring, and automation capabilities" as the most beneficial cloud-specific firewall capability.

Integration is key, but organizations are finding it difficult to fully integrate cloud security into their DevOps or DevSecOps, with 93% saying they have faced challenges integrating security into those practices. Jefferson is blunt when he talks about the changes needed for organizations to move past the current difficulties: "All the visibility that's so difficult to instrument in the data center is built in with the public cloud. It's all done by API and that can be instrumented to police and monitor security."

He says it all depends on perspective. "It's really the lens you look through," he says. "The traditional enterprise architect has thought of visibility as the instrumentation to see into ports and packets."

But the problem is that public cloud "can't provide span ports and access to layer 2. So they see public cloud and say there's no visibility," he says.

The public cloud, however, provides a better management tool. The management plane of the cloud can allow a security professional to track every interface and every record - every query, every response. The hard part is that the security professionals must re-think the means to the end of infrastructure security.

Security Hurdles

There are two huge hurdles standing between organizations and security in the cloud. The first is a human component that lies between security professionals' ears. "It makes the professional uncomfortable," Jefferson says, referring to security using APIs. "They want the tools they've always used."

The second hurdle may be higher because it involves money. Jefferson says that the traditional licensing model for firewalls and other network security appliances just doesn't work in a cloud environment where best practice is to spin up many federated instances rather than a handful of highly vertical compute centers.

"Now that things are federated and people may want to deploy hundreds of firewalls, vendors can't charge vast sums per license," Jefferson says. If they do, they "end up deploying bad things because they feel they can't afford the licenses."

Ultimately, in order to move security to a point where companies feel that cloud security is on a par with or better than on-premises security, both the deployment model and the licensing structure must be based on what works best for the application - not just what the licenses force a company to do.

Following genuine best practices in the cloud provides better security for an organization than pure on-premise environments, he says.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7029
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
CVE-2020-16170
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.