Asia's Source for Enterprise Network Knowledge

Saturday, May 25th, 2019

Cloud

Key considerations for moving to the cloud generation securely

Public cloud adoption continues to grow globally with many organizations realizing benefits of greater IT efficiency, business agility, scalability and cost savings. However, with the increasing number of cyberattacks and breaches, security remains a key concern.

Barracuda Networks recently sponsored a survey with Vanson Bourne, which revealed that while 35% of the Singaporean respondents already have their infrastructure in the public cloud, only 42% felt totally confident that their organisation’s move to the public cloud was secure. Meanwhile, 96% stated that security concerns restrict their organization’s migration to the public cloud.

It’s worthwhile taking a step back and looking at your cloud security requirements moving forward before continuing to implement the same security tools in an entirely different environment. Find out if the firewall, for example, integrates with the cloud fabric, provides a full-featured API, or if the pricing aligns with current cloud consumption models. Ultimately, it’s about having the right tool for the job.

Consider a different set of tools

Next-generation firewalls are purpose-built for data center architectures (on-premise) where everything is tightly coupled and traffic flows through firewalls that scale vertically. However, public cloud best practices dictate building loosely coupled architectures that scale out horizontally (elastic).

It’s critical to understand the cloud environment that your applications will be deployed in, and the native services that the infrastructure-as-a-service (IaaS) provider offers to achieve security control coverage. Then, you can build in your required controls to leverage the provider’s deployment best practices.

This doesn’t necessarily mean bringing in legacy data center architectures and tools, which tend to be ‘anti-patterns’ in the cloud. Perimeter-based firewall architectures are highly effective in a data center, for example, but can become sources of friction when deployed in the public cloud.

Instead, you should think through the actual security controls you need to cover and use tools that leverage the agility and elasticity of cloud infrastructure — both technically and commercially.

A cloud-generation firewall needs to be tightly integrated into the IaaS management fabric. It must support a license-less commercial model that enables automated deployments that don’t incur licensing costs unless they actually see production traffic.

Confusion about security responsibilities

As we move further into the cloud generation, there’s still confusion about security responsibilities. We’re heading in the right direction, but we still see a lot of organizations that are just getting started in the cloud, so it’s still an important part of the discussion.

All the major cloud providers clearly state the security controls that customers inherit with their platforms; however, when customers move applications to the cloud — the responsibility of securing those applications falls on the customer.

In fact, the Vanson Bourne survey revealed some interesting data related to the shared security model. The majority of the survey respondents believe that public cloud providers are responsible for securing customer data and applications in the cloud, which proves that there’s still a lack of clarity around the subject. It would be beneficial for any organization running workloads in the cloud to have a conversation about security.

Handy hints

Look for third parties that support a wide range of ecosystems with the same or similar solutions. Organizations often end up with multiple cloud providers, as well as having an on-premises (legacy) infrastructure. This can have implications on complexity and overall costs; it's further compounded when third-party solutions such as security are added to the mix.

Consider third parties that offer equivalent licensing options to how you’re licensing your public cloud infrastructure. As organizations weigh licensing options – by usage, per hour, unlimited, etc. – we see customers beginning to understand how they can leverage different ones to gain greater cost controls. This becomes more important when third-party vendors are added to the mix.

Finally, look for vendors who can provide a common management scheme – either in their products or using public cloud security infrastructures – to simplify managing and monitoring ongoing security. Companies deploying the most common security routine – routing branch locations' traffic through a central security solution – generally find these solutions lack scale and cost benefits as their cloud leverage increases. Those that look at distributed security solutions closer to the point of access, such as next-generation firewalls and web application firewalls, reduce those issues but find new ones in managing multiple devices.

Thooi Yean Loon is a Sales Engineer at Barracuda Networks.