Cloud
Choosing a Hybrid Cloud Security Solution 101
Explore helpful tips for choosing the right hybrid cloud security solution to address cybersecurity challenges of today and tomorrow.
The accelerated shift to the cloud was mostly borne out of necessity due to the influx of remote workers and changing customer demands requiring more business agility. According to Forrester, 94% of US enterprise infrastructure decision makers are using at least one type of cloud deployment.
While there is a push to be cloud-native, the reality is that most companies will keep their “crown jewels” or critical systems on private clouds or on-prem, while leveraging public clouds for business operations and customer services.
This article will review key three components to effectively manage hybrid cloud security challenges and what features to look for in security tools.
What is hybrid cloud?
A hybrid cloud is a mixed cloud computing environment that uses a combination private and public clouds as well as on-premises data centres. This differs from multi-cloud wherein an organisation uses multiple public cloud computing and storage services from different vendors.
Although it may seem that managing individual public or private clouds is easier, they still have the same security needs.
To simplify the approach to hybrid cloud management, I’ve outlined three primary security components: administrative, physical and technical, and supply chain security. Let’s take a closer look at how you can effectively manage cyber risk and secure the hybrid cloud across each aspect:
1. Administrative security
This aspect is based around people and processes. It involves risk assessment procedures, data protection policies, disaster recovery plans, and employee training. Two key areas to focus on are:
Establishing new roles and responsibilities
In the hybrid cloud infrastructure, there’s a shift in who’s responsible for what. For example, security is now a shared responsibility when it comes to app development. When everything was on-prem, developers would write apps to fit into the infrastructure, granting security teams more control over what said infrastructure looks like to establish a baseline for security.
Now, developers are not just writing app code, but they’re also defining the infrastructure-as-code (IaC) they’re deploying, which shifts the control more toward developers. Enter: DevOps, or DevSecOps, wherein security is implemented throughout the entire DevOps lifecycle from planning to coding to testing to deployment without slowing down any process.
Strengthening access controls
82% of data breaches involve a human element, according to Verizon. Therefore, strengthening user access controls with a zero-trust architecture is a good strategy. Zero trust follows the approach of “never trust, always verify”, whereby users and devices should only be granted access to apps that they are authorised for and only after their credentials have been verified. Access should be continuously monitored for a change in user or device behaviour, which can then be terminated if the risk surpasses predefined levels.
2. Physical and Technical Security
For on-prem and private clouds, you are still fully responsible for securing your in-house infrastructure. It’s best to follow network security best practises which include physical locks, cameras, ID verification and biometric authentication, etc.
At a high-level, the challenge of implementing effective technical security boils down to a lack of visibility across all your clouds. Companies are oftentimes using multiple clouds; IBM expects that the average enterprise will use 10 clouds by 2023. Thus, an ad-hoc mix of public, private, and on-premises assets make gaining and maintaining full visibility challenging but necessary for effective detection and response. This issue is further compounded by enterprises using disparate point products across different cloud environments.
If you take a point product approach, your visibility will be seriously compromised, leaving your critical systems susceptible to attacks and at higher risk. Don’t panic, you don’t need to rip and replace your entire security stack. A cloud management platform approach backed by third-party integrations that play nicely with your existing security stack provides the comprehensive, real-time visibility needed to secure your hybrid cloud.
3. Supply Chain Security
In DevOps software development, there are many third-party components and tools used to speed up the process and meet market demands. However, utilising said tools creates new attack vectors for cybercriminals. According to a recent survey from Venafi, 82% of respondents said their organisations are vulnerable to cyberattacks targeting software supply chains.
CISA ICT SCRM Essentials recommends six key steps to building an effective supply chain risk management practise:
- Identify: Determine who needs to be involved
- Manage: Develop your supply chain security policies and procedures based on industry standards and best practises, such as those published by NIST
- Assess: Understand your hardware, software, and services that you procure
- Know: Map your supply chain to better understand what component you procure
- Verify: Determine how your organisation will assess the security culture of suppliers
- Evaluate: Establish timeframes and systems for checking supply chain practises against guidelines
Choosing a hybrid cloud security solution
There’s a lot of hype around cloud-only and born in the cloud companies, but the reality is that aside from start-ups, most businesses (of any size) will be hybrid cloud indefinitely. Thus, it’s important to ensure your vendor-of-choice can support both cloud and on-prem solutions via a cybersecurity platform.
Many vendors claim to have a cloud platform, but they’re often just selling you a package of point products for a discounted price. A true cybersecurity platform collects and correlates data across public clouds and on-prem environments, creating a single-pane-of-glass for threat monitoring, detection, and response. Furthermore, a platform should grow with you as your cloud journey evolves in line with business goals.
When evaluating a security platform for better hybrid cloud management, look for the following features:
Cloud-native security
Look for automated cloud security capabilities that can save time while increasing efficiency and meeting compliance:
- Misconfiguration cheques for open Amazon S3 buckets, databases, and network ports
- Runtime monitoring and protection of your cloud workloads
- Automated detection of vulnerabilities within containers, virtual machines (VMs), or serverless functions
- Exposure scanning for CVEs, secrets, sensitive data, and malware
- Infrastructure as code (IaC) scanning
Secure Access Service Edge (SASE)
Supporting a zero-trust strategy, SASE includes capabilities for two discrete areas covering the underlying network infrastructure and the application of the network security as a layer across it. It consists of three core elements: secure web gateway (SWG), cloud application security broker (CASB), and zero trust network access (ZTNA).
CASB solutions address visibility and control issues by sitting between the user and cloud applications, auto-monitoring and assessing risk, and applying security policies through APIs. When integrated with a SWG, which prevents unsecured internet traffic from entering the internal network, it provides more granular protection. CASB can determine if the traffic is risky or malicious, discover traffic flows between users and apps, and implement deeper controls from the SWG if potential risk is detected.
Further integration with ZTNA extends existing SaaS security controls from CASB to private applications. This enables centralised protection across private and public clouds.
Extended Detection and Response (XDR)
XDR goes beyond endpoint detection and response (EDR) by collecting and correlating deep threat activity data across endpoints plus clouds, networks, email, and users. It pulls together all the data to provide only critical alerts as well as a graphical, attack-centric timeline view of a cyberattack. This enables the SOC to drill down into how the user got infected, the first point of entry, how the attack spread, and a host of other helpful data to limit the scope of an attack.
Next steps
To learn more about hybrid cloud management security and cyber risk management, check out the following resources: