This article was originally published in the Summer 2019 issue of The Record. Subscribe for FREE here to get the next issue delivered directly to your inbox.
In the cloud and in cybersecurity, the sheer speed of development brings many positives – but also some negatives.
The defence positives are clear. Threats are now on a zero-day schedule and you need to be prepared in an instant for the next threat. Quick reaction is key.
The negatives are less clear. Questions like how to make sure your new defences are deployed correctly, how to ensure they work with your existing defences, and how to train your workforce to report back on the latest threat should it hit your organisation, are harder to answer.
The pace of change today means you rarely witness a brand-new technology replacing the previous version. Instead, ‘new’ services usually involve constant improvements to an existing foundation by layering extra features and protection on top of the base solution.
This layered approach is also seen in the world of email security. Entry-level protection is common, familiar and similar across vendors. However, as email threats developed in sophistication, additional layers of protection were added to this original entry-level stack. There is no need to create a totally new master solution that addresses all threats, as the existing layers serve a purpose and additional ones are simply added to address new and more complex threats as they develop.
The same can be seen in cloud security management, where a three-layered approach is developing. The first layer includes the crucial capabilities of security information and event management tools. A lot of this functionality heralds from the previous universe of on-premises security, so while some of the reporting can be almost real-time, it can also lack inside knowledge of the cloud platform and the underlying architecture, requiring professional manual intervention to study the data and apply fixes.
Recently, cloud providers have started to introduce their own solutions. While this can seem like a good idea, those missing out on a layered product approach will end up simply adding more disparate tools into the business. In this cloud world of zero-unemployment and a lack of security talent across the board, how do you know the fixes have been applied correctly or even if all areas are protected? You simply may not have the resources to do it. But this is essential: you need somebody, or something, to watch the watchers. With the appropriate tools, you can prove the accuracy of deployment and give the admins the peace of mind they need to manage the environment.
And that’s the second layer of the stack – a tool that can dig deeper into the planes of the cloud architecture to gather more pertinent data. This tool can interact with the underlying stack if desired, report back to it and even offer independent, automatic remediation of the problems it finds, including compliance, configuration or human errors.
Why is this important? Well, the cloud is different. The architecture is different. The underlying planes have been deployed independently, unlike the traditional datacentre method. The deliberate separation of control, management and data planes allows for the fast performance that started the original cloud message. We now need a tool that can keep up with the pace and streamline the original way in which we diagnose issues in the dispersed configurations.
The third layer is more focused on how to introduce deeper intelligence, utilise machine learning and analyse threat data before it becomes possible to gather data in a more detailed fashion. Basically, a silent voice giving you permission to continue or not.
A management tool which acts as a helping hand for development testing is every developer’s dream. Developers can now query this layer of protection to help with areas such as code creation. For example, once the initial version is deployed, they can run checks to make sure it is safe for the environment while checking for errors, taking guidance on corrections and even implementing the suggestions into the following version. Check again. Build. Check. Fix. Repeat.
Change happens fast in the cloud, but speed is not necessarily the answer when it comes to the next layer of cloud security. Getting the best from the tools available today, and then layering new technology on top that complements the solid foundation, is a way of staying current, knowing you have a helping hand keeping the defensive walls in place, and being able to utilise tools that you don’t necessarily have the internal skills to benefit from.
Chris Hill is regional vice president, Public Cloud International at Barracuda Networks
Share this story