The need for increased speed and agility in today’s always-on, always-connected, digital business has led teams to transform the traditional on-premises infrastructure to cloud-native architectures. The rise of DevOps and the use of Platform as a Service (PaaS) & Infrastructure as a Service (IaaS) have been foundational to this change and is now the norm across all industries.
To offer clarity on public cloud security, we invited Andras Cser, VP and Principal Analyst at Forrester, to join Gokul Rajagopalan, our Director of Product Management, and me to discuss security in IaaS and PaaS environments.
The rapid shift to remote work and mass-adoption of cloud security technologies have left organizations and security professionals grappling to secure their cloud data and apps according to their needs–and has rendered users and apps particularly vulnerable to security threats.
"You cannot ignore the cloud. If you do not invest in cloud, you will actually be falling behind your competition,” Andras Cser said. "It looks like every year the big cloud platforms come out with a lot of new infrastructure offerings. The network of offerings typically grows by 10% each year–following this growth is really hard from a security perspective.”
Indeed, with the multitude of cloud services available coupled with the practice of leveraging many cloud solutions at the same time, the difficulty of securing hybrid cloud workloads increases exponentially. Beyond the transition from on-premises to private and public cloud, ensuring additional connectivity has surfaced issues.
Andras shared results from a recent Forrester survey, in which respondents disclosed their top three drivers for securing hybrid cloud environments:
In addition Forrester’s clients were particularly interested in separation of duty (SoD) violations, detection, and enforcement in cloud management environments; preventing and detecting shifts in the configuration of the public cloud platform; and templatization of cloud security.
As a result, Forrester predicts an increased investment in cloud security and IaaS Platform Native Security (IPNS), expanded partnerships with security systems integrators, and greater utilization of cognitive computing and machine learning.
According to Andras, hybrid cloud environments are a must for support for all vendors. Though public cloud native security offers coverage that is inherent, embedded, and integrated, it comes with a caveat: it cannot always cover cross-cloud security.
"If you have multiple different environments and multiple different cloud service providers, then it will be really, really challenging to cover your environments,” Andras shared.
As a consequence, hybrid cloud security has to cover functional use cases such as:
And to address these use cases? Forrester offers the following recommendations:
These recommendations depend on tools that provide deep coverage, complete visibility into your deployments, and a focus on efficiency. Lack of visibility is what nightmares are made of for security teams because any siloed approach for detecting threats in the hybrid cloud leaves you blind to compromised users, accounts, roles and abuse of configurations.
By the end of our discussion, Andras, Gokul, and I shared the same belief that legacy operations and security practices don’t translate well to the public cloud, and new techniques and tools need to be implemented to better secure hybrid environments.
This is why, in addition to our Detect for Office 365 and Detect for Networks, we’ve introduced Detect for Amazon Web Services (AWS)–the first cloud-native, AI-driven solution that uses behavioral models to find and stop attacks targeting the AWS control plane without disrupting operations.
Detect for AWS provides continuous, scalable agentless threat detection, prioritization, investigation, and response to attacks targeting applications running on AWS, as well as users, compute, and storage instances, including the use on AWS of the control plane itself. Detect for AWS works both at runtime and holistically across all AWS regions and does not require packet mirroring.
Detect for AWS allows organizations to confidently migrate, develop, and deploy more applications at scale while minimizing the risk of breaches from security issues introduced at deployment. You see the earliest possible signs of attacks–from reconnaissance to lateral movement through exfiltration–so you can see and stop attacks before they cause damage.
When investigation is needed, Vectra’s patented AI prioritizes security events so you know where to spend time, and you’ll also receive detailed instructions on how to fix any issues. Vectra understands accounts, roles and permissions, which then helps take enforcement actions by locking down the credentials that are used in an attack.
While the move to the cloud has immediate benefits in costs and agility, there is a clear and tangible increase in risk due to poor visibility. The siloed approached to detecting threats in the hybrid cloud world provides you blind to compromised users, accounts, roles, and misconfigurations.
Ideally, you want to have visibility into the creation and changes to accounts as well as how services are being used without relying on agents or static policy rules.