In a recent article which focused on cloud security I presented a comparison between security-as-a-service and traditional style security tooling in the cloud. This installment is a deeper dive into the security as a service (SECaaS) paradigm.
It would seem to me that a natural outgrowth of the cloud computing and 'everything as a service' paradigm that the technology world is undergoing, would be that the tools and services we use to manage and secure our cloud environments also move into an ‘as a service’ mode.
In much the way one would expect, SECaaS works under the principle of a small agent controlled from an external service provider. It is not s
o different conceptually from controlling a number of firewalls (virtual or physical) from an external management console.
Here’s how it works. A security administrator sets the policy for the service in the SECaaS provider cloud, using online management tools, and sets what policy or policies applies to a group of VMs classified by any number of criteria.
Then, the SECaaS services governs the security activity within and around the VM via a lightweight, generic, agent installed within the VM. When a new VM is created out of a template the agent is included in the image.
Finally, the agent executes various security functions according to the direction/policy communicated from within the provider’s cloud environment.
For example, the security administrator creates a segmentation policy that all webserver VMs will only accept traffic on ports 80 and 443. The administrator creates a policy in the SECaaS cloud which is transmitted to the agents on all webserver VMs in the environment. The agent then acts to block and/or allow traffic as per this and other policies that apply to this type of VM.
The advantages of using a SECaaS solution include:
- Increased agility. As the number of VMs expands contracts or moves (between physical facilities, and possibly cloud providers) the security level is maintained. This is because SECaaS agents are generally configured to reach back to the ‘mothership’ on activation.
- Reduced complexity. No need to deploy lots of different security tools into the environment and thereby add complexity.
- Security staff. In 2016, according to ESG Research, 46% of organizations reported a shortage of cyber security skills in their staff. SECaaS solutions can help to increase the skill sets of junior security administrators by providing a single pane of glass view of the security functions within the environment. SECaaS providers are working towards making policy setting tools more intuitive, thus making it easier for a limited size and/or skilled staff to be more effective.
- Consolidated control. Offloading of security policy creation and security management to a consolidated management point, that itself is managed and secured by a trusted external partner. This requires that trust and partnership be present in the relationship with the SECaaS provider.
- Most SECaaS providers offer services that control a limited set of security functions such as identity and access management (IAM), segmentation, threat detection, anti-virus, vulnerability analysis, and compliance checking. Issues can arise when multiple providers are selected for parts of an overall solution. This leaves the VM stuffed with various distinct agents, reintroducing complexity, lowering agility as well as lowering manageability. The solution to this issue is to seek out those few providers that are reaching for a comprehensive approach. For example CloudPassage Halo and TrendMicro AWS Defender provide much more comprehensive solutions than many others.
- Currently no SECaaS services that I have found provide support for serverless or micro-services environments. With the rapid rise in these types of cloud application hosting environments this will become a critical distinguishing factor in an organisation’s decision to use SECaaS technologies. As more providers enter the SECaaS market it is assumed that the needs of these types of environments will be addressed.
As more organisations continue to adopt and move to the public cloud it becomes even more critical to secure those environments, applications and services. SECaaS providers continue to enhance their offerings and continue to add specific security services to their portfolios. As SECaaS matures it becomes an even more viable option for securing enterprise public and hybrid cloud deployments.