Best-in-breed cloud security: Catering to all types of cloud

With over 20 years in cybersecurity leading at the forefront of many industry-firsts in the space, Vince Hwang is senior director of products & solutions at Fortinet where he leads adaptive cloud security products and solutions. He’s excited by the possibilities of enabling customers to achieve their desired digital innovations outcomes through cloud journeys. Previously, Vince has held key roles driving product strategy and execution at companies that include Cisco, Sourcefire (now part of Cisco), Symantec, and Trend Micro.

As cloud adoption continues to transform the modern enterprise, organisations consume the cloud differently as they extend the scope and scale of their digital business strategies. They have the option to pick and choose from various hybrid cloud infrastructures and services. But using disparate services and solutions—such as multi-cloud, hybrid environments, software as a service (SaaS) and platform as a service (PaaS), plus various applications and endpoints—introduces implementation, management and security challenges to the cloud computing landscape. And because of the proliferation of multi-cloud, many enterprises maintain heterogeneous cloud environments, with tools and systems from various platforms differing significantly. All of this makes building and managing a consistent security strategy increasingly difficult.

Organisations need to have a security strategy that includes visibility and control across all kinds of cloud infrastructures. This enables them to keep applications and devices secure and connected, from the remote user to the data centre to the cloud. And because each organisation is unique, there are a variety of cloud security options available to meet all of their demands. But beware. Without careful planning, these options can quickly lead to vendor and solution sprawl that introduces another layer of complexity to an already complicated problem.

Application-layer security

The proliferation of BYOD and IoT, especially as workers have become more dispersed and remote, creates a unique level of security complexity at the application level. Business-critical applications, built on a variety of cloud infrastructures, need to adhere to the security policies of an organisation, keeping users, the network, data and workloads all secure. An advanced application-layer security protocol can detect security vulnerabilities before they become a problem. But it not only needs to span the distributed—and evolving—network; it also needs to provide a single source of truth to simplify management and policy enforcement.

Network security

Of course, applications are only part of the equation. Equally important is keeping the network itself secure. Organisations with hybrid cloud infrastructures and multi-cloud environments require secure network connectivity across all locations and endpoints, and even between applications residing within the same cloud or data centre. These cannot operate in isolation.

Security solutions protecting these critical points of interaction need to be able to see each other, share policies and threat intelligence, and participate in a coordinated response to any sort of threat. This, again, can be especially challenging for enterprises faced with skills and resource gaps, particularly when operating remotely from home while attempting to manage multiple cloud instances and networks simultaneously.

Securing the public cloud

Public cloud offers an open system where stored data and critical business applications can be made available to workers, whether local or remote, as well as to the public via the internet. Public, private and hybrid clouds all require consistent security postures to protect users, devices, applications and networks, while high-speed VPN connections protect data. However, public clouds—especially multi-cloud environments—pose a special challenge because each runs its own unique system of rules and protocols. Security policies need to be consistent and enforced across all environments and should be managed with single-pane-of-glass controls.

This means that security solutions deployed on multiple public cloud platforms not only need to function as native solutions but also interoperate in spite of their functional differences. This requires tools designed to operate seamlessly in and across all major public cloud environments, enabling a single, holistic security fabric that can span the most highly distributed and dynamic environments.

Security solutions, and security teams, also need to understand the shared-responsibility model. While needing to trust public cloud providers to protect the network, storage and computing layers, they need to understand—and deploy—security solutions designed to secure anything that they produce, deploy or store in the public cloud. Best-in-breed cloud security solutions incorporate native cloud integrations with all major public cloud providers to ensure privacy and confidentiality.

Hybrid cloud security

Hybrid cloud environments provide for greater flexibility, with a combination of private cloud services, a public cloud and on-premises infrastructure—all orchestrated to work together as seamlessly as possible. However, a hybrid cloud that uses on-premises data centres and public cloud platforms requires rigorous security management.

An effective security solution purpose-built for a hybrid cloud infrastructure should include:

  • Auto-scale capabilities for network security and capacity
  • Centralised management for automatic provisioning
  • Site-to-site VPN connectivity to migrate workloads
  • Segmentation of persistent connections to deliver end-to-end security
  • Full transparency and control for compliance governance

Platform security

Finally, and maybe most importantly, is the implementation of a consistent security platform. Platform security provides the architecture, tools and processes needed to secure an entire cloud computing ecosystem. It provides consistent security and connectivity solutions combined with single-pane-of-glass visibility across the ecosystem, enabling organisations to maintain consistent security policies across the entire infrastructure to effectively manage risk at less cost, while easing the burden on security teams.

Securing all types of clouds

Protecting an organisation’s systems and assets in the cloud should be a primary priority, wherever they reside. Making this possible starts by ensuring that multi-cloud and hybrid networks are able to see and talk to each other for quick detection and resolution of security incidents. Regardless of which combinations of cloud your organisation chooses to consume, security needs to be natively deployed and be able to adapt to and protect all of these environments.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *