Why Multi-cloud Security Requires Rethinking Network Defense
The Need to Rethink Security For Our Cloud Applications Has Become Urgent
Companies are utilizing the public cloud as their primary route to market for creating and delivering innovative applications. Striving to gain a competitive advantage, organizations of all sizes and in all vertical sectors now routinely tap into infrastructure as a service, or IaaS, and platform as a service, or PaaS, to become faster and more agile at improving services through applications.
Along the way, companies are working with multiple cloud providers to create innovative new apps with much more speed and agility. This approach is opening up unprecedented paths to engage with remote workers, suppliers, partners and customers. Organizations that are good at this are first to market with useful new tools, supply chain breakthroughs and customer engagement innovations.
There’s no question that IaaS, PaaS and their corollary, DevOps, together have enabled businesses to leapfrog traditional IT processes. We are undergoing a digital transformation of profound scope – and things are just getting started. Companies are beginning to leverage the benefits of being able to innovate with unprecedented agility and scalability; however, to take this revolution to the next level, we must take a fresh approach to how we’re securing our business networks.
Limits to legacy defense
Simply put, clunky security approaches, pieced together from multiple vendors, result in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections. This level of human intervention increases the likelihood for human error, leaving organizations exposed to threats and data breaches. What’s more, security tools that are not built for the cloud significantly limit the agility of development teams.
Cloud collaboration, fueled by an array of dynamic and continually advancing platforms, is complex; and this complexity has introduced myriad new layers of attack vectors. We’ve seen how one small oversight, such as forgetting to change the default credentials when booting up a new cloud-based workload, can leave an organization’s data exposed or allow attackers to leverage resources to mine cryptocurrency.
Clearly the need to rethink security for our cloud apps has become urgent. What’s really needed is an approach that minimizes data loss and downtime, while also contributing to faster application development, thus allowing the business to experience robust growth. It should be possible to keep companies free to mix and match cloud services, and to innovate seamlessly on the fly, while also reducing the attack surface that is readily accessible to malicious parties.
The good news is that the cybersecurity community recognizes this new exposure, and industry leaders are innovating, as well, applying their expertise to prevent successful cyberattacks. It is, indeed, possible to keep companies free to mix and match multiple cloud providers, and to innovate seamlessly on the fly, while also reducing opportunities for attack. Ideally, cloud security should speed application development and business growth, while preventing data loss and business downtime.
This requires three key capabilities: advanced application and data breach prevention, consistent protection across locations and clouds, and frictionless deployment and management. Security delivered through private cloud, public cloud and SaaS security capabilities can work together to eliminate the wide range of cloud risks that can cause breaches.
When you think about it, a different approach to cloud security is inevitable. There’s every reason to drive toward wider use of enterprise-class cloud security capabilities integrated into the cloud app development lifecycle. It’s vital to make cloud security frictionless – for both the development teams and the security teams. This is a linchpin to fulfilling the potential of cloud-centric commerce. We must move toward frictionless security systems, designed to be just as fast and agile as the cloud-based business operations they protect.
Scott Simkin is a Senior Manager in the Cybersecurity group at Palo Alto Networks. He has broad experience across threat research, cloud-based security solutions, and advanced anti-malware products. He is a seasoned speaker on an extensive range of topics, including Advanced Persistent Threats (APTs), presenting at the RSA conference, among others. Prior to joining Palo Alto Networks, Scott spent 5 years at Cisco where he led the creation of the 2013 Annual Security Report amongst other activities in network security and enterprise mobility. Scott is a graduate of the Leavey School of Business at Santa Clara University.