Rethinking security visibility & control in hybrid clouds
Organizations building out their infrastructure into the cloud, know what the “shared responsibility” for securing on those remote platforms means. Most of that responsibility belongs to the commissioning organization, and not the cloud provider. That is not a cynical point of view. It is simply indicative of the reality: that at a granular level, GCP, AWS et al. cannot be accountable – nor should they be – for security issues emanating from a hosted container, virtual machines (VM), or service. The cloud providers still have the relative luxury of only having to protect their own perimeters. What goes on inside that perimeter is the purview of the tenant.
Assuming that the providers are responsible for the security of the cloud, security for the cloud is a different matter. In many ways, some cybersecurity companies are still playing catch-up from the evaporation of both the perimeter and the purely company-owned endpoint.
There are plenty of dedicated cybersecurity platforms, whether new to the scene or established players, that claim to protect the organization transferring its workloads to the cloud. However, in many cases, the emphasis appears to be on the period of migration, with workload security somehow becoming a post-migration issue that can be circled back to at some nebulous point in the future.
What organizations are often left with are the types of tools that had their roots in the “antivirus age” (think 1992 – 2012) adapted to multi- and hybrid-cloud deployments. Some even struggle with the virtual OS paradigm, with multiple VMs flooding control servers with update requests, notifications, red flags, and so on. The solution to this appears to be for the cybersecurity platform to create pools of resources dedicated to command and control. Unfortunately, that is an expensive way around what is essentially a problem stemming from trying to crowbar older platforms and methodologies into new settings. It is a series of problems that are specially compounded, and where production services are replicated on the same platform(s) to create development or testing sandboxes.
Nevertheless, the advantages of the cloud and the benefits that it brings to business continuity and resilience are overwhelming. The danger is that the savings made can be lost. In addition, the inherent gaps between areas of responsibility, visibility, and control are producing environments where hackers can thrive.
Security platforms that are multi- and hybrid-cloud native can use methods of aggregation specifically designed for their environment. Having a single, per-hypervisor instance, for example, is one way that multiple machines can be protected more efficiently. However, each VM still requires protection, monitoring and the capability to report potential cybersecurity-related problems.
The hypervisor-based SVM (security virtual machine) oversees per-VM agents that are tiny and lightweight in processor cycles and resource use. Instead of agents duplicating security tasks, these are taken care of by the SVM, with intelligent caching helping to eliminate superfluous operations and duplicated data flows. With SVMs always on and always up to date, when VMs spin up, they are immediately protected, instead of leaving gaps between boot and updated protection.
It is important to note that modules like firewall, anti-malware, anti-phishing, behavioral analysis, and Network Threat Protection technologies are critical components. Behavioral analytics for example, allows effective protection against ransomware, exploits – including zero-day attacks, privilege escalation, file-less malware, and unknown threats. Between a “traditional” perimeter-server-client model and a hybrid cloud, the overarching need to harden and protect is the same. It is the delivery method of these tools, in relatively new environments, that is different.
Choosing the right hybrid cloud protection platform is a mainstay of letting the organization deploy where, how, and what it wants to support the business. The promise of the cloud removes the physical constraints on traditional IT infrastructure and helps organizations achieve their goals. It would be a shame if the constraints caused by last decade’s cyber protection platforms impede the ability.
- A year of high-severity attacks and groundbreaking cybersecurity strategies in 2023
- How default probability analytics can make a difference
- SMIC defying US sanctions with 5nm innovation and Huawei alliance
- Nvidia’s CEO, Jensen Huang: AI will take over coding, making learning optional
- Chinese cloud companies in pricing war as Alibaba slashes prices