Securing everything – even the cloud

Johannesburg, 16 Mar 2020
Read time 4min 50sec
Rudi van Rooyen, Security Engineer, Axiz
Rudi van Rooyen, Security Engineer, Axiz

The cloud's impact has been colossal, particularly in South Africa. Gartner recently noted the country is one of the fastest-growing regions for IT spend, much of it fuelled by cloud-related migrations.

Yet this is not a uniform migration. Workloads, applications and data are being distributed to public cloud platforms, private clouds and on-premises sites. Companies are pursuing cloud's most alluring feature – its dynamism – but that comes at the cost of the security parameter. Strategies such as multi-cloud are taking their place along with other parameter-busting practices such as remote working and supply chain access to company systems.

On the one hand, this is fantastic as IT resources become more dynamic, while costs are driven lower through savings and value. But on the other, doing so vastly increases the attack surface for criminals. As the versatility of the cloud era grows, so do security concerns – and the market is worried about this.

"One of the first things customers always talk about is to ensure they've got the same security controls moving to the cloud as what they have on-premises," said Rudi van Rooyen, Security Engineer at Axiz. "That's a key topic we found more and more in the last few years."

Building security everywhere

The short answer – and good news – is that this can be done. Cloud providers, in particular, have been applying themselves towards collaborating with top vendors to integrate security products into their platforms. It is then the job of providers such as Axiz and their partners to match those features with the customer's security processes.

Once implemented, the result should resemble another concept that has become important in recent years: a single view of the environment. The idea applies to multi-cloud, wherein administrators want a view of all the assets they oversee, no matter where these are located.

Successful multi-cloud management needs a single view. The same applies to security in such environments, says Van Rooyen: "You want a singular platform with a management view that gives you full visibility of your cloud environment, end-point environment, data centre environment, mobile environment, OT environment – it doesn't matter. Everything today is connected, so you want to have visibility of them all at the same level."

This approach makes perfect sense. But it's only recently become viable as vendors and service providers focused more on single-view platform features.

Sweat the little things

Accurate visibility starts with factual and reliable information, which is why assessing your security requirements is the first step. An assessment helps identify the environment's pain points and priorities, such as where it is most likely to be attacked.

Examples of such discoveries aren't limited to weak passwords or where the business' data crown jewels are stored. Van Rooyen points out that something as routine as patching policies can be a serious problem if not managed adequately in a hybrid or multi-cloud environment: "Is the customer more prone to a Web-based attack? Are they more prone to social engineering attacks? Is some of the infrastructure outdated or not running the latest firmware? There are exploits that result from not proper patching."

Security engineers use this information to devise the appropriate approach, such as which technologies are best to improve the security posture. Fortunately, many companies already have some security products in place – these can be used to help create that baseline and suggest further integration opportunities. The approach is applied across the board, including the cloud.

"The security requirements can change depending on where you look, but the result has to be a homogeneous security management layer that covers everything," said Van Rooyen. "Some customers think they are fine because the native security of their cloud provider looks good. But it's often not enough, because the security has to match the customer's requirements, not the cloud provider. Security and security policy should follow the workloads and data wherever they go. That's why you must have an integrated and overarching view of everything."

Gain back time

Creating such visibility also helps introduce another vital component of modern security. Automating security processes is a fantastic way to reduce pressure on security professionals and security costs.

"A lot of the mundane procedures an engineer would have to analyse can be automated. Using machine learning and artificial intelligence essentially cuts off 80% of what the engineer normally looks at. They can focus on the remaining 20%, armed with multiple reference points and metadata to make better and faster decisions."

This last point is significant. Cyber attacks are often prolonged and sophisticated multi-pronged attacks that probe for weaknesses to exploit. The deluge of warning messages notoriously hamstrings security professionals, most of them false positives. Attackers hide in that noise, but a visible, automated and informed environment turns the tables on them.

Sunlight kills infections. Likewise, visibility deters cyber attacks. The rising popularity of the cloud has made such visibility a challenge. But take a leaf from the multi-cloud management trend: if you want to secure everything, create a single view that encompasses them all, and integrate your systems so that security follows your assets.