Cloud Security Today
Cloud Security Should be Easier
The very subject of cloud security makes a lot of experienced managers/engineers nervous. And it should. That is, if they are not experienced with cloud security, it is possible to really mess it up. Cloud security should be easier than some managers are making it. Like it or not, the reality of the modern computing environment relies on cloud computing.
Organizations require an on-demand, scalable, automated computing environment in order to be competitive. An environment that grants easy access to information and applications, from anywhere on any device. That allows for remote access from a device that is out of your control on a network that may or may not be secure.
Defending the Borderless World
This ‘borderless’ computing environment is one where the edge is no longer defined. Where Infrastructure as a Service (IaaS) sees multiple servers being spun-up and taken down each day as part of a normal course of business. Where Virtual Machines (VMs) are created for a single purpose. And the ease of implementing Software as a Service (SaaS) by non-IT people is alarming. There have been countless examples of unauthorized implementation of SaaS (i.e. – Salesforce, Slack, Box or Docusign).
The cloud is coming one way or another. The potential of the cloud is too large to ignore and organizations are demanding it. We are charged with defending it.
Defending this borderless world means the traditional approach to protecting the entry points, edge and endpoints is not good enough. In today’s reality, more than 80% of your cloud and/or datacenter traffic doesn’t flow north or south. Put another way it doesn’t go through an edge security device. This means there is no visibility. And a lack of visibility allows malware to spread rapidly when it does get in.
But there is good news. As the environment has evolved so has the ways we can protect it. Let’s explore the different types of environments and how to protect them.
Levels of Security in the Cloud
Basic Security Level – SLAs
SaaS Security Level Agreements are improving, but these basic levels are not enough. These SLAs are considered the most basic level of security.
SaaS SLAs call for ‘best-efforts’ on behalf of the provider. At best, most SaaS providers only pass traffic through a basic anti-virus with no advanced protections.
More importantly, the protections provided are also provided to the threat actors. They also have their own subscription that allows them to test their attacks in a live environment.
Advanced SaaS Cloud Security – SaaS API
A much more robust solution is a cloud-native SaaS solution. These solutions monitor your SaaS data through APIs and remediate threats before even reaching the user. For companies that are just beginning to use cloud SaaS for business processes (BPaaS) or productivity suites (O365 or GSuite) this level of security is probably sufficient. It protects any SaaS as a cloud-native solution without hardware installation or latency. And unlike CASBs that only notify, API based solutions can also remediate the traffic without relying on human interactions.
To see a webinar on the Teneo recommended SaaS API solution, click here.
Enterprise Level Cloud Security – Virtual Security (vSEC)
As companies begin to do more of their computing off premises, being able to secure and monitor the cloud data center in the same way they do on premises is more important as ever. When using cloud resources of any kind (private, public or hybrid) monitoring traffic is critical.
When Virtual Machines are created and Virtual Servers are spun up to respond to the business demand so should your security. The elastic nature of vSEC allows for visibility of East West traffic and the ability to scale on demand. The same rules that are applied in your physical data center are easily applied in your virtual datacenter.
When fully deployed, all network traffic is secured and monitored in real time from a single dashboard. It doesn’t matter if it’s a physical datacenter or a virtual one. So that in a borderless world, when a single machine is compromised, it is quarantined before infecting the entire network.
Cloud security is easy if you rely on experienced people. Cloud computing is more and more prevalent as both internal and external customers demand it. With this new reality, the old security solutions are not as effective as we need them to be.
The ‘best-effort’ attempts of the Service Level Agreements are the most basic level of security and relying on SLAs is perilous in today’s world.
For companies that are beginning to use ‘off the shelf’ SaaS services, a security solution that monitors and remediates through API is a best practice.
The modern datacenter transition is well under way to a cloud environment. With this move to virtual machines and server virtualization outside of your physical control, applications can be created and deployed in minutes without any human interaction. How can traditional security and monitoring possibly keep up? vSEC allows for a streamlined way of managing and monitoring the cloud environment in a way that is more secure and more user friendly.
For more information about cloud security, API monitoring, vSEC, or any other cloud security questions, please reach out to your Teneo engineer for assistance.