Multicloud security: Trust nothing!

null

The assumption that the cloud is, by default, more secure than a traditional on-premise environment needs to be put into context. Conventional security models operate on an outdated idea that everything on the inside of an organisation’s network can be trusted and a business only has to focus on the external threats that could be faced. However, given increased sophistication in attacks, and insider threats, new security measures need to be taken to stop them from spreading once inside.

The multicloud landscape

Multicloud environments are extremely powerful. Implementing a multicloud strategy is the most effective way to ensure you get best-of-breed applications and services for your business without compromise. Too many companies make the mistake of assuming that using one recognised, large scale cloud provider will be sufficient for their business needs. However, in an era of cloud computing where the industry is constantly evolving and providing yet more choice than we have ever seen before, this is rarely the case and will likely create more problems than it solves in the medium to long term.

Although the freedom and flexibility of choice is very desirable and should be embraced, the security implications of such an environment must be carefully considered.

Taking advantage of multicloud architecture may require differing skill-sets within an enterprise. For larger companies, this can be comprised of numerous teams all of which have a different opinion on “what good looks like” with regards to general security, authentication and trust boundaries. As the internal human ecosystem gets wider and more convoluted, this can easily lead to gaps and potential entry points for exploits, data loss or reconnaissance. In simple terms, multicloud can widen the potential blast radius of an attack.

Protecting ourselves

There are a variety of ways we can secure our cloud architecture, one of which is to introduce distributed security at the edge of each cloud provider. This limits the potential blast radius should there be a breach, and provides control over isolated issues without disruption to the rest of the network. However, each piece of security needs a unique solution depending on the cloud architecture from each provider and this is expensive to provision and maintain. As a result, many companies are put off by this approach. 

 

A valid alternative is a centralised model. Centralised security simplifies connectivity to cloud and third party providers, enables consolidated logging, and focuses attention on a single security focal point to monitor and maintain. This option, on the outside, looks like a desirable option and one that companies lean towards thanks to its simplified centralised approach. Yet, it must be noted that this ‘all eggs in one basket’ approach requires both better capacity and feature management as well as stronger political controls, which many underestimate the importance of. Furthermore, a centralised model also has the potential to throw up change and process complications which can cause a negative domino effect on the rest of the business if caught unprepared.

Most importantly, it’s vital that we stop seeing firewalls as the answer to everything. Firewalls are positioned as a ‘one-stop-shop’ security measure that can protect companies from any attack. However, high profile attacks such as ‘Wannacry’ and ‘Heartbleed’ would not have been prevented with standard firewalls alone.

Instead, a comprehensive network security should have a much wider range of capabilities that is a mix of software and hardware. Some of which include; keeping all OS (Operating Systems) updated; use UTM (unified threat management) devices; utilising Deep Packet Inspection to examine and manage network traffic; make use of WAF (Web Application Firewall) to filter content of specific web applications; centralising egress to the internet and finally, integration of SIEM (Security Information and Event Management) and SOC (Security Operations) to provide analysis of security alerts within a network to maintain a secure environment, in real time. Having all of these elements within a security system will ensure that businesses are thoroughly prepared for any sort of breach. It is far from being a straightforward process and requires significant investment in time, money and resource, but if carried out and maintained correctly and carefully, it will save huge amounts of all three in return in the long term.

Both centralised and distributed security have unique benefits and downsides, and the multicloud landscape is evolving as quickly as the enterprises who use it. As a result, it can be difficult to implement a security model that is not only effective now, but can grow and adapt to changing needs. In the past, security measures and processes were designed to robustly deal with current or known threats to the business. We have subsequently learned that the ability to preempt and react promptly to new dangers is equally important, particularly in the context of multicloud.

The (potential) solution

An alternative solution involves the creation of cloud zones, in conjunction with centralised routing and multicloud connectivity at the heart of the network. These cloud zones are built within the centralised core, with routing and protection between them. As a result, it establishes an ‘airlock’ between each defined area, isolating problems as they arise whilst avoiding downtime across the network as a whole. This approach protects companies from an attack that could infiltrate the whole company’s network, by isolating problems at the source, businesses can feel more protected should a threat arise.

A centralised, comprehensive set of security measures and processes should be at the heart of a network. To tackle the biggest security challenges, businesses need to step away from the one size fits all attitude and implement a secure multicloud infrastructure. However, this is a challenge in itself and businesses need to establish a flexible, scalable model that addresses and mitigates the security risks they face today, but with one eye on the potential problems of tomorrow.

Neil Briscoe, co-founder and CTO, Cloud Gateway
Image Credit: Melpomene / Shutterstock