As hype goes, cloud technology has had more than its fair share. But the cloud is truly transformative and adoption shows no signs of slowing. Most concerns about the cloud have centred on security and it is clear that traditional approaches are insufficient to protect modern infrastructures and virtual businesses.
And with the convergence of technologies such as the Internet of Things, (IoT), big data and the cloud, we need more comprehensive security solutions that reduce complexity and allow us to stay agile.
The Internet as the network perimeter
CISOs used to focus on defending their networks with disparate on-premise technologies when users, applications and data were behind the corporate firewall – but those days are gone. Today, the attack surface has expanded to encompass personal devices, public network infrastructure, cloud applications and service providers, leaving existing perimeter security investments of little value.
However, emerging security services delivered through the cloud itself are now enabling users to be protected, regardless of where and how they are connecting to web services and applications. This is a profound shift for three key reasons:
A cloud security layer eliminates the need for large enterprises to backhaul traffic, which is expensive and creates a poor end user experience that is hard to enforce.
Delivering security at the cloud layer enables the consistent enforcement of security policies based on the context of the user's endpoint device, network, location and application.
Security through the cloud provides unparalleled visibility to identify and block threats in real time by spotting anomalies and correlating events across millions of end users.
Migration from on-premise point solutions
With a plethora of point products that tend to be difficult or impossible to integrate, visibility is limited and the gaps can become vulnerabilities. Cloud-based security services enable a shift towards true integration with open APIs and integration frameworks that close critical visibility gaps.
Linking endpoint and network security
The security industry has traditionally approached endpoint security and network security as completely different products. But with rapidly evolving threats, we need to see these two critical security components develop deeper levels of awareness, connectivity and adaptability. The network layer will need to become aware of, and responsive to, endpoint device activity both on-network and off-network.
For example, if a group of laptops are sending traffic to a low-reputation IP address, the network will need to adapt immediately – perhaps shutting down access to that IP or sandboxing traffic. A cloud-based security layer can provide the ‘connective tissue,' enabling commonality of policy and correlation of activity and response across the entire stack.
As the industry moves away from legacy signature approaches for malware detection to solutions that harness techniques such as anomaly detection, sandboxing and heuristics, the most powerful will create visibility by correlating events, behaviour and traffic across the network and all endpoints.
Extracting intelligence – not just generating alerts
There has been an avalanche of security events and alerts creating overload chaos. However, the emergence of smart, integrated, cloud-based security services will transform an alert-centric approach to an intelligence-centric approach. As components of the security infrastructure become responsive to each other, we can extract intelligence from analysing inter-related activity. And as these services are delivered through the cloud, we also gain an unprecedented vantage point across a global footprint of enterprises, end users and infrastructures.
New big data services will also emerge to correlate, analyse and extract intelligence, coupled with new data visualisation techniques to assimilate this intelligence and rapidly identify trends, attacks and anomalies.
Cloud security for the IoT
Perimeter-based security was not designed for billions of devices interconnected over the Internet and as many of these devices have limited processing power, running sophisticated security at the device level is either impossible or prohibitively expensive in terms of performance and/or cost.
Securing IoT devices through the secure cloud network enables policies to be automatically applied and ensures that communications, devices and services are not compromised. Furthermore, thousands of interactions a day also means trillions of daily events to correlate, analyse and secure, requiring a new breed of security technologies with data science and machine learning at the core.
Focus on the Future
Technology is moving full speed ahead and security products and services have to keep up. Integrated, cloud-based security services will play a huge role in realising the promise of the cloud, such as reduction in capital costs, risk, complexity and regulatory headaches, enhanced agility and scalability.Contributed by Paul Lipman, CEO, iSheriff