Cloud adoption is increasing at a rapid pace as organizations look for new ways to process, store, and distribute information. For many organizations, deploying new cloud services is much easier than requesting a dedicated set of hardware from IT teams. Decentralized cloud adoption means different departments have the ability to source new cloud software or compute resources, or adopt new applications without burdening IT with requests. And because of the heterogeneous nature of this implementation, the use of various cloud providers in one organization is not uncommon.
While each of these use cases provides flexibility for organizations, they also come with risk. Highly distributed resources can be difficult to manage, and the risk of Shadow IT – online resources that store corporate data, but that IT is unaware of – can actually violate data privacy laws. In addition, individual cloud infrastructures and one-off applications expand the organization’s attack surface, introducing the risk of cyberattacks which can affect an entire organization. In other words, when an organization uses multiple applications, the potential for a serious breach is stronger than if a single application was deployed across the entire network.
This risk was the primary focus of a webinar conducted by Fortinet’s Lior Cohen, “Consistent Multi-Cloud Security: Bridging the Gap of Inconsistent Cloud Platforms.” Cohen breaks down strategies to help secure organizations adopting new cloud applications into three main concepts. This three-pillar approach is comprised of:
- A unified set of security capabilities that can be applied consistently across all cloud platforms, resulting in a single, holistic security framework.
- Native integration of each security solution into each cloud platform for maximum flexibility and the assurance of consistent behavior across each environment.
- A single layer of consistent management and automation that spans the distributed network, ensuring that policy can be orchestrated across the entire decentralized and heterogeneous cloud environment.
Addressing the Challenges of Inconsistent Cloud Platforms
The constantly evolving threat landscape has resulted in the need for purpose-built tools designed to address a full range of risks across all network environments, including the cloud. In order to utilize these environments as effectively as possible, IT teams must be confident that there is the same level of security across all cloud platforms, otherwise the entire environment is exposed to the weakest link in the system. Achieving this level of effective cloud security, however, requires organizations to first establish and achieve a standard of visibility and control that enables operational efficiency while streamlining management.
In the webinar, Cohen breaks down seven common cloud security strategies to illustrate how organizations overcome these challenges:
Inside-Out IaaS Security
The benefit of Infrastructure-as-a-Service is that it includes a full suite resources, including hardware, network devices, and connectivity tools, that can all be accessed and managed from the cloud. While the components of this infrastructure are provided and maintained by cloud service providers, it’s up to organizations to protect their own cloud assets. Cohen explains that many customers overcome this challenge by implementing a consistent security policy which applies to IaaS deployments from the inside out – managed at the workload level, the network level, and the API level.
Cloud Services Hub
Organizations usually experience a lack of centralized security management, and therefore, reduced visibility and control – along with an inability to respond in a comprehensive fashion to a security breach – as a result of deploying multiple cloud solutions. By utilizing a shared services hub, however, IT teams are able to leverage the benefits of the cloud, such as elasticity, availability, and scalability, while enabling consistent security across all platforms. Additionally, as Cohen explains, this hub enables combining security capabilities in one location, making it easy to attach different VPC networks by using a VPN connection.
Remote Access VPN
Many organizations make the move to the cloud to enable access to information from anywhere in the world as securely as possible. Unfortunately, traditional remote access VPNs are not always able to meet these demands. By deploying solutions pre-configured with templates designed to enable secure remote access in the cloud, including things like dynamically adjusting the level of encryption used based on context – location of the enduser or IoT device, the data being accessed, etc. – organizations can more effectively leverage the global presence of a cloud infrastructure.
Leveraging public clouds as a supplementary infrastructure for on-premises data centers enables new ways of developing and delivering IT solutions across an organization. These hybrid cloud environments can present challenges, though, such as poor network visibility and complex security management. Securing hybrid cloud environments requires organizations to deploy consistent security policies across all infrastructures to ensure data is protected as it is transferred to and from the cloud, or as it is processed and stored in either environment.
Advanced Application Protection
Introducing new applications to the cloud not only presents additional security risks, but also forces organizations to continually ensure they are meeting compliance requirements. Using previously tested security applications and applying them to the cloud enables organizations to make this move with confidence. Before migrating, organizations should also consider solutions that secure web application APIs, enforce security policies, and detect various types of malware, both old and new.
Security Management from the Cloud
Organizations that employ legacy management tools will inevitably experience incompatibilities, especially when looking to deploy and manage them from the cloud. Leveraging the global availability of global cloud providers to deploy security management across multiple cloud regions will ensure scalability and improve operational efficiency, ultimately reducing cost and risk.
Public Cloud Usage Monitoring and Control
The public cloud has been widely adopted across the globe, yet misconfiguration continues to be a major cause of disruptions and unexpected costs. Overcoming this challenge calls for complete visibility over configuration changes – especially across multiple public cloud infrastructures – through a unified platform that simplifies compliance violation reporting.
Cloud adoption is continuing to rise in popularity due to the benefits this technology provides in terms of elasticity, scalability, and availability. Despite these benefits, organizations must be aware of the risks that can arise as a result of deploying disparate cloud environments. By understanding the challenges associated with the cloud, organizations can properly manage and make the most out of these infrastructures.
Lior Cohen - September 24 2019
Do you want to learn more about this subject, or do you have specific questions? Don't hesitate and reach out! Speak with a solutions expert or architect. Give us a call or leave a message. Our team of Fortinet technical experts are ready for your inquiries.
Senior Director of Products and Solutions for Cloud Security at Fortinet
Fortinet provides top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric.