While shifting some data and applications into the cloud, they’re also opting to retain other resources in a traditional, on-premises data centre. This approach offers significant benefits in terms of flexibility and cost control, but it also creates new challenges for those charged with ensuring IT security.
Security teams that, until now, had been totally focused on on-premises resources will have to fundamentally change their approach because the conversation around how to secure critical assets in each environment can be quite different. Responsibility for security must now be split between the organisation’s security team and the cloud service provider (or providers) selected by the organisation.
Embracing the concept of shared responsibility
While the idea of sharing responsibility for security between an internal team and an external service provider is one that’s easy to grasp quickly, determining exactly where the dividing line is drawn takes more time. Being absolutely clear from the outset about which components of an infrastructure fall into which camp is vital to avoid future problems.
Device and software configuration often becomes a problem area. While security IT measures may be initially effective, changes made over time could cause openings that attackers can exploit. If there is no central security oversight of both on-premises and cloud resources, these vulnerabilities could go unnoticed until it’s too late.
Another area of complexity stems from adopting different cloud services as part of a hybrid infrastructure. Examples include Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Each will be adopted in a different way and bring its own unique security challenges.
This is particularly relevant when you look at the introduction of IaaS into an existing IT environment. While these platforms offer the highest level of flexibility and control for users, they also require significant work to secure. An organisation using an IaaS resource to host applications and data stores will also need to configure firewalls and implement effective access and control measures.
At the same time, adoption of SaaS-based resources will require a different approach from the internal IT security team. While the bulk of security responsibilities will remain with the SaaS provider, the customer will still have to manage aspects such as data and user access.
Shared security responsibilities will become even more complex if an organisation opts to use multiple cloud services to augment their internal systems. Each service will have its own security requirements and lines of demarcation. Even one missed vulnerability could cause significant problems down the track. Security teams need to ensure their approaches are as agile and dynamic as the hybrid infrastructure being created.
A different approach for a different environment
In this evolving world of hybrid cloud infrastructures, ensuring effective security is no longer about constructing walls to keep the bad guys out. Unfortunately, breaches are going to happen, and security teams need to be prepared to quickly and confidently respond.
Because of the complexity of hybrid infrastructures, and the fact that they will continue to change over time, there needs to be clear lines of communication between all parties involved. This will ensure that everyone is on the same page and understands where their responsibilities start and end.
The left hand has to know what the right hand is doing at all times. An organisation’s security team needs to have all the tools and data it requires, and be prepared to work closely with developers and IT operations teams in order to secure and manage the hybrid attack surface.
During the past few years, many organisations have adopted network detection and response (NDR) platforms to help their security teams be as effective as possible. However, while these platforms have worked well when it comes to internal systems, they were often found lacking when cloud resources were added to the mix.
Thankfully, this situation is now changing. Leading cloud service providers such as Google Cloud and Amazon Web Services are making it significantly easier to gain insight into their platforms, thus ensuring NDR will cover activity taking place.
These so-called “virtual network taps” allow NDR platforms to deliver effective IT security by providing a scalable source of packet-level visibility, real-time threat detection, and rapid response. Thanks to this “cloud-native” approach to hybrid IT security, customers can now achieve far better collaboration between their internal teams and those of the cloud providers.
Rather than being a security nightmare for organisations, hybrid cloud infrastructures will thus be able to deliver the advantages of flexibility and reductions in operational costs, and the promises of the cloud will become a reality.
Glen Maloney, ANZ regional sales manager, ExtraHop