Securing your on-site environment becomes a highly complex challenge if you make use of additional cloud solutions. You're reluctant to write off your existing investments, but at the same time you realise that additional measures must be implemented.
In the days when all your environments were run on-site, your perimeter was nice and simple. You only needed to secure the outer walls and endpoints, and your data and applications were safe. Nowadays, with organisations using more and more cloud solutions, the landscape has transformed dramatically. Suddenly, all kinds of applications and data have migrated off-site and securing your local perimeter alone is not enough.
There is a whole jungle of security solutions on the market and it is vital that you carefully examine which solution will suit you best. In this article, Mohamed El Haddouchi – Director of Solutions & Innovation at Infradata – sets out a number of reference points to help you find your way.
"...clearly define your network architecture for the multicloud environment" - Mohamed El Haddouchi , Director of Solutions and Innovation at Infradata
1. Architecture and security assessment
Firstly, it is essential that you clearly define your network architecture for the multicloud environment. 'Security is a layer that is placed on top of your network, so it's important that you lay firm foundations,' emphasises El Haddouchi. 'The ideal scenario is to design a network that integrates all of your on-site and cloud environments into a single network architecture. We call this a cloud LAN architecture.'
You must then make an inventory of your environments and conduct a security assessment to determine what kind of data you have, where it is stored, what risks are involved, and what security measures are necessary to protect against these risks. 'You can then establish a security framework based on risk profiles. Examine the control measures that you already use and how your current security policy is structured.'
2. Protect investments
'At this point, it is important to protect your existing investments as much as possible, as there's no point simply buying new technologies for the sake of it. Take a good look at what you have and use it as efficiently as possible. To do this, follow three simple steps: make an inventory of what you already have, examine whether it is being optimally used, and then determine how you can get the most out of it.'
Imagine you have a firewall, but it is not being properly managed at the moment or hasn't been patched for some time. 'Before you buy an advanced solution, you should properly set up, manage, and monitor that firewall and properly organise your policy management.'
3. Right solution, right company, right time
Once you've got the basics covered and you know what holes remain in your security architecture, you can seek targeted solutions. 'There are so many providers and tools available. We only draw up a shortlist after conducting a thorough market analysis,' explains El Haddouchi. 'In order to do this, you have to look at what is available and examine the differences by performing thorough market research on each solution based on real-life network cases.' It's also advisable to read the findings of leading market-research agencies such as Gartner and to consult a number of other sources such as your peers.
'Eventually, you end up with a shortlist based on technical and business requirements. However, it's a lot of work and demands specialist knowledge and experience. The most important factor is what is the best or most practical solution for a particular company at a particular time, e.g. for endpoint security, an anti-DDoS solution, a web-application firewall (WAF), or a next-generation firewall. The specific situation within the organisation is always the key factor.'
"With so many solutions on the market, how do you make the right choice for your business? You can't simple try them all out," - Mohamed El Haddouchi, Director Solutions & Innovation at Infradata
4. One-size-fits-all solutions don't exist
Imagine you want to purchase endpoint security. How do you go about it? With so many solutions on the market, how do you make the right choice for your business? 'You simply can't try them all out,' emphasizes El Haddouchi. 'Research agencies such as Gartner or NSS Labs can provide useful insight, but you have to think about how the solution will fit your specific situation.'"You have to know how users normally use particular applications, pick up on any anomalies, and carefully investigate them."
Click to tweet
This makes it extremely difficult for businesses to make the optimum choice. It takes a great deal of time and energy and once you have made a decision, you may sometimes have doubts about whether you made the right one. The most expensive solution or the solution with the best review is not always the right choice for everyone, as different networks require different solutions. You can only create the best solution by examining your specific requirements.
5. Visibility is essential
'It's vitally important to invest in visibility within your security set-up, as you can't protect something that you can't see. For this reason, it's essential that you ensure a high level of visibility for all of your assets, networks, and applications. I've been to companies that didn't always know which applications were running on their network or didn't even have an inventory of systems and software. How can you secure a network like that?'
'You have to consider who or what has access to the network and ensure you know what activities are being conducted at the file, process, and user levels. Detecting anomalies is a key factor in this regard. You have to know how users normally use particular applications, pick up on any anomalies, and carefully investigate them.'
6. Shared responsibility in Cloud Security
According to El Haddouchi, the multicloud world is all about shared responsibility for cloud security. 'When you have multiple suppliers, it is important to share responsibility with your partners and clearly define those areas of responsibility.' Once you start using a particular cloud environment, you have to examine what security measures the cloud provider offers as standard and what measures you have to take yourself.
'Obviously, you bear final responsibility and providers can't do everything for you. However, it is vital that you clearly define these shared responsibility models, as this will stop you from unnecessarily trying to secure everything yourself.'
Security automation is essential nowadays, both to reduce costs and to respond to threats quickly and effectively. 'Once malware gets in via an endpoint, automated security can close off the affected area, and if desired, place it in quarantine. Networks or applications can also be automatically analysed to quickly detect and identify any problems.' As well as telling you which areas have been infected, it also helps you to quickly and efficiently decide which measures to take: an essential advantage in a multicloud environment.
'In the past, you could dig through the log files of your local network to find out what was wrong, now, with three or four additional cloud environments to trawl through, this is not a realistic option. You need overarching automation to detect and respond to threats.'
Mohamed El Haddouchi - 13 July 2018
Mohamed El Haddouchi
Director Solutions & Innovation