The cloud argument has been settled and there is no doubt on the minds of the CIO and IT in general that the cloud is now just an extension of one’s infrastructure.
The current debate on the table is the adoption of a multi- or dispersed-cloud approach – and what this means to security.
According to Trend Micro there are some very real security factors that need to be considered when marrying multiple cloud environments to your own physical environment, especially when it comes to management and oversight.
The cornerstone of a multi-cloud strategy is that business and their users benefit from factors that extend better performance and speed, cutting costs and allowing for better resource management, which according to Indi Siriniwasa, vice-president for Trend Micro, Sub-Saharan Africa looks good on paper, but in reality unravels when it comes to security and management – especially when the right tools aren’t in place to bring all of this together.
“The biggest challenge business faces when adopting a multi-cloud strategy is the art of keeping various cloud environments secure, it is an exceptionally involved process as each cloud comes with a different set of security protocols, tools and even policies,” states Siriniwasa. “Now if you factor in multi-tenancy in a cloud the process becomes even more complex for you the user.
“The answer to how one manages all of this is not that different to how you have always approached security. Ensure your policies are in place, then map your cloud framework and architecture, define user access across and within these environments, but then also make security intrinsic to everything you do. The days of bolting on security after the fact are long passed – in today’s world we need to build infrastructure with security, not place security on the infrastructure.”
As the threat landscape evolves, so must the security measures that keep an organisation’s data safe. Legacy security solutions may not provide the right level of security for a complex cloud environment. With intrinsic security you are creating a security fabric and policy that follows your data and systems no matter where they reside.
The existing cloud providers, like AWS, Microsoft Azure and Google, all of whom are according to Siriniwasa partners of Trend Micro, do deliver secure cloud infrastructures and include comprehensive security controls. And while the real benefit of the cloud to business is that it is only responsible for everything above the hypervisor level, it is important to remember that you are still responsible for securing your data, applications and operating systems in the cloud.
Ultimately you have to secure your data and applications before they enter the cloud. Yes it is still important to keep an eye on unusual user log-ins as well as large amounts of data being imported or exported. But it is easier to do this if you deploy security at the hypervisor level in the cloud – which is what Trend Micro does for clients with its Deep Security solution.
“This forms part of what we call a multi-layered approach to security, namely security that goes beyond just the endpoint, right into the heart of the hypervisor and then automates the security health of all of your infrastructure namely clouds, physical infrastructure and virtual environments – and allows an organisation to continue running smoothly without down time,” adds Siriniwasa.
“Ultimately if building a secure environment could be equated to baking a cake, then security needs to be the eggs you put in the recipe. The eggs (security) need to be baked directly into your cloud environment with auto-generated deployment scripts for your configuration management tools. Once this is in place you will not only be able to better secure all aspects of your business, but you will be able to layer your security policies across multiple environments / differing clouds, that you can now monitor and manage from a centralised environment – without having a dashboard, team or security system per cloud,” ends Siriniwasa.