Cloud security has become critical as organizations expand and deepen their presence in the cloud. According to our 2020 Cloud Security Report, 75% of organizations surveyed were very or extremely concerned about cloud security. Likewise, a recent study by Forrester stated that confidence in cloud security is a major driver for the adoption of more cloud services.
The figure below illustrates the type of multi-layered yet unified cloud security platform organizations should put in place to protect their cloud deployments and ensure a robust cloud security posture.
Figure 1: The Multiple Layers of a Unified Cloud Native Security Platform
It’s always important to remember that cloud security takes place in the context of a shared responsibility model. At the infrastructure level (IaaS), cloud providers are responsible for securing their IT network storage infrastructure resources while users are responsible for protecting data, applications and other assets deployed on it. infrastructure. The tools and services offered by cloud providers to help users meet their part of the shared responsibility model are important parts of any cloud network security solution. However, cloud providers are not security specialists; these cloud provider tools and services must be complemented by partner solutions to ensure enterprise-grade network security.
As shown in Figure 1, a key foundational layer is cloud network security, where organizations must deploy virtual security gateways to provide advanced threat prevention, traffic inspection, and micro-segmentation. These security solutions use multi-layered security technologies including firewall, IPS, application control, DLP, and others.
Here are the ten essential considerations that a business should take into account when choosing their cloud network security platform. They explain how you can ensure that vendor solutions have the capabilities that are important to the success and security of your organization.
1. Advanced threat prevention and deep security
Threat detection is not enough to effectively protect cloud assets in today’s complex cybersecurity landscape. You need real-time, multi-layered threat prevention for known and unknown vulnerabilities (zero day). The solution should provide enhanced security with features such as granular and deep traffic inspection, enhanced threat intelligence, and sandboxing that isolates suspicious traffic until it is validated or blocked. And these advanced capabilities must be deployed on both North-South (in / out) and East-West (lateral) traffic.
2. Without borders
The solution must operate transparently and consistently in the most complex multi-cloud and hybrid (public / private / on-premises) environments. A unified management interface (sometimes referred to as a “single pane”) should provide a single source of truth about cloud network security as well as a centralized command and control console.
3. Granular traffic inspection and control
Look for Next Generation Firewall (NGFW) capabilities, such as fine match granularity that goes beyond basic whitelisting, deep inspection to ensure traffic matches the goals of allowed ports, advanced URL-based filtering and controls not only at the port level but also at the application level.
In order to match the speed and scalability of DevOps, the solution must support high levels of automation, including programmatic command and control of security gateways, seamless integration with CI / CD processes , automated threat response, remediation workflows, and dynamic policy updates that don’t require human intervention.
5. Integration and ease of use
The solution should work well with your organization’s configuration management stack, including support for infrastructure-as-code deployments. In addition, the solution must be deeply integrated with the offerings of cloud providers. In general, your goal should be to streamline operations and promote ease of use by minimizing the number of point security solutions that must be deployed and managed separately.
The solution’s dashboards, logs, and reports must provide end-to-end, actionable visibility into events as they occur. For example, logs and reports should use easy-to-scan cloud object names rather than obscure IP addresses. This visibility is also important for improving forensic analyzes in the event of a violation.
7. Scalable and secure remote access
The solution should secure remote access to the enterprise cloud environment with features such as multi-factor authentication, endpoint compliance scanning, and encryption of data in transit. Remote access must also be able to scale quickly so that during times of disruption such as the COVID-19 pandemic, an unlimited number of remote employees can work productively and safely.
8. Contextual security management
The cloud network security solution must be able to aggregate and correlate information across the environment (public and private clouds as well as on-premises networks) so that security policies can be both consistent and contextual. Changes to network, asset, or security group configurations should be automatically reflected in their relevant security policies.
9. Supplier support and industry recognition
In addition to the features and capabilities of the solution itself, it’s also important to take a close look at the vendor. Is it rated well by independent industry analysts and third-party security testing companies? Can it meet your SLAs? Has he proven himself? Can it provide added value, such as network security consulting services? Can it support your global operations? Is it committed to innovation so that its solution is sustainable? Is its software mature, with few vulnerabilities, and does it provide patches in a timely manner?
10. Total cost of ownership
The total cost of ownership is determined by several factors, all of which should be considered as part of the purchasing process: the flexibility of the licensing model, the extent to which the cloud security platform integrates transparent and leverages existing IT systems, level and breadth of staff required to administer the system, MTTR and vendor uptime SLAs, etc. You want your cloud security platform to streamline operations, optimize workflows, and reduce costs while improving your security posture. The last thing you want is to be surprised at the hidden infrastructure, personnel, and other costs that don’t appear until the system is up and running.
Companies are increasingly migrating to the cloud to meet business demands. These organizations want the ability to control and keep their own data private, protect themselves from cyber threats, and securely connect their cloud to their traditional on-premises network, while maintaining compliance with regulatory mandates. Adopting a cloud network security solution that meets these requirements will help organizations stay protected in an increasingly complex threat environment.
The author is Head, Cloud and Growth Technologies, India and SAARC, Check Point Software Technologies