Overcoming Cloud Security Challenges With a Pivot Towards Cloud Native Security
Cloud environments are not exempt from security challenges. But did you know that the flexibility of cloud presents an opportunity to tackle these challenges in new and exciting ways?
- Visibility is always the most pressing need for any organization, because as every CISO has said, “if we can’t see it, we can’t stop it.”
- The second challenge is asset management. Because of the dynamic nature of the cloud, this can grow exponentially.
- What about segmentation? How does proper segmentation occur in a multicloud environment with consistent security returns?
- We should also consider tools consolidation and optimization. It’s not just used for cost cutting, but providing the right tools for the right job.
- Lastly, we'll look at shifting left to help DevOps teams become DevSecOps teams, all while embracing automation.
While each subgroup of cloud security faces the same common challenges, the way in which they solve them is unique. Let’s use this lens to briefly explore how the most common security challenges manifest in cloud environments. We've partnered with Palo Alto Networks to solve these challenges.
Visibility in the cloud
According to the article from Palo Alto Networks, “State of Cloud Native Security Report 2020,” visibility is a top challenge for organizations looking to build a comprehensive cloud security strategy. Cloud is increasingly being integrated into cybersecurity practices to keep up with market demand for rapid change and innovation, but if you don’t know what you have, where you have it and how secure it is, you can’t enforce governance policies that keep your cloud compliant with internal and external standards.
Proper visibility will need to be addressed differently by security teams, cloud teams, and application development teams.
It is very difficult to secure what is not visible or known. These teams need to take the lead in advocating for cloud native security platforms (CNSP), which give them visibility across public, private and hybrid clouds. To address this challenge a holistic view of visibility of assets, security controls applied, and not applied need to be made visible for our cloud, app and security operations team to be able to respond effectively.
Once this level of detail is visible these teams are able to use this as an effective tool to gain risk assessments of the usage and data. This also allows for near-real time compliance violations that can be reported and possibly acted upon.
Assets across cloud estate
“94% of organizations use more than 1 cloud platform” — Palo Alto Networks, The State of Cloud Native Security Report 2020
Today’s organizations generally use a multi-cloud platform that cannot provide a wholistic view of cloud services, virtualized servers and micro-services. Given the complexity of the modern cloud enterprise architecture, it’s easy to see why some companies have a hard time answering the three most basic security questions:
- What’s on my network?
- What’s it doing?
- Should it be doing that?
For example, since public cloud providers offer dynamic services that run and then disappear, user identities and access management strategies have become just as important in the cloud as the assets or services running. With the right tools and best practices (e.g., using multiple inventory discovery tools, tagging/labeling, automation, etc.), you can effectively secure assets in the cloud. Only organizations able to contextualize cloud capabilities, coupled with cloud asset inventory, will have the capability to monitor who is accessing data and identify if that data was altered or, worse yet, exfiltrated.
Once you know what assets you have and in what cloud, then proper governance can be applied uniformly. These assets should have the same compliance standards applied for every organizations security teams to enforce predictable controls.
Segmenting cloud native applications
If your organization is like most, you’re planning the migration or expansion of application environments to the public cloud. Hopefully, you’re also planning a concurrent segmentation strategy for your cloud native applications. While enterprise segmentation is critical for any security strategy, it's simply a must for cloud migration and cloud native applications. If segmentation isn’t on your cloud roadmap, it should be. No customer wants to become an easy target for potential threats, and ignoring segmentation is one of the quickest ways to do so.
“Enterprises using the cloud are close to the halfway point in their cloud journey. They now run 46% of their workloads in the cloud and expect to get to 64% in the next 24 months.” — Palo Alto Networks, The State of Cloud Native Security Report 2020
The challenge in segmentation is understanding where network protection is to be applied and adapted for cloud native environments while still enforcing consistent policies across hybrid environments. Cloud applications need to have container-level micro-segmentation, inspecting traffic flow logs and leveraging advanced layer 7 threat protection.
As containers are seeing rapid adoption in cloud native applications, Palo Alto Networks solves this by applying identity-based micro-segmentation. The use of a Layer 4 and Layer 7 distributed firewall is utilized, giving a defense in depth strategy for all organizations deploying containers in the cloud and on-premises. This allows for an implementation of policies based on logical workloads and application identities, rather than traditional dynamic IP address schemes. Using Identity as a segmentation model allows for traffic flows to be modeled and automate the spin up and spin down of container security services if traffic is outside the norm is detected, which will result in automatically killing the container services. As seen below having an effective tool to map about identity relationships between workloads is essential for seeing and enforcing proper access control.
Security professionals often share a similar concern:
“I’ve invested in numerous security solutions, but I'm unsure which are actually solving my business problems and reducing my risk exposure.“
Tool sprawl is a real challenge for IT. Many tools are purchased, yet few are fully implemented. Moreover, security teams often invest in specialized tools that address a single issue without realizing that one, two or even three existing tools within the organization can accomplish the same task.
Cloud is no different. Whether we’re talking native tools from cloud providers or on-premises tools you already own, WWT can help you define, consolidate and optimize the cloud security tools you really need.
If your organization is considering an integrated security architecture, our Cloud Security Tools Rationalization Workshop can help apply existing on-prem tools to your cloud resources, ultimately allowing you to standardize and streamline cloud and on-prem security. For insight into how your move to the cloud will effect existing security tools and defining the right cloud security, schedule a Cloud Security Tools Rationalization Workshop with a WWT security expert today.
Shift left to DevSecOps and embrace automation
“45% of highly prepared companies have embedded security into DevOps processes, and 41% integrate security in at least four stages of the development lifecycle.” — Palo Alto Networks, The State of Cloud Native Security Report 2020
Meet the Application Developers where they are at, don’t force technologies that don’t fit a DevOps model. The application developers and DevOps teams play vital roles in building and deploying cloud-native applications, often operating outside the view of traditional security teams and technologies. This requires security that integrates with developer-led infrastructure and tooling. Cloud-native environments constantly change at tremendous scale. Security teams require automation to secure the growing number of ever-changing micro-services their organizations use.
- Embrace any cloud-native technology you prefer. Future-proof your infrastructure decisions. Choose the right workload for any given application component and know your security platform has you covered.
- Prioritize risks contextually in cloud-native environments. Leverage continuous vulnerability intelligence and risk prioritization across your entire cloud-native infrastructure and throughout the software lifecycle, including real-time connectivity graphs with runtime threat data.
- Automate security at DevOps speed. Empower developers and DevOps teams to deploy as quickly as possible to deliver business value to customers and improve your security outcomes.
Cloud security automation
The great power of the cloud is the ability to truly automate as a building block of your technology choices. This is no different in your cloud security journey. As discussed above, when shifting left into a DevSecOps mindset, automation must be key. So we encourage our fellow security professionals to understand where CNSPs can automate, such as providing automated tasks to remediate a cloud configuration that goes against an organization's compliance.
Prisma Cloud Compute will utilize its machine learning around containers to assess the normal expected behavior of the container services deployed. If there are deviations from the norm, this will automatically build known good behavior by blocking or killing the container. Then a known good image is deployed via the registry. A next step would be to deliver all the forensic information to your organization’s SOAR product for further analysis and ticket creation.
SOAR, or Secure Orchestration and Automation Incident Response, has taken the security industry by storm — enabling standardized, automated and coordinated responses across the security stack in the cloud and on-premises. While there are thousands of daily alerts SOC teams tend to just ignore, SOAR tools can automatically handle and address these alerts, orchestrate a response and also catalogue your service ticket infrastructure so all of these incidents are accounted for properly.
For instance, Palo Alto Networks Cortex XSOAR has the ability to create playbooks that can orchestrate cloud features directly via rich API sets for all public clouds, allowing your SOC teams to build automated compliance and remediate those issues. This will allow the SOC to keep up with the speed of cloud and coordinate the responses to processes across all cloud deployments.
The flexibility of cloud is enabling new ways for organizations to tackle some of the most persistent cybersecurity challenges in the cloud — visibility, asset management, segmentation, tools consolidation and optimization and the shift left to DevSecOps.
WWT is a Palo Alto Networks partner that uses a proven and innovative approach to help our customers discover, evaluate, architect and implement a secure cloud transformation. We leverage solutions like Palo Alto Networks Prisma Cloud as a proven and innovative approach.
Learn more about how we can integrate and deploy Palo Alto Prisma Cloud solutions to help you reduce vulnerabilities, which can set the stage for future innovation. Request a workshop to start the conversation today.