Security

Use modern cloud security best practices

Nastel Technologies®
August 23, 2019

Enterprises still worry about the security of cloud and if migrating will put data at risk. Explore modern methods, technologies and tools that help strengthen cloud environments.

Security – There are mixed opinions about whether the cloud is more secure for many organizations.

The biggest difference between cloud security and traditional on-prem security is the shared responsibility model. Major cloud providers, such as AWS, Microsoft and Google, have made considerable investments to keep up with emerging security threats. They also provide an extensive identity and access management (IAM) infrastructure, but enterprises still need to do their part.

“Just because you’re moving your application to the cloud doesn’t mean you’re shifting your cybersecurity responsibility to the cloud provider,” said Steve Tcherchian, chief product officer for XYPRO Technology, a security software provider.

The same strategy, controls and monitoring need to be deployed to any cloud infrastructure to ensure everything is properly secured. However, it is still the responsibility of the enterprise to ensure cloud security best practices — or it will be just as insecure as not securing an on-premises environment.

“Cloud providers are inherently more secure in several areas,” said Richard Stiennon, chief research analyst at IT-Harvest and author of Secure Cloud Transformation: The CIO’s Journey. These include distributed denial-of-service (DDoS) attacks, easier configuration management, automated security updates on SaaS services, and consolidated security logging and access management.

For example, it’s much harder to conduct DDoS attacks against a server hosted on a cloud network, which often has hundreds of gigabits of capacity available and isn’t easily overwhelmed. Cloud configurations are also more standardized than on-prem configurations — a simplification that makes securing them easier. Stiennon believes the use of new security methodologies, like zero-trust networking, could end opportunistic attacks on the cloud.

In general, Stiennon believes cloud attacks are much less devastating than on-prem attacks. In cloud, attacks are typically limited to one misconfigured service, whereas on-prem attacks can take out entire infrastructures, as recent ransomware attacks have demonstrated. Most of the breaches in cloud reported to date have been improperly secured S3 buckets, which are often found by researchers, not attackers. That said, an exploit of a cloud provider’s back end could expose billions of records, which proves the importance of layered defenses, Stiennon said.

The biggest security issues Stiennon has found were caused by enterprises not taking advantage of cloud providers’ configuration, logging and security tools. Another challenge comes from implementing security piecemeal by hosting part of the infrastructure in the cloud but maintaining critical components in the legacy data center, such as DNS, encryption keys and Active Directory.

Cloud less secure in practice

Despite the security advantages of the public cloud, recent evidence suggests the cloud is actually slightly less secure in practice. A report from security vendor RiskRecon found 60% of organizations had a greater number of severe vulnerabilities in their cloud services than they had in their on-prem systems.Cyberattacks are a crime of opportunity, so applications can be vulnerable regardless of where they reside.Steve Tcherchian Chief product officer, XYPRO Technology

However, the vulnerabilities were not evenly distributed. Enterprises that run workloads on AWS and Microsoft Azure had significantly less critical vulnerabilities in the cloud as they had on premises, according to the report.

Still, the major cloud providers have a lot more work to do to help customers build comprehensive security in the cloud, such as educating users and creating automated testing tools. They also must balance their security concerns against the demand to make their services more powerful and flexible. Nevertheless, cyberattacks are a crime of opportunity, so applications can be vulnerable regardless of where they reside, Tcherchian said.

Access to visibility

Enterprises need a way to see into their environment to keep it secure. The cloud can lower the barriers for enterprises to implement high-end tools, like security dashboards and trend analysis. There are many systems that can provide visibility for in-house enterprise systems, but the integrated nature of cloud-based products makes this easier and relatively cheaper, said Thomas Johnson, chief information security officer at ServerCentral Turing Group.

On-premises systems and infrastructure don’t have the agility of cloud-based systems. For example, an enterprise can spin up technologies, such as AWS Shield Advanced, to get better visibility into attacks in minutes. In contrast, launching new on-prem solutions could consist of either new hardware or, at minimum, spinning up additional VMs to support a new product, Johnson said.

This article originally appeared on searchcloudcomputing.com To read the full article, click here.

Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously.  To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:

  • Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
  • Raw information handling and analytics speed
  • End-to-end business transaction tracking that spans technologies, tiers, and organizations
  • Intuitive, easy-to-use data visualizations and dashboards

If you would like to learn more, click here.

Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT and many more.

 

The Nastel i2M Platform provides:

  • Secure self-service configuration management with auditing for governance & compliance
  • Message management for Application Development, Test, & Support
  • Real-time performance monitoring, alerting, and remediation
  • Business transaction tracking and IT message tracing
  • AIOps and APM
  • Automation for CI/CD DevOps
  • Analytics for root cause analysis & Management Information (MI)
  • Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics

Comments

Write a comment
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment * This field is required!
First name * This field is required!
Email * Please, enter valid email address!
Website

Register to Download

Subscribe

Schedule a Meeting to Learn More

Become an Expert

Schedule a Demo