The Dos and Don’ts of Cloud Security
As an IT consultant with 20 years in the business, Arnaud Cassagne has seen — and been part of — the evolution in IT infrastructure that’s been ongoing since the turn of the century. He’s worked with organizations as they’ve transitioned from reliance on onsite servers to consolidation of infrastructure and services inside their own or third-party data centers. Today, however, he’s more likely to be supporting clients in the cloud — both cloud-native startups and longer-established organizations in the throes of migrating to cloud platforms.
He observes a key difference between the two types of organization. “The cloud-native startups generally have a mature approach to cloud security. They’re skilled at securing and protecting their customer-facing websites, and at detecting and dealing with all sorts of cyberattacks and threats and attacks, including ransomware,” says Cassagne.
Where these organizations sometimes need support, however, is with their own internal security practices. “They’re often set up to be nimble, with flexible and remote working policies and employees bringing their own devices,” he says. “Those devices can pose security risks for the organization, if (as is often the case) they’re not properly secured with endpoint protection (EPP) and endpoint detection and response (EDR) solutions.”
On a journey to the clouds
For more traditional companies, however, the reverse is often true. Internal endpoint and user security tends to be well buttoned down; but they may have more work to do when it comes to securing their public cloud platforms — especially as their migration tends to take place in stages, and there may be significant fragmentation between departments.
“Many organizations start their migration by shifting specific workloads to a single public cloud platform. They run it alongside their existing on-prem, data center or private cloud infrastructure in a hybrid setup,” says Cassagne. Once they become comfortable with the public cloud, the next step often involves adding additional cloud vendors to their IT environment — with the choice of providers generally depending on the applications and services they want to run.
In this multicloud environment, however, they may face challenges around how to best manage security. Naturally, each cloud service provider (CSP) will prefer to sell their own security tools and features (such as web application firewall, WAF) to their customers. The perceived convenience may make this seem like an attractive option; but it will effectively lead to the organization being ‘locked in’ to that CSP.
“Over the longer term, that could bring challenges, such as incompatible security tools in use across cloud architectures, leading to issues when looking to switch applications and workloads between them; as well as ongoing management complexity,” says Cassagne.
Multiple clouds, standardized security tools
Instead of adopting each CSP’s own security tools and features, forward-thinking organizations look to deploy cloud-agnostic, third-party security tools and features across their clouds. Choosing a WAF that’s compatible with multiple cloud-edge platforms, for example, can streamline both WAF management and future application shifts and deployments.
“Going to your CDN provider, such as Lumen, for integrated security solutions like WAF will give you confidence that your solutions are compatible with multiple cloud-edge platforms,” says Cassagne. Lumen works with an ecosystem of security technology vendors, giving customers plenty of choice about the best tools for their particular hybrid or multicloud environment, while avoiding the risk of getting locked in to any one vendor.
Organizations migrating to the cloud will inevitably find they increasingly rely on APIs to integrate systems, services and applications. As well as WAFs, other cloud-edge solutions like bot defenders and web app and API protection (WAAP) are critical to securing the potential vulnerability of APIs, which could otherwise leave organizations wide open to many types of attack.
“Customers are also looking to secure their cloud-based SaaS deployments, many of which have been rolled out during the pandemic to simplify remote user access,” says Cassagne. “To protect against incoming threats and data leakage, some are replacing VPNs and onsite firewalls with cloud access security broker (CASB) solutions, in order to secure web traffic and prevent users accessing non-permitted sites and applications.”
Hackers and cybercriminals show no signs of slowing down development of their tools and techniques. As Cassagne points out, many are well organized gangs for whom cybercrime is a real business. “Organizations need to stay vigilant and look to deploy the most appropriate and capable security solutions available to protect themselves against sophisticated attacks. A standardized or harmonized approach to securing your multicloud or hybrid infrastructure is a critical piece of the puzzle.”
To learn more about Lumen’s modular approach to application security, including the different vendors within the edge application ecosystem, reach out to email@example.com.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2021 Lumen Technologies. All Rights Reserved.