​Make sure the cloud doesn't fog up your window into network security

The use of cloud-based applications and architectures has rapidly become an everyday occurrence within most enterprises. Yet while they have become comfortable with the idea of cloud architectures, the move to embrace the cloud has also created security blind spots that may – without the right approach – inadvertently create new vulnerabilities in corporate security protections.

These vulnerabilities are an unavoidable risk that arises from a lack of visibility in cloud applications that may be carrying malware or other security issues – but reside well outside of the corporate network perimeter. This makes the cloud a security accident waiting to happen, says Ian Farquhar, security virtual field team lead with Gigamon ANZ.

“The cloud makes our perimeters disappear and reduces our visibility,” he explains. “Yet to understand the challenges in the cloud – and to make sure requirements for corporate security are actually being met – you need to have situational awareness. Without it, you may be in a great deal of danger.”

Getting that visibility, however, isn't always easy: most organisations' security environments are built around perimeter-based models focused on controlling what goes into or comes out of a well-defined corporate network. In the cloud, however, network boundaries are much blurrier – and existing protections can't easily be shunted into cloud environments that are running within an unknown and unseeable third-party environment.

“Threats can live within the cloud that don't come near our security tools,” Farquhar says. “It shouldn't matter where the network traffic is; you should be able to see it. This is why more and more organisations are saying that visibility is a key attribute of the networks that they're building.”

Delivering that visibility in a third-party environment, however, requires new thinking about enterprise security technology – and new tools capable of continually evaluating the threat landscape in those environments.

Gigamon's GigaVUE-CM Visibility Fabric, for one, is loaded into cloud environments as a virtual machine (VM) and, as such, is able to get packet-level visibility of the traffic and applications running in the cloud environment. This information is fed directly back to the GigaSECURE on-premises monitoring environment, plugging the holes in corporate security that the adoption of cloud solutions creates.

By running as a VMware vSphere guest VM, the Gigamon tool builds on widely-used vCenter APIs and can integrate with vMotion so that the visibility capabilities stay with corporate VMs as they are moved around the cloud environment. By providing in-place integration with security tools – like intrusion protection systems, inline malware scanning, intrusion detection systems, forensics tools and email threat detection – the platform has been designed to extend conventional security controls directly into the cloud.

Simply having a network tap in place isn't the only step, however: to attain full visibility of a hybrid cloud and on-premises environments, Farquhar points out, it's important to be able to securely view inside of SSL-encrypted traffic that can just as easily hide malicious traffic as protect legitimate data.

Read more: ​When you can't outspend an attacker what do you do?

“What you have to worry about is the data that's leaving your organisation,” he explains. “SSL decryption allows you to get full access to the plain text of the traffic without disrupting the encryption – but it needs to be deployed properly and appropriately, with proper attention to privacy and compliance.”

Indeed, compliance is ultimately a key goal of cloud-security efforts, which by their very nature introduce potential new confounding factors that must be accounted for in the organisational risk profile.

PCI-DSS controls for financial transactions, for example, require clear visibility of the entire infrastructure dealing with customer information – which makes tools for better cloud visibility a critical addition to the environment. Integration with related tools can further tighten corporate security by offering seamless control over resource access and analytics, such as through Gigamon's recent partnership with RSA.

“By moving your services to a cloud service provider, you haven't lost responsibility for the workload,” Farquhar says. “If you leave it alone, you have lost the visibility you need to properly deal with that responsibility.”

Yet despite the many benefits offered by cloud-visibility tools, it's important to also remember the critical nature of inhouse skills and properly documented business procedures.

“You won't ever get to the point where you can say that your defence is perfect – that's not a rational thing to expect – but there are always new tools being developed,” he adds. “The organisation has the capability to be constantly evaluating new networks and protections.”

“Sensible cloud infrastructure would always have multiple perimeters, and attackers are always going to play around the margins – looking for the way in that you are not watching. But if you can get away from the concept of controls that just block traffic, constant vigilance will lead you to operational security.”

Join the CSO newsletter!

Error: Please check your email address.

Tags Vulnerabilitiescloud-based applicationsIan Farquharcloud architecturesGigamon ANZCSO AustraliaSSL decryptionnetwork securityGigaVUE-VM Visibility Fabric

More about GigamonRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place