The Future of Security is in the Cloud
- 02 December, 2014 13:37
As we wrap up another busy year in high tech, many IT leaders have cloud technology top of mind. The cloud is profoundly transformative, standing out even in a tech landscape crowded with big ideas and disruptive developments. Despite initial hesitation, cloud adoption has grown rapidly and doesn’t show any signs of slowing.
Thanks to the highly publicized data breaches of the last few years, many of the concerns about the cloud center around security. It has become abundantly clear that traditional security approaches are insufficient for modern businesses. As we ride out the stormy convergence of technology trends like the Internet of Things, Big Data, and the cloud, we need more comprehensive security solutions that reduce complexity and allow us to stay agile as we grow and adapt.
The current wave of disruption is changing the entire way in which we think about enterprise security. I foresee five dramatic changes in the security vendor landscape:
- The Internet will essentially become the corporate network perimeter
- Enterprises will favor integrated cloud services vs. on premise point products
- Endpoint and network security technologies will become inextricably intertwined
- We will move from alert-driven to intelligence-driven security
- Cloud security will enable a secure foundation for the Internet of Things (IoT)
1. The Internet Becomes the Corporate Network Perimeter
Just a few years ago, the Chief Information Security Officer (CISO) was focused on defending the network against attack, and attempted to achieve this through an investment in a wide array of disparate on-premise technologies. This was all very well when users, corporate applications and data were behind the corporate firewall. However, those days are long gone.
Today, CISOs are concerned about users connecting from their personal mobile devices, accessing corporate data stored in public cloud applications via public networks. The potential attack surface has expanded from the corporate network perimeter—which was challenging enough to protect—to encompassing a completely unbounded environment of personal devices, public network infrastructure, cloud applications, and service providers. In this scenario, billions of dollars’ worth of existing perimeter security investments now offer little to no value.
A number of emerging security vendors now offer services that deliver a comprehensive layer of protection through the cloud itself—enabling users to be protected regardless of where and how they are connecting to web services and applications. This is a profound shift for three key reasons:
- A cloud security layer eliminates the need for large enterprises to backhaul traffic, which is not only an expensive proposition, but creates a poor end user experience that is hard to enforce.
- Delivering security at the cloud layer enables the consistent enforcement of security policies based on the context of the user’s endpoint device, the network or location from which they are connecting, and the application with which they are ultimately interacting. This approach hands control of corporate data and applications back to the CISO—a critical step in ensuring a strong security posture.
- Delivering security through the cloud provides an unparalleled position of visibility from which to identify and block threats in real time.
Traditional on-premise security solutions have limited visibility beyond their own environment. However, cloud-based services can identify anomalies and attacks in real-time, correlating events across tens of thousands of customers and millions of end users to rapidly detect new threats as they propagate. This enables security teams to respond quickly, shutting down intrusions before they can exact any damage and keeping corporate IP and data secure.
2. Enterprises Will Move Away from On-Premise Point Solutions
Today’s CISO is faced with an overload of point products from a plethora of vendors. These products tend to be difficult, if not impossible, to integrate. This results in severe visibility limitations, and the gaps between products become vulnerabilities. At best, the CISO gets to see individual pieces of the security puzzle—which is tantamount to flying blind through very dangerous territory.
The trend towards cloud-based security services will enable a shift towards true integration. Ultimately, the CISO will continue to demand best of breed solutions for the organization, moving away from today’s piecemeal solutions towards open APIs and integration frameworks that close critical visibility gaps.
3. Endpoint and Network Security Must be Linked
The security industry has traditionally approached endpoint security and network security as completely different product lines that are sold to different buying centers within the enterprise. But in today’s world of sophisticated and rapidly evolving threats, we need to see these two critical security components develop deeper levels of awareness, connectivity and adaptability. The network layer will need to become aware of, and responsive to, endpoint device activity both on-network and off-network.
For example, if a group of laptops in a branch office are suddenly sending traffic to a low-reputation IP address in China, the network will need to immediately adapt—perhaps shutting down access to that IP, or sandboxing traffic from that part of the network for further inspection. My point is that these technologies can no longer afford to exist in isolation. Again, a cloud-based security layer can provide this “connective tissue,” enabling commonality of policy, and correlation of activity and response across the entirety of the stack.
It has been declared that “anti-virus is dead.” The industry has moved on from the legacy signature approaches to malware detection. Next generation solutions will entail a variety of techniques to detect and prevent attacks: anomaly detection, sandboxing, heuristics and the like. The most powerful solutions will be those that create visibility by correlating events, behavior, and traffic across the network and all endpoints.
4. Security Services Will Extract Intelligence, Not Just Generate Alerts
The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security, substantially improving the robustness of the security posture, not to mention the efficiency of the security team.
As the many components of the security infrastructure become responsive to each other, we can begin to extract true intelligence from analyzing inter-related activity across the internal network, endpoint devices, cloud-based applications, and the Internet at large. As these services are delivered through the cloud, we will gain an unprecedented vantage point from which to extract intelligence in real-time across a global footprint of enterprises, end users and infrastructure—something that is simply impossible with today’s organizationally silo’d, event-driven approaches.
5. Cloud Security Essential for the Internet of Things
When we think of the Internet, we typically think of a diverse network enabling users to access information and applications from personal computing devices. However, we are now seeing an explosion in the volume of machine-to-machine interactions occurring across the Internet. Products from home appliances to industrial equipment are rapidly evolving into smart, connected systems that interact with users, with each other, and with other connected services that vastly expand their functionality. This world of internet-connected devices is often referred to as the Internet of Things (IoT).
As billions of devices become interconnected with each other over the public Internet, device and service vendors will need to rapidly re-think their approach to security. Traditional perimeter-based approaches to network security will, by definition, be completely inadequate. Furthermore, many Internet-connected devices have limited processing power, so running sophisticated security applications at the device level is either impossible or prohibitively expensive in terms of performance and/or cost.
The cloud security network described in this article will emerge as the de-facto approach to securing the Internet of Things. Devices will connect and interact through the secure cloud network, enabling policies to be automatically applied and ensuring that communications, devices and services are not compromised by bad actors. The sheer volume of connected devices will present interesting challenges for security vendors. Billions of devices, each engaging in thousands of interactions a day, means there will be trillions of daily events to correlate, analyze and secure. This will require a new breed of security technologies, and likely new security vendors, that have data science and machine learning at the core of their DNA.
Focus on the Future
We find ourselves at a watershed moment. Everything about the way organizations interact with data, devices, applications, and networks is in a constant state of change and advancement. Technology is moving full speed ahead; security products and services have to keep up.
The cloud is essential to meeting this challenge. Integrated, cloud-based security services will play a huge role in realizing the promise of the cloud: reduction in capital costs, risk, complexity, and regulatory headaches; enhanced agility and scalability; and the freedom to focus on the mission critical core of our businesses.
This article is brought to you by Enex TestLab, content directors for CSO Australia.