By Jon Harlow, Product Marketing Manager, Cloud Security, published February 20, 2023

We’re living through an information security revolution, where staying ahead of the bad guys is significant to your company reputation and ultimately its bottom line.

We’ll continue to see dramatic growth in cyber security publicity, not only because the growing level of threat is more sophisticated than in the past, but due to the fact that more vendors, analysts and thought leaders are using the FUD factor (Fear, Uncertainty and Doubt) – driving us to buy more products to protect against new threats with the promise of assurance and peace of mind.

It was a similar pattern buying networking and connectivity back in the day, many found that having the mix of vendors and suppliers was a necessity and not actually a choice, because a wide and diversified portfolio mix was difficult to find.

And for many, finding the right balance of different vendors’ expertise and products, weighted with cost and resilience factors were key in making decisions to buy from multiple network vendors. And for a while these solutions worked, but inevitably as business became larger and more global the growing operational overhead to knit all these individual network pieces together took its toll. Consolidation needed to happen to save time and reduce the escalating cost and operational team overheads. This consolidation was also helped by vendors extending their portfolios with takeovers and mergers to increase product diversity and get that all important organic growth of new customers.

Did we learn much or indeed anything from this process?

Condensing 10 years of development cycles into 18 months.

Many organizations are now going through this same evolution with security, stitching together legacy point solutions and services with integrations, APIs and custom codes. Getting security to cover cloud objects, applications, storage, user groups and spanning networks in all its forms, including the growing mandate for hybrid networks is difficult. The result for security professionals is too much to do and no time to do it in!

On-premises gateways couldn’t cope with the rising growth or agility needed to support the burgeoning work-from-anywhere market (working at home or living at work!). So there became a real need to deploy security directly into the cloud. But having applications, data and networks completely distributed in different clouds means that the new threat perimeter is much wider and demands a new architecture that is expansive enough to cover all areas where you store valuable and sensitive information. And conversely holding onto your private Data Centre is going to cost you money, and can you afford to place your data and assets into the wider cloud environment without better security or expertise?

The million dollar question becomes “how can I get security directly into all the clouds I want to use with complete safety and visibility, with the agility to grow and scale on tight budgets?”

Buying cloud native security from cloud vendors is one convenient and easy way to add security into your cloud migration directly, but these cloud vendors will only protect you within their own cloud domains. So you’ll be back quickly back at buying single services and stitching them together, losing complete situation awareness, visibility and context across them.  And integrating these together with an “over the top operations tool” may prove a stop-gap but it won’t stop holes that will inevitably appear between them. And it’s not going to be the most cost effective route. Convenience will have its price.

Your security management needs to be consolidated into one place with one console. No more back and forth between platforms to have full-spectrum visibility. A single view also means that organizations can present a consistent security policy over multiple platforms with context from the entire cloud. The example below shows how this provides value. With consistent security enforced across the public and private cloud, as well as on-premises in your own offices and Data Centres, so that you’ll be better able to see the full threat landscape and better prepared when something nasty hits.

Fig 1 – Single console view for hybrid, multi-cloud and on premises policy.

Here’s 5 things that may decloud the cloud for you

1. Making sure you have an exacting inventory. Visibility on what you keep in the cloud has got to be built into your migration plans, which may need more tools or expert advice before you start to migrate. Does you cloud security include auto-discovery tools to find all your cloud junk?

2. Secure and reliable cloud environments are built on strong foundations using standardized building blocks. As soon as you “lift and shift” legacy environments to clouds, traditional security solutions like firewalls, IPS will need to be expanded or in some cases replaced with the new cloud-native tools

There are 2 trains of thought on this structure for security

3 pillared approach covering –

  • Cloud Security Posture Management (CSPM) for visibility, remediation and entitlement monitoring
  • Cloud Network Security (CNS) for access control, segmentation, Intra-cloud East/West traffic
  • Cloud Workload Protection Platform (CWPP) of virtual machines, vulnerabilities threat mitigation and CI/CD security for DevOps

Another model that cover this is “4C’s” structure for cloud security. It defines 4 layers to protect, which are Cloud, Cluster, Container and Code. Which of these models you settle on is your own decision, but they provide the framework for comprehensive and unified cloud security.

Cloud Security Architecture Building Blocks
Secure and reliable environment must be built on a
strong basis using standardized building blocks.
And there are two popular models, two approaches to
build cloud-native security architecture.
Source – https://www.checkpoint.com/downloads/products/cloud-native-security-model.pdf

3. It may sound obvious, but you’ll need to add a continuous development loop in your process because cloud is so fluid – changes happen at the click of a mouse and these will have a knock-on effect in regard to your security posture. Automation will help you cope with this, but be careful to “read the tin” and understand what’s included inside.

4. Shift left and solve the problems before they develop – that means involving developers early in the security process to aide preventative technology. Developers do care about security and need agile tools to set security in their process. They do not want to develop insecure code. Give them the right security tools that integrate with their needs and you’ll keep that new code protected. Gone is the reactionary way that security was developed, as a last minute add-on to assets and objects that had already been deployed into the cloud. Cloud transformation programs will fail if they continually open security gaps and vulnerabilities with new software developments.

5. Lastly, remember cloud computing transforms the way we consume and manage data in today’s hyper connected digital world, but it introduces additional threats. Your cloud ecosystem must be secured effectively. According with the Global Cybersecurity Outlook 2022, prepared by the World Economic Forum, digital transformation and changed working habits are the main drivers for improving cyber resilience. But this is contrasted with data that states only about half of business leaders are security focused, many are not building cyber security into their decision making process and most would find it hard to deal with a security incident based on the security skills of their teams. Information security teams, perimeter security teams, network security teams, enterprise architecture teams, cloud architecture teams, business application owners, DevOps, SOC, IR/IH, and GRC cannot operate any longer within independent silos. You’ll need to bring leaders and processes with you, and be prepared to fight for the protection your customers deserve.

Link to the WEF Global Security Outlook Study 2022: https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2022.pdf

Buying Cloud Security

Let’s remember that point earlier – about stitching together pieces of network and building a hybrid connectivity ecosystem that becomes more difficult to unravel as your organization grows. And there becomes a point where it is just untenable, and security is exactly the same. You’ll be looking to find specific solutions to slot into specific parts of your process or organization and of course integrate with what you have. But that single state will change, it’s much easier to secure a very defined security brief given to a moment in time, but keeping those services working and fully integrated or meshed as your business develops is much harder.  Sure, it’s hard to see what’s on the horizon, but how will you ensure these pieces still fit together through that evolution? And what expertise will you need to keep integrating and morphing so that you can keep your fully joined up security context?

Check Point is a pure-play global security business. We specialize in cloud security having all the expertise and skills you’ll need to develop and mature your security posture; and we’re also experts in providing security training. So if you want your own team to possess these skills or if you want to develop your own cloud security operation, we can help with that too.

And that’s an important point here; one size never fits all. Some organizations want managed and curated cloud security approaches and others want to retain their own support process and people. As we see throughout the outsourcing lifecycle, those decisions are as unique as your business, but never just black or white and they consistently change colour depending on influencing external factors. Make sure you take a security partner with you on that journey, one who can support you with a wide portfolio as well as guide you through the labyrinth as those influencing factors change.

Businesses have been trusting Check Point for 30 years, since the development of the stateful firewall. Back then, it was about protecting assets on your premises or data centre, but now our worlds have already or are about to become “cloud shaped”, where security is more important than ever before. So having the best protection has to be table-stakes for business – our own advanced threat prevention with industry-leading block rates for attacks and zero-days is backed with a worldwide advanced monitoring and threat intelligence repository Threat Cloud. This service prevents cyberattacks, both seen and unseen. Our responsibility to our customers centres around prevention, not detection and quarantine. We are renowned for it, blocking cyber-attacks before they get in, so that they don’t affect your brand and reputation. Our many experts and security professionals continue to solve security challenges for governments, corporates and multi-nationals around the world day after day.

That’s just us doing our thing, which means you can continue to do yours, because at Check Point we believe you deserve the best security.

 

You may also like