We all know that cloud use keeps getting bigger, which puts greater pressure on organizations to beef up their IT security and achieve greater control over this explosive growth.. How big is this growth? According to a leading industry analyst, the public could services market will grow 17 percent in 2016 and reach $208.6 billion, with IT modernization as the top driver.
Organizations are modernizing IT to support the explosive growth of digital business, and this increases the need to use public cloud services more securely. Here are four key cloud security trends related to that challenge and how they impact enterprises.
- Micro-segmentation is Increasing.
Micro-segmentation uses network virtualization to improve security by sharing intelligence between different security functions. This concept applies where individual workloads require specified access rules to other workloads within a logical service. This activity increases network isolation within the deployed components and supports the principle of granting the “least-access” privilege – rather than leaving network access completely wide open.
It means that you should be clearer on how to manage your database server by opening up the database port and specifying that a certain application server is the only one that can reach that port. Or, there may be a particular port that is only accessible from the front-end web server, and it requires a non-standard https port for access. That’s why it’s critical to lock down micro-segments, define the level of granularity required for access, and block all .
- Network Defense Is Becoming More In-Depth
A server’s blueprint should provide a more comprehensive level of detail through firewall-like concepts, which are called network paths. At the service design level, you don’t really know where to find your endpoints. You may have a logical representation of what your servers will look like but lack the endpoint details for those servers. With the cloud, network paths are logical representations of the access rules you choose to allow.
Cloud Lifecycle Management (CLM) from BMC can help you defend your network more effectively. When a service request or fulfillment request is made, CLM will determine the actual server instances that have been deployed and what roles they serve based on the blueprint components used to create them. Then, the solution will determine the right firewalls that need to be created and the specific firewall instances where those rules need to be added. This action is determined based on where those workloads have been deployed.
Morningstar, for example, uses CLM’s blueprint technology from BMC and a graphical service designer to provide standardization and automation in the cloud. The solution enables the company’s staff to create standard patterns that automate design, management and governance of cloud environments.
If you don’t have these capabilities, then you have to depend more on perimeter firewalls, which increases risk. That’s because if someone can compromise an outer perimeter, that person can gain more access to any of the resources inside of the perimeter.
Rendering firewall rules provides greater in-depth access control on standard networks. The world is evolving toward software-defined networking but that objective requires a significant investment in new network infrastructure. With CLM, organizations can take advantage of their existing network hardware to accomplish software-defined networking.
- Organizations are implementing a lifecycle governance approach.
With a governance model and access controls that depend upon the authority of the user, cloud services can be provided with the level of security that gives people access to only what they need to see. This model provides the visibility and transparency to make sure that the organization knows what materials are being distributed across specific public cloud services. It includes determining factors related to access and control, such as what’s their intellectual property and where they put their customer data and sensitive materials.
Governance offers control over blind spots, which can happen when line of business users and developers who have been acting as “lone wolves,” use these public cloud services on their own, leave the company, or transition to another role. In these cases, artifacts may not get cleaned up properly.
With governance, you can create a necessary partnership between IT and lines-of-businesses, where IT recognizes the need to be more flexible and accommodating to business needs. An effective security approach uses CLM to determine who has access to which cloud based on their level of authority. This method utilizes automation that helps prevent organizations from over-stepping their authority and creating “Shadow IT” resources. It provides users a service catalog for standard access to the different cloud services – on premises, and other services such as Amazon Web Services or Azure, for example.
- Data breaches are on the rise.
Security threats continue to be a more serious and problem for enterprises. Just look at the news headlines and you’ll see that breaches are becoming more frequent and the cost to businesses can be huge. Did you also know that 80% of attacks go after a known vulnerability – about 99% of which have had a patch published for more than one year? Hackers are drawn to known vulnerabilities because they’re easy targets.
CLM enables enterprises to maintain continuous compliance because policies for compliance requirements can be automatically applied to a service when it’s provisioned. This allows the solution to perform ongoing automation of patching, along with configuration management and remediation. BMC Threat Director uses analytics and visualization to create actionable remediation plans that allow operators to focus on the biggest threats and critical systems first.
CLM from BMC has been helping enterprises worldwide address these and other cloud security trends and challenges. For more information, watch this personalized demo.
- Standing Out in the Crowd: How SAP Makes Compliance and Security in the Cloud a Competitive Weapon
- The real story behind security breaches: the SecOps Gap
- Security Automation And The SecOps Crisis
- How SecOps Response Service Addresses WannaCry Ransomware
- IT as a Service – The Unified Theory of IT