As cloud adoption accelerates, organizations are increasingly reliant on cloud-based services and infrastructures. Yet, organizations often end up with a heterogeneous set of technologies in use, with disparate security controls in various cloud environments. For businesses to be as agile and adaptive as they need to be, it is critical for the applications they use need to be configured and secured consistently, everywhere they reside.
As it is now, organizations with cloud ecosystems participate in the shared responsibility model. The shared security model consists of two key components: security of the cloud and security in the cloud.
While organizations rely on cloud providers to protect the security “of” the cloud—the storage, network, and compute layers, they own the security “in” the cloud—that includes everything that is built, deployed, or stored in the public cloud.
The challenge here is that each cloud environment has its own standards, requirements, and protocols. Security teams attempting to secure a multi-cloud environment need to not adopt these requirements when securing each cloud instance, but the solutions that they deploy must be flexible enough to support security functionality in a shared model, both within a specific cloud environment and between clouds.
This model can help relieve some of an organization’s operational burdens, as the public provider operates, controls, and manages the components from the host operating system and virtualization layer down to the physical security of the facilities where the service operates.
However, the organization still bears the responsibility of securing other multiple layers of their environments that need consistent, manual protection.
What’s left is a scattered, patchwork approach to cloud security that isn’t sustainable or scalable, and it needs to evolve.
Many companies fail to adequately secure their cloud environments because they don’t understand this shared responsibility model. Public cloud providers generally keep their systems safe, but, again, the cloud customers are fully responsible for protecting the applications they deploy and the data they store in their clouds.
Unlike on-premises applications, which can be protected by controlling access to specific Internet Protocol (IP) addresses, app traffic on the web doesn’t have these security “choke points.”
In the cloud, threat detection needs to shift from the port the traffic flows through to the application content and context of the traffic itself. In order to provide this deeper level of insight, organizations need to make continual, granular adjustments to web-app security policies.
This task done manually is not sustainable, with limited IT resources and the onus of constant app management. These adjustments need to be automated for the fastest, most intelligent results.
How to achieve adaptive cloud security
There are at least five security areas that need to be addressed when building and managing security in the cloud:
- Risk of data loss/compromise
- Regulatory compliance
- Resources/skills gap
- Deployment/setup of cloud (e.g., misconfigurations)
Chief among these risks are misconfiguration-exploiting cyber threats. According to a 2020 Cloud Security Report, the highest ranking threat for 2021 was going to be misconfiguration, with 68% of companies citing this as their biggest concern.1
The lack of visibility and communication between various point solutions invariably leads to greater exposure to risk. A successful attack on a cloud-based environment can possibly impact the entire company, interrupting or ceasing operations, causing the loss of crucial business data, and damaging the organization’s brand reputation.
The Solution: Deploy a Unified Platform Approach To Cover All Clouds
Securing all clouds, cloud networks, applications, and platforms is the security architecture approach that can benefit all organizations, regardless of industry.
Adaptive cloud security platforms make this possible, protecting workloads and business applications both in on-premises data centers as well as in any cloud environment— private, public, multi-cloud, and hybrid models.
This platform approach provides organizations with a consolidated view of their security posture, leveraging a single console for policy management regardless of which cloud infrastructure they have.
Organizations should look for a cloud security platform that is built organically around a common operating system and management framework designed to enable seamless interoperability, full visibility, and real-time communications, as well as automated granular control across the entire infrastructure.
An integrated, unified cybersecurity platform approach with a rich ecosystem built-in to protect the extended digital attack surface provides broad integration and implementation with application programming interfaces (APIs) and third-party apps, automation enabled by artificial intelligence (AI) and machine learning (ML), and the single-pane-of-glass visibility needed for all of the solutions to function cohesively.
Fortinet Adaptive Cloud Security solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. Learn more about the Platform in the video below or by downloading this whitepaper.
1. “The Biggest Cloud Security Challenges in 2021,” Check Point, accessed April 26, 2021.