The move to the public cloud is the biggest computing paradigm to unfold since the internet boom first exploded. Driving this growth are greater agility and scalability, higher performance, and faster access to innovative technologies.
Hence organisations should know two fundamental facts about public cloud. Firstly, you’re essentially renting someone else’s computers – a set of virtualised resources that you control but operate on a system owned by someone else. And secondly, it is an extension of your network and protecting your applications and data in it is actually your responsibility.
So a good rule of thumb is to secure your applications and data in the public cloud as if they were on-premise. Don’t risk your security with inconsistent protection. Consider these 10 recommendations to protect from a multitude of ever-evolving security threats:
1. Embrace the Shared Security Model
Public cloud providers make it clear security is a shared responsibility. The provider is responsible for ensuring the platform is always on, available and up to date. The fact the customer is responsible for protecting their own applications and data running within it, often gets lost. They assume the provider’s global data centre infrastructure is more secure than their own.
2. Engage With Business Groups and DevOps Early
Public cloud projects are frequently driven by business groups such as DevOps. But security and DevOps should work in tandem to understand the scope and ensure the architecture of the application deployments meet business development need while mitigating security risks.
3. Know Your Potential Exposure
Employees doing what is “right for the business” may create security holes if the environment is not configured properly. Therefore, it’s imperative to know who in your organisation is using the public cloud and to ensure the environment is monitored and configured correctly. You should consider two-factor authentication and a lock down of SSH access.
4. Understand the Attacker
Attackers leverage automation to find potential targets within minutes. Once identified, they look for weaknesses, checking default passwords and probing for SSH misconfigurations. Public cloud resources are widely exposed. This is unlike private data centres, where there’s less concern about public exposure.
5. Evaluate Your Security Options
There are various options to choose from when moving to the public cloud, most of which are similar to those for physical networks:
- Native Public Cloud Security: service providers offer native security services including security groups and web application firewalls.
- Point Products: one of the more common approaches to security uses a host-based point product to detect and prevent threats.
- Do-It-Yourself Security: some organisations choose a DIY approach to securing public cloud workloads, using scripting and visibility tools to protect deployments.
- In-Line Virtualised Appliances: an in-line virtualised appliance, such as a virtualised next-generation firewall, provides a foundation to gain visibility into all traffic in your deployment.
6. Knowledge Is Power
In public cloud security, this begins with safely enabling all traffic traversing your environment, spanning mobile, network and cloud. By utilising a virtualised next-generation firewall as part of a natively integrated, comprehensive security platform, organisations gain necessary insight into identity and characteristics so they can make informed policy decisions to protect applications and data.
7. Believe in Prevention
Prevention of cyberattacks in the public cloud requires key capabilities. Complete visibility of all applications and their alignment to business need to reduce the attack surface. Application-specific threat prevention policies to permitted application flows to prevent known threats. Furthermore, prevention mechanisms that gather and analysis information from unknown threats and use it to continually improve prevention capabilities.
8. Take a Cloud-Centric Approach
To take full advantage of the cloud, recommended best practices include applying the concepts of the data centre to your deployment – rather than traditional constructs – to achieve high availability and scalability.
9. Use Automation to Eliminate Bottlenecks
When security best practice change control is followed, the delay may induce friction, slowing deployments or weakening security. By automating security in the public cloud, organisations can eliminate security-induced “friction” and take advantage of the flexibility and agility benefits offered.
10. Enforce Policy Consistency Through Centralised Management
Controlling your distributed network of firewalls from one central location and applying a single, consistent security rule base from the network to the public cloud is critical to maintaining security functionality and efficiency.
As organisations look to achieve more efficient time to market and continue carving a competitive edge they must involve security teams in the process. Consequently, the goal is to encourage dialogue between the security and business groups to achieve a public cloud architecture and deployment that accommodates both groups’ demands.
Public Cloud Security Recommendations, taken from Palo Alto Networks eGuide.