Most organisations use cloud in one form or another, and the current environment is characterised by dynamic cloud deployments. This is where workloads are spread across public, private, hybrid, and multi-cloud instances. While this approach delivers significant benefits, it’s essential for organisations to be aware of the unique security requirements around dynamic cloud, according to Wavelink, a Fortinet distributor.
Ilan Rubin, managing director, Wavelink, said, “The more complex an environment becomes, the larger the attack surface that cybercriminals can use to compromise the business. It’s essential for decision-makers to understand exactly what their environment consists of so that they can put adequate security in place to minimise the risk of breaches.”
According to Gartner, between now and 2025, 99 per cent of cloud security failures will be the customer’s fault. (1) This is because the cloud itself is usually secure but the policies around securing data and applications in the cloud aren’t sufficient to protect the user. This is encouraging news for organisations because it demonstrates that it is absolutely possible to tightly secure all of their cloud environments, from private clouds and virtual networks to public clouds and software-as-a-service (SaaS) solutions.
There are four key areas that a comprehensive dynamic cloud security strategy must address:
1. Network security
Cloud environments should be treated as part of the corporate network, not external to it. Therefore, it’s important to choose an integrated security solution that covers next-generation firewall functionality, dynamic intent-based segmentation, VPN, and application control.
2. Application security
Many organisations choose to use the cloud because it means they can provide full access to systems, applications, and data for remote workers. This means distributed workforces can remain consistently productive regardless of location. To address the security risk this creates, it’s important to apply advanced security for web applications.
3. Visibility and control
Adequate security depends on having visibility into and control over everything that’s happening across the network, including in any cloud environment. Organisations need to choose security solutions that deliver elements such as configuration management and monitoring, traffic analysis and tracking, data security, and compliance.
4. Unified management
With most organisations working with limited resources, it’s important to make it as easy and uncomplicated as possible to manage consoles and workflows. Single-pane-of-glass management is ideal, as it can let security teams enforce policies consistently and gain deep visibility into workflows so any issues can be identified and addressed quickly.
Ilan Rubin said, “Moving to the cloud is an important and highly valuable part of any organisation’s digital strategy. Securing a dynamic cloud environment is essential. Solutions must protect the cloud environment from all the different threat vectors and exploits, and this security must be applied consistently throughout the organisation’s entire environment. This way, organisations will be able to leverage the scalability and agility of cloud without compromising security.”