How is the cloud shaping the modern security architecture? Have we reached the point where it's unpractical not to use it?
Leveraging the cloud is really inevitable. IT organizations are moving infrastructure, applications, and data to the cloud for management benefits, and end user organizations appreciate the benefits of cloud services for more rapid time-to-value.
The cloud brings new issues to IT organizations:
- Change in attack surface. As IT organizations move their applications and their data to public clouds and SaaS, there are new surfaces for hackers to attack.
- Loss of control over devices and networks. As cloud enables anytime / anywhere access, users are accessing their data from devices and networks not controlled by the company.
- Empowerment of end user organizations. The emergence of the cloud has empowered end user organizations (e.g., sales, marketing, HR, support) to deploy applications without IT involvement, dramatically impacting governance issues around security posture.
- Shift in IT resource allocation. Usage of the cloud shifts the burden of hosting servers on premises toward providing adequate network connectivity and traffic prioritization to business critical cloud services. It also requires a shift in allocation from traditional backhauling of data center traffic over private networks towards providing local Internet access from remote offices.
- Ability to provide protection everywhere. Utilizing cloud security services can help protect users wherever they are connected and still provide central IT management and reporting on security posture.
- Ability to terminate connections and analyze threats to block them before they reach the customerís networks or devices.
- Ability to leverage vast amounts of crowd-sourced data in real-time to perform functions such as global Bayesian analysis or polymorphic virus detection that were previously inaccessible to organizations who did not leverage the cloud.
- Ability to provide redundancy during customer site outages.
- Ability to leverage elastic-compute to handle operations that may exceed the processing power of typical endpoint network security devices.
Many technologies benefit from the cloud. One of the most impactful has been cloud-based, real-time threat protection.
The familiar security concept introduced by desktop anti-virus vendors was to collect virus samples from some subset of customers, produce definitions and have endpoints download those definitions on a periodic basis. The relative isolation of every individual attack instance on which to collect data and the periodic nature of updates in the old world created relatively long attack windows for attackers to exploit.
With the adoption of real-time threat protection services that leverage the cloud, real-time lookups themselves can generate data that can be used to make block decisions instantly, thwarting attacks automatically once they are released in the wild. This use of cloud and big data has dramatically reduced the length of attack windows, in many cases changing the economics and targeting of attacks in general.