Cybersecurity still seems to be the number one concern when it comes to cloud adoption.
About 85% of enterprises are estimated to have the majority of their workloads on the cloud, be it public, hybrid or multi-cloud platforms by the end of 2020, according to a report. On the other hand, cybersecurity still seems to be the number one concern when it comes to cloud adoption.
So what does cloud adoption mean for security teams when there is an architectural shift that’s going on with hybrid to multi-cloud strategies? Here we look at the challenges on cloud security:
Who Takes Cloud Security Ownership?
Security teams are accountable because your brand is still the one that’s in the newspaper if something goes wrong. You have to have a constant conversation with the cloud services provider regarding handling an incident. Whose job is it to secure the data and applications that are being deployed on the cloud? Businesses are naturally concerned whether SaaS vendors will take ownership of migrating their own workloads to the cloud.
Cloud Security: Protecting Software From Vulnerable APIs
There is also a shift to add software increasingly, and application developers are accessing resources and other cloud services through APIs. So for businesses, one of the single biggest challenges (and priority) is to start moving security more towards the development function by embedding security into DevOps, something called DevSecOps. This can help cybersecurity managers ensure that before they deploy software in the cloud, it is scanned and does not contain software vulnerabilities.
Cloud & Cybersecurity: Containerisation & Microservices Escape Traditional Firewalls
Another thing that is happening fast is the move towards containerisation. As containerised applications are starting to occur at a very rapid pace, experts say the fundamental truth about containers is that traditional cybersecurity tools are blind to security managers. Containers network traffic doesn’t even go through conventional firewalls in many cases.
Containers and microservices are transforming cloud, but when it comes to analysing traffic via firewalls, they are very challenging. The transition from monolithic applications to container-based microservices brings many advantages but also creates new challenges for security teams.
Next-Generation Firewalls (NGFW) were designated to handle the latest threats and data centre architectures but fell short in the cloud microservices evolution as they were designed to act as a gateway for north-south traffic. According to experts, this needs to change, and there is a need to move to container firewalls. A container firewall is a policy-based, declarative network security model used on platforms like Kubernetes to safeguard ingress and egress traffic. Container firewall is built for the cloud-native environment, which can monitor traffic moving in all directions, including through container and non-container network layers.
What About Open Source Software Security On Cloud?
The premise of moving to the cloud has already baked in the premise that businesses will be using an enormous amount of open-source software. The cloud is mostly built on an open-source foundation, notwithstanding licensing challenges back and forth.
The rapid adoption of containers and a lot of development on the cloud is open-source, and cybersecurity managers are not comfortable with that. There are certain open-source technologies that every company uses, but naturally open-source may also raise alarm bells because there are new types of attacks that can spread more quickly via open-source.
On the other hand, there are open source success stories and billion-dollar companies coming out of the space in most segments of technology. So, not using open-source is not an option. Instead, experts say there is a need for a more careful approach to creating rules around how to recognise when attackers can infiltrate or access a company’s network via open-source vulnerabilities. Also, reinventing open-source policies over and over again can make open-source strength to be leveraged rather than something to be worried about.