In the cloud, traditional approach to defense-in-depth security, starting at the perimeter and moving inside to the host (cloud workload) must be inverted; as we have transitioned from the physical infrastructure world to the virtual infrastructure world (also known as the software-defined everything world). In inverted defense in-depth approach, cloud security needs to start from within the workload (software) and then add context around the workload with other security indicators. By eliminating the constraints of securing physical infrastructure (perimeter and network), companies can gain an innovation and scaling competitive business advantage. They can scale with confidence and maintain real-time visibility at all times. In the traditional on-premise world, innovation and scale were held hostage to engineering, purchasing, installation and testing. Nowadays, scale can happen nearly instantaneously with limited human intervention - it's just incredible.
So what can the workload tell us from a security perspective? Everything! Workload Linux kernel shares everything you need to know about users, files, processes, networks and host behavior - all of those details are made available standard by the kernel. Leveraging those details, in conjunction with behavioral analytics, allows customers to baseline "normal" and then be alerted to anomalies. Process connects? Monitor all inbound and outbound process connects and compare with known black-list IP's which may be indicative of command and control. Vulnerable Software? Collect all workload software packages and compare with known CVE's (Common Vulnerabilities and Exposures). All of this from inside the workload without even having to think about the traditional perimeter and network.
Security is always under pressure to move quicker. You see the cloud as a tremendous advantage for CIOs and CISOs. How so?
It took the industry roughly three decades to evolve on premise data security to the current point of "security instrumentation" and sophistication. What took three decades in on-premise security was replicated at 300 times that rate. Confidence and visibility at scale is available now; less than a decade after the launch of the first public cloud offering from Amazon.
What I spend a lot of time evangelizing is, first and foremost, companies not thinking about embracing cloud right now are going to be at a significant disadvantage over time. Companies forced to purchase the multitude of security point solutions have always been constrained by the physical aspect of buying, engineering, installing, wiring and testing. Moving to the cloud eliminates the historical time and cost constraints. Now CIO's and CISCO's can move a pace whereby they enable business growth and not be seen as an inhibitor to growth.
Security at scale is nothing more than baking cloud native security solutions into the standard configuration management tools designed to support auto-scaling in elastic computing environments; so infrastructure auto-scaling from 100 to 300 servers means that the security "goes along for the ride" and provides the real-time security visibility and protections necessary to scale with confidence. Modern day, cloud native security tech is designed specifically for this - to securely scale with growth. Concerns over Shadow IT are a thing of the past.
Sign up for Computerworld eNewsletters.