By: Nikhil Taneja, Managing Director -India & SAARC-Radware
There is an important trend in security that looks to cloud-based resources to help mitigate the rise in virulent cyber-security threats. It is driven in part by the same motives spurring a shift in moving applications, computing and storage functions to the cloud; namely cost effectiveness and reduction in infrastructure management complexity. However, the movement to cloud often creates its own infrastructure management challenges. And in the case of security, it can lead to less than ideal architectures for managing the growing array of threats.
Cloud-based security, much like cloud computing in general, is designed to reduce the complexity of virtualization and computing resource management. Cloud-based resources can support the need for organizations to tap into massive levels of capacity and computing power in order to defend against large attacks. It can also be leveraged to align with the ongoing migration of applications into cloud hosting environments.
However, for organizations where strong security is the core requirement, it is also critical to consider the common shortcomings of these clouds-only architectures (both on-demand and always-on models) and understand how to optimize the benefits of cloud and other deployment models. With these two opportunities as a focus, here are two specific security architectures that capitalize on the benefits of cloud-based resources: hybrid attack protection and cloud security supporting application migration.
Hybrid Attack Protection
There is no longer a debate over the ideal security architecture for providing protection from the wide array of threat vectors related to denial of service attacks. Leading analysts agree that the best solution is hybrid attack protection, a combination of on-premise and cloud-based mitigation technology that delivers immediate mitigation of non-volumetric attacks with the availability of additional mitigation resources in the event an attack threatens to saturate the Internet pipe. The market also agrees, with over one-third claiming to have implemented hybrid solutions and over half planning to do so by the
end of this year.
There are many benefits to a hybrid protection model. Primary among them is that it supports a “detect where you can, mitigate where you should” approach that ensures effective attack detection through visibility into all traffic, immediacy of mitigation, and outside volumetric support. However, not all hybrid solutions are created equal.
Organizations should look very closely at the accuracy of detection and attack vectors covered in on-premises technologies. Expertise and capacity of cloud-based resources that defend against large volumetric attacks that require redirection to scrubbing centers should be considered. Single-vendor hybrid solutions that utilize identical technologies and teams for both on-premises and cloud-based protection have many benefits and advantages.
Cloud Security Supporting Application Migration
The migration of applications and computing resources into the cloud is well underway and rapidly accelerating. However, because of legacy business processes; legal, compliance, or resiliency reasons, complications from management and loss of real-time visibility, most businesses will not be able to completely eliminate IT infrastructure and rely solely on the cloud. As a result, organizations may evolve into a hybrid hosting environment, with applications and resources spread across multiple cloud hosting providers.
However, this hybrid hosting environment may create many challenges that security teams need to prepare for:
1. Different operating environments (premise, cloud, hosting, managed, collocated, etc.)
2. Ability to detect threats in one location and react in real time
3. Crafting the right security rules in one location and automate policies throughout the entire IT and application infrastructure regardless if internally owned or operated
4. Orchestrating changes to the affected systems quickly and universally. Making changes manually to all the necessary devices can take some time and be prone to mistakes
Cloud-only application solutions (cloud based WAF) have proven ineffective in supporting an efficient means of managing policies across hybrid hosting environments. Nonetheless, cloud plays a key role in the ideal architecture for these challenges: hybrid cloud WAF protection. These technologies offer a single vendor solution, with fully integrated management and reporting, to protect both cloud-based and on-premise applications. It provides both visibility and control in disaggregated application delivery environments to provide comprehensive detection and mitigation of attacks, as well as simplifying
security policy orchestration and automation. Finally, the most advanced of these solutions enable worldwide mitigation of threats detected in the cloud via signaling to on-premise security devices.
With the increased focus and attention on headline-grabbing volumetric attacks, the focus on outside cloud-based resources for protection is understandable. But organizations need to keep in mind that these types of threats represent only a small percentage of overall attack volume, roughly about 10- 15%. The best strategy for protection from today’s advanced threats is an architecture that effectively leverages cloud-based resources for attacks exceeding internal resources and capacity, balanced with on-premises technology for immediate detection and mitigation of non-volumetric threats.