Security Takes On New Meaning In The Hybrid Environment
By Ryan Davis
Although a shared priority for both on-premise and cloud-focused teams, the conversation around how to secure critical assets in each environment can be quite different — beyond where data lives. A hybrid environment establishes a new landscape where responsibilities are split between cloud service providers (CSPs) and customers, and security is no longer just the job of security operations.
How On-Premise Security And Cloud Security Differ
While the idea of shared responsibility is promoted in cloud-based solutions, what’s not always clear is the dividing line between what falls on the shoulders of CSPs versus customers.
One of the areas where customers tend to falter on their side of the Shared Responsibility Model is in configuration. While service settings may align with guidelines at the time of implementation, chances are these will change over time, whether it’s because of software upgrades or a new piece of hardware. Without central security oversight of these ad-hoc changes, openings appear in the attack surface that make it more vulnerable to threats.
It’s also important to keep in mind that different types of cloud deployment—Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or Software-as-a-Service (SaaS)—involve different areas of focus for your security and development teams.
For example, IaaS services provide customers with the most flexibility and control over cloud instances and hosted applications, but they also require customers to configure firewalls, oversee data, and implement the proper permissions for access control. SaaS-based tools, on the other hand, leave the bulk of security responsibilities with the CSP and ask the customer to manage data and user access alone. Learn more about the shared responsibility model in different deployments in this blog.
Any given enterprise might deploy a complex combination of cloud-based and on-premise solutions, all with varying levels of responsibility placed on the customer. If there’s one takeaway from a discussion of how these models differ, it’s the fact that your security practices must be as agile and dynamic as your environment.
With that said, today’s cybersecurity isn’t about building walls to keep intruders out. Breaches will always happen, and security teams need to be prepared for when they occur and be ready to invest in technologies that allow them to minimize the impact and damages.
In the cloud, security operations teams are frequently limited in terms of control. IT teams and developers can deploy hundreds of workloads to the cloud, but without proper lines of communication between all parties, security operations teams are left in the dark about what has been deployed, and thus how to secure it.
Colloquially, this potential vulnerability is known as shadow IT. Along with the risk of misconfiguration and blind spots in cloud traffic, it’s a major reason why security operations teams must have the tools and data they need to work closely with developers and IT operations teams in order to secure and manage the hybrid attack surface.
Outside of the cloud, security operations and IT operations have begun to break down silos through shared use of network detection and response (NDR) solutions that provide complete visibility inside the network itself. Until this past year, network traffic in the cloud was difficult or impossible to obtain at scale, but now major CSPs including Amazon Web Services and Google Cloud have changed the game.
With virtual network taps now available in the cloud, NDR solutions can provide cloud security and IT operations teams with a scalable source of visibility and real-time threat detection and response. Through this cloud-native approach to hybrid security, customers can usher in a new wave of cross-team collaboration and enable the mindset of cybersecurity as the responsibility of every employee, from developers to cloud security analysts.