The list of environments—and type of workloads—we (Alert Logic) secure for our customers has grown significantly over the years. As an extension of our customers’ security operations teams, we gather advanced insights into how their security needs evolve as they migrate to new environments. We noticed a significant spike in new or planned deployments to Microsoft Azure as our customers are migrating towards multi-cloud infrastructure deployments—a trend that doesn’t appear to be limited to our own customer base.
Azure was recently named the second-largest cloud provider—right behind AWS—with the fastest quarter over quarter growth among public cloud service providers. Additionally, Gartner recently named Azure a market leader within the Gartner Cloud Infrastructure as a Service Magic Quadrant, with a rapid increase in market share projected over the next few years.
From our perspective, it is clear that organizations are increasingly starting to standardize on two IaaS providers—usually AWS and Azure (in addition to private cloud infrastructures). If you are one of our existing 3,800 customers in this group, you are likely already working with one of our security architects to address your specific security needs in addition to Azure’s Shared Security Model and the AWS Shared Security Model.
If you are not an Alert Logic customer working with one of our security architects here are five things to consider as part of your preparation for securing multi-cloud deployments:
Seek guidance: Implementing an effective security solution entails more than just software deployment. A successful managed security-as-a-service provider should also serve as a partner and subject matter expert in all stages of your security strategy—from discovery and planning, to proper implementation that aligns with the user’s specific requirements.
Prioritize server protection: Advanced targeted threats can by-pass traditional perimeter and signature based security tools. This is a common occurrence, since many organizations use signature-based legacy security tools to protect their cloud workloads. Focus on network traffic isolation, application control, and prevention of east-west vulnerability exploits by visualizing and documenting how application data will flow in order to design a solid workload protection schema.
Make security management user-friendly: Specifically, the user interface, or console. Wherever your workloads reside, and whatever tools you use to secure them, it is important to consolidate everything into a singular view for every protected asset. Switching between interfaces for each environment you secure is not only tedious, it could impact your productivity and leave gaps in your security posture.
Consider compliance from the outset: Many organizations are required to adhere to a set of industry compliance requirements, such as PCI DSS or HIPAA. These standards are typically in line with general security best practices, so it’s in your best interest to discuss these standards with your security vendor during the early stages of the planning process. Make sure to work with the cloud service provider, to ensure you have a comprehensive and clear understanding of how compliance responsibilities will be divided between you and the vendor—be specific!
Think about your internal resources: Security workloads in private or public clouds obviously requires 24x7 security monitoring and that should include much more than “critical alert” notifications. Active monitoring should include: monitoring of underlying security deployments (appliance health, agent health, API connectivity), various levels of security data analysis, threat research and analysis, remediation guidance and a solid Service Level Agreement (SLAs should be included and available to organizations of any size).
Active monitoring is a critical aspect of securing cloud workloads; it requires expertise for various security technologies, advanced networking knowledge, security operations experience and should include real-time access to multiple sources of up-to-date security content. This is the aspect of cloud security that can get expensive and many organizations fail to plan and budget accordingly.
There you go. Five things to consider in the planning stages for securing multi-cloud deployments. Obviously these are all equally applicable to a single cloud deployment, but in our experience these are even more critical when you start expanding beyond that. Notice that I didn’t recommend a specific security software technology—of course you need those ingredients—if you follow these guidelines, those technology requirements will likely be addressed.