In recent years, many cloud architects have proclaimed the death of network security with the adoption of the public cloud. However, cybersecurity remains one of the largest security markets and is an area where every major cloud service provider (CSP) has introduced significant new offerings over the past few years.
It should come as no surprise that networking remains critical to security, even in the cloud.
The network provides a common point of control, giving enterprises leverage to secure everything, regardless of workload/application architecture.
Many businesses moving to the public cloud may believe that network security is redundant. After all, the cloud provider owns the network, so network security is handled by the CSP, but a funny thing happens.
How Cloud Migration Complicates Cybersecurity?
Migrating to the cloud means that the dream of enterprise personnel since the birth of IT has come true, no longer care about the underlying supporting technology (ie infrastructure), and only focus on applications.
Moving workloads to the public cloud has brought this focus to an unprecedented level. Instead of focusing on securing infrastructure, organizations are able to focus on applications/workloads and their functionality and security, patching, locking down access, etc.
But as the cloud grows at an alarming rate, cloud architects are reminded of some truths:
-
Scale can make even simple tasks difficult -- such as patching a vulnerable workload or managing across multiple clouds.
-
Putting defenses in the network was never meant to protect enterprise or data center networks -- it was just the easiest place to put them to protect workloads.
-
Cloud providers protect the network, but they don't care what is running on the network. That's your business.
For cloud and data center security, the network is the common denominator
As organizations move from a few to thousands of workloads, simply patching vulnerabilities becomes difficult in the process.
Recent investigations have shown that vulnerabilities like Log4j can take months to patch, highlighting the need for defenses outside of the application/workload as exploits rapidly evolve and become automated.
Defenses beyond the application/workload can be applied in many ways (compute, network, container), but this need has become front and center for cloud architects.
Although it depends on the application architecture in question, networking has several advantages:
-
It's the only place to put defenses that apply to every application architecture (list), everything touches the network, which means it's the only place to put defenses that are consistent across public cloud-hosted applications and workloads Methods.
-
The network is cost-effective. Many different types of workloads can be served by several execution points. And these enforcement points, in a cloud-native approach, can be managed in much the same way as all cloud infrastructure, automatically and cost-effectively.
How to ensure network security in the cloud?
While CSPs will go to great lengths to secure their networks, that's never been an organization's concern. Most organizations are only concerned with securing workloads and data.
That's why the mission of cybersecurity has changed slightly, it's not about securing the network; it's about securing the network. It's about protecting workloads.
In addition to the revision of the mission, which requires a change in the way it is executed, organizations in the public cloud cannot abide by the security capabilities of using management and operating models derived from the data center.
In other words, virtual appliances designed to secure networks and manage them on an individual basis won't work where they operate around an "everything-as-a-service" design.
Of course, equipment vendors will provide duct tape and zip ties to gain a foothold in cloud environments, but that's not a resilient approach that businesses can rely on.
What modern multi-cloud environments require is an automated, cloud-native capability that enables robust security approaches like zero trust.
With a flurry of announcements from major cloud providers over the last year, it's great to see recognition of the need for cybersecurity in the cloud.
Now, with more and more organizations recognizing this need, the cloud cybersecurity market looks poised for breakout growth in 2023 as more and more organizations continue to evolve on their cloud journey.