The third pillar to actionable cloud security - Network Security (NetSec)
This post is the fifth in a series of eight on the five pillars to actionable cloud security. For the rest of the series, visit the Five Pillars blog page here
Many organizations make the mistake of beginning their cloud security framework discussions around NetSec, as this was traditionally how they secured on-premises infrastructure, since all elements of the network were in-house and under direct IT control. Companies erroneously assume that because they are leveraging a cloud infrastructure, either they will be less secure than when they “owned” all those resources, or that they can simply mirror their on-premises network security controls in the cloud.
Again, the cloud is different. The Shared Security model under which all cloud ecosystems operate inherently guarantees security of the network – but can’t guarantee the security of the companies who are accessing it. Or put another way, organizations using the cloud need to put security measures in place that will ensure they are not the source of threats and compromises.
There is where Firewalls and WAFs in the cloud offer security at a different level. The controls and nomenclature may be the same as on-premises solutions, but the functions they provide are designed to operate in an infrastructure that is inherently fluid and off premises. Because resources are cloud-based, companies often turn to benchmark policies such as CIS Benchmarks that describe cloud-focused policies to detect security policy violations – situations which simply didn’t exist in on-premises infrastructure.
Finally, an actionable NetSec pillar also needs to consider endpoint security – the “edge” of the cloud creates new vulnerabilities and as cloud infrastructures work more seamlessly with endpoints, security at the edge becomes increasingly important. Taken as a whole, this becomes the blueprint for the infrastructure for that organization.
In Azure, the Intelligent Cloud works integrally with the Intelligent Edge – and both need to be secured. Within the Azure infrastructure, the products and services identified here and here need to be considered as part of an organization’s NetSec pillar.
To develop an actionable NetSec pillar, customers must:
- Understand the policies and benchmarks that are appropriate to their business and organizations and the cloud
- Deploy solutions that translate those benchmarks into actionable results, such as firewalls or security monitors that look at the cloud
In the next blog in this series, we’ll dive deeper into the fourth pillar, Data Protection.