Now though, with organisations leveraging numerous cloud solutions, the situation has changed drastically. Suddenly, you have all kinds of applications and data outside the door so just defending the perimeter is no longer sufficient.
Mohamed El Haddouchi
Of course, there's a whole jungle of security solutions that you can acquire. But you need to be sure about what precisely fits your situation. Mohamed El Haddouchi, Director Solutions & Innovation at Infradata, sets out a number of basic principles that will help to improve your cloud security:
1. Define your network architecture
It's essential that you first properly define your network architecture for the multi-cloud environment, as El Haddouchi says that 'security is always an extra layer on top of this network'.
Having done that, you should carry out an inventory check and make a security assessment to determine what data you have, what risks you face and what security measures are required.
'On the basis of the risk profile you can then define a security framework. Also consider which checks you already have in use and how the security policy is currently structured, says El Haddouchi.
2. Protect your investments
'Another important issue here is to protect your existing investments as well as possible, because there's not much point in immediately buying and piling up all kinds of new technologies.
'So first of all, it's better to see what you already have and to use this as efficiently as possible. You do this in three steps: Make an inventory of what you have, see whether it's currently being used in the most sensible way, and then establish how you can get the maximum value out of it.'
For example, suppose you have a firewall, but at the moment it's not being administered well or hasn't been patched for a while. 'Before you buy an advanced solution, it would first be better to configure that firewall properly, to manage it, monitor it and a tune the policy management to it', says El Haddouchi.
3. Identify the best solutions
Once the foundation is solid and you know which holes remain in your security architecture, you can then make a targeted search for appropriate solutions.
'There's such a huge number of suppliers and tools. We, for instance, were only able to make a preselection after a thorough market analysis', recounts El Haddouchi. 'This means looking at everything that's available and what the differences are between the solutions. This is done by carrying out extensive market research per solution, based on real network cases from practice.' It's a good idea to also consider the findings of leading market research analysts like Gartner and to consult various other sources of information.
'On the basis of the technical and business requirements you ultimately arrive at a shortlist. This involves a huge amount of work, however, and requires specific specialist knowledge and experience. The most important question is what the best or most practical solution is for whom and when, for instance endpoint security or an anti-DDoS solution, or a Web Application firewall, or a NextGen firewall. It's always about the specific situation of the company.'
4. There is no one-size-fits-all
Suppose you want to buy endpoint security to improve the security level. How do you go about this? There are a huge number of solutions on the market, so how do you make the right choice for your company?
'You can't test them all', El Haddouchi points out. 'Research agencies such as Gartner or NSS Labs give you a certain amount of insight, but you need to ask yourself what it means for your specific situation.'
This means that it is even more difficult for you as a company to make the best and most optimal choice. It takes a lot of time and energy and as soon as you've made a choice, you might still be wondering whether it was the best one. The most expensive or the best product in a test report is not automatically the best choice for everyone. What's good for one network might not be good for a different one. Only by examining your specific requirements can the right solutions be created.
5. Visibility is essential
'It's extremely important to invest in visibility within your company's security, because as long as you can't see something, you can't make it secure either. So it's crucial to create high visibility in all your assets, networks and applications. I have visited companies that didn't always know which applications were running on their network. They didn't even have a comprehensive list of systems and software. How can you go about rendering that secure?'
'Consider, for instance, all the people and systems that have access and ensure that you can see what activities are taking place at the file, process and user levels. Detection of discrepancies is important here. How does a user generally behave in certain applications? As soon as notable deviations from this pattern are detected, this should prompt an investigation.'
6. Shared responsibility in the multi-cloud world
The world of multi-cloud involves shared responsibility, says El Haddouchi. 'You're dealing with multiple suppliers. So you need to decide how you'll define the areas of responsibility and share them with your partners.' As soon as you use a certain cloud environment, you have to be sure, among other things, which security measures the cloud provider implements for you as standard and what you yourself need to do in addition.
'Obviously, you hold and retain ultimate responsibility. What's more, a provider can't solve everything for you. So you need to clearly define these models of shared responsibility. This also immediately relieves you of trying to create security for absolutely everything yourself, while that isn't necessary either.'
7. The role of automation
Nowadays you can't manage without security automation. This helps to reduce costs, but even more importantly it lets you respond quickly and effectively to threats. El Haddouchi: 'Automation means that as soon as, for instance, malware has entered the system through an endpoint, you ensure that the affected area is automatically closed off and placed in quarantine. The network or an application can also immediately be analysed automatically, so that you quickly know what's going on.' So as well as telling you which areas are infected, it also immediately offers a more rapid and efficient way of taking the right measures. This is crucial in a multi-cloud environment.
'Previously you could use the old technique of digging into log files to find this out yourself. But digging deep is an impossible task when you have three or four extra cloud environments. Now you really need an overarching automation element that helps you with both detection and response.'
Click here for more information about Multi-cloud protection