Why Public Cloud Is the Future of Security

Bluelock

By: R. Scott Raynovich

The security crisis continues. As counterintuitive as it may sound, the public cloud may be the most logical place to move security technology forward. 

Public cloud companies have more data than anybody, they have access to millions of applications, and they have the ability to implement security and analytics technology at scale, in real time. This means they have unique power to scan, identify, and stop security issues in a central place. 

Many security experts and vendors are taking notice of this and moving their focus to the public cloud, where services and products can be rolled out to support the cloud at scale. Recently, the trend is to port and implement security tools to public cloud platforms such as Amazon's Web Services (AWS) and Microsoft's Azure. You are likely to see this trend gain steam, as more applications more to a public or hybrid cloud model, where data and software can be virtualized and run in many different platforms. At the same time this is both a security risk and a security opportunity, if the security tools are built to follow and protect the applications wherever they go -- especially into clouds.  

AWS Focuses on Security

That's not to say everything is bulletproof in public cloud. Recently, Amazon's AWS S3 storage servers have been the source of a series of problems. According to Skyhigh Networks, seven percent of all S3 platforms have unrestricted public access and 35 percent are unencrypted. This led to a series of bad headlines, including the leak of passwords by a government contractor. In June, millions of voter records were leaked from unsecured AWS S3 bucket storage accounts owned by Deep Roots Analytics, which holds data about voters. 

Of course, Amazon is aware of these security challenges and recently responded by introducing Macie, a new security service built to stop some of this AWS S3 data from accidental leaks and breaches. Macie looks for common sources of personally identifiable information or sensitive personal information, and then checks for suspicious or unnatural events in AWS CloudTrail. It allows the clients to classify the sensitivity of information and then scans for suspicious activity. 

Mike Banic, VP of marketing of security startup Vectra Networks, says that public cloud represents and important segment in driving security forward. 

“For security, we could see a pivot to the cloud network in terms of scale," said Banic. "Microsoft could have an advantage as they want to move more of their enterprise applications onto Azure. If they can drive enterprise-class security requirements into the cloud, this may smooth the path for enterprise migration for large enterprises. AWS has been very successful with companies who were ‘cloud-first’ from their very beginning, but large enterprises will want to find the Microsoft apps and services they are familiar with in the cloud."

Azure Encrypts Data in Use

Microsoft Azure has made recent moves on how public clouds can take important steps to innovating in the security area. Earlier in the month, Microsoft introduced Azure Confidential Computing, which moves code into a Trusted Execution Environment to encrypt data being when it's being run in workload, away from where the data is stored. This is referred to in the business as encrypting "data in use" -- that's opposed to encrypting data in motion, as on a network, and data at rest, when it is stored. The move to encrypt data in use locks down a key vulnerability of data when it's moved into the application for execution. 

The biggest strength in public cloud services will come in their capability to host security services such as analytics and artificial intelligence (AI). Think of the typical enterprise: It must hire armies of individuals to update security patches, programs, and analytics tools, and then it must monitor these on a variety of platforms. With a cloud platform, it's possible to build the security analytics functions into the entire cloud platform as an integrated function, which helps consolidate visibility. In addition, the cloud can see man different patterns and attacks in real-time, making it a natural place to run security analytics functionality. 

Network security specialists and analytics vendors are aware of this and are moving to port their platforms over to cloud services. For example, in August, Palo Alto Networks introduced products that will run on VMware Cloud on AWS, bringing firewall and endpoint security tools to the public cloud. Gigamon, a network packet broker vendor that uses analytics tools to spot security threats, recently ported its platform to Azure.

These are examples of security vendors that built tools for specific hardware platforms on private networks or datacenters, but now see the importance of virtualizing security services for the cloud. 

Microsegmentation Looms Large

Another big trend for security in the cloud is microsegmentation. This approach uses software-defined networking (SDN) technology to segment traffic in a virtualized networking environment. Microsegmentation also enables security for individual applications in the datacenter. For example, microsegmentation can be used to segment the traffic on virtual networks for finance and human resources applications so that they are partitioned and run separate of each other. 

This has moved a lot of the SDN activity into security features. All of the major SDN vendors, including Big Switch, Cisco, Nuage Networks, Pluribus Networks, and VMware NSX, are touting the benefits of microsegmentation. There is also an opportunity to combine microsegmentation and analytics to help lock down applications in the cloud, which is why you will continue to hear about security being a big part of the SDN security. 

Cloud Native Security

Another promising area for public-cloud security comes in the development of tools targeted at so-called "cloud native" environments, or software that is built from the ground-up for the cloud. These applications are often created with the notion that they are not tied to any specific cloud framework or platform and can be moved across clouds.

Cloud native applications often use container technology or serverless computing, which separates the software framework from a particular operating system or hardware device. In this case, the container environment, which controls the instances of the cloud applications, must be controlled -- because there is no specific physical element such as a switch or server to be secured. 

Startups such as Illumio and Twistlock are focused on tools to take microsegmentation and security analytics into native cloud environments. Twistlock is targeting serverless environments in the cloud, where it uses risk-scoring and policy management for container management platforms such as Docker and Kubernetes. AWS is a customer. Illumio's Adaptive Security Platform (ASP), which enables the microsegmentation to be implemented for compute workloads no matter where they are running, is available for both AWS and Azure. 

There are even startups focusing specifically on AI security applications for the cloud. Vectra Networks has a platform called Vectra Cognito that examines traffic in AWS in order to detect attacker behavior. Using information on administrator credentials and administrative protocols, it uses AI to look for suspicious changes in credentials. 

Long-Term Shift to Cloud Thinking

If you think about these many trends in cloud security, the shift to the cloud is likely to continue for many years, as more applications become untethered from specific physical instances and put in virtualized environments. 

In order to secure these applications, the major cloud players will focus on integrating security tools that can scan data, networks, and security access in the cloud and help automate the laborious task of monitoring how applications are being used -- and when they're being hacked by the bad guys.