As enterprises migrate to the cloud and SDN, they face challenges in maintaining security.
It’s true that more organizations are making investments in cloud, software-defined networking, and virtualization, and that’s a good thing in the long run. These investments will help companies realize new efficiencies, increased agility and significant cost savings. But at the moment, we’re still in the transition phase of the software-based movement.
While more and more applications are moving to the cloud, businesses are still relying on their on-premises infrastructure for many critical functions and applications. That’s not going away anytime soon. The result of this mid-point in migration is greater network complexity. IT teams must maintain security policies and practices for both on-premises physical and cloud-based environments.
There are three key challenges to managing the complex enterprise network as we move through the cloud/SDN transition phase:
1.Cloud know-how. The skillsets required to effectively manage traditional on-premises infrastructure and cloud-based infrastructure are vastly different. According to research conducted by analyst firm ESG on behalf of Tufin, cloud security skills are not where they should be, particularly given the increasing adoption of these platforms. In fact, 49% of organizations surveyed that are operating a private cloud, using public cloud services, or both, don’t feel that their network security team has the right level of cloud computing skills. When you consider that the IT industry was already experiencing a shortage of skilled security workers before the increase of cloud adoption, this presents a real problem.
2. Increased attack surface. The proliferation of cloud platforms and technologies, coupled with the explosion of connected mobile devices, means that the attack surface of the network is larger than ever. Furthermore, some of these platforms allow application development teams to easily bypass security and network operations. This opens up the network to unsanctioned, ad hoc changes with limited or no security controls. The ESG survey of senior-level IT decision makers confirms that securing the enterprise network is more difficult now than it was as recently as two years ago.
3. Confusion over technology investments. There are solutions available today to help IT pros manage, secure and optimize their heterogeneous networks, even in the face of a workforce shortages. Making investments in automation, security policy orchestration and network segmentation are immediate changes IT pros can make to help meet these challenges.But are they making the right investments? In the research we conducted, 85% of survey respondents agreed with the importance of automation, yet only 23% of said they were confident in their current level of cloud orchestration. In short, the CISOs surveyed understand the benefits of network management automation and orchestration tools, but they are just beginning to implement them. So there are solutions available, it’s just taking some time for organizations to implement them.
While some see SDN and virtualization as new security challenges, these technologies can also be used to help manage the heterogeneous network. For example, by abstracting network security layers and then automating them through software, IT teams can more easily monitor it. If network security policies can be monitored and managed centrally across physical, cloud and virtual networks through this abstract layer, then many tasks can be automated while maintaining a tight security posture and achieving continuous compliance.
IT organizations are still learning how to apply next-generation security policies across public/private cloud infrastructure. IT leaders will need to make more strategic investments in cloud computing and cloud security training for the IT and cybersecurity staff. They’ll also need to supplement existing security infrastructure with monitoring tools and security controls that are specifically designed for cloud environments and software-defined networks.
And most importantly, understand that even with automation and orchestration, staff will still need to be properly trained to detect and stop sophisticated attack vectors – in short, staff must be prepared to be cyber fighters. Offloading some of the more labor-intensive network maintenance and management to automation tools is one way to help them be ready.
Think in terms of building out centralized, command-and-control capabilities for security monitoring and operations for all workloads, regardless of whether they run on physical infrastructure, virtual infrastructure, or public/private cloud platforms. Also, consider tools and processes for network security operations automation to align with Agile development and DevOps processes used for cloud technologies. Most importantly, make it a priority to build out comprehensive security policies and adhere to them, both on-premises and in the cloud. Using these strategies will help organizations navigate successfully through this time of change, and focus more resources on the ongoing migration to cloud.
As vice president of products, Ofer Or is responsible for leading Tufin’s product strategy. With more than 20 years of experience in high-tech and network security, Ofer has an extensive background in developing innovative products. Previously, Ofer served as director of research & strategy at Tufin. Prior to Tufin, Ofer was senior product line manager at Check Point Software Technologies. Ofer held marketing and technical positions at Check Point, Microsoft, Amdocs, and served in an elite computer unit in the Israel Defense Forces (IDF).