Security in a Multi-cloud Environment

By: Paul Nicholson, Director of Product Marketing, A10 Networks

As companies leverage a multi-cloud strategy to improve IT operations and provide better services to their customers, they can’t afford to overlook the implications for security. This is especially true with the emergence of a new paradigm to run multiple disparate compute environments for application delivery. In fact, while issues like creeping complexity, non-existent cross-platform visibility, and multiple vendor standards all compete for IT focus in a multi-cloud environment, enterprise leaders cite security as the top challenge of all.

This trend was illustrated in a global survey of IT and business executives conducted by A10 Networks in partnership with the Business Performance Innovation (BPI) Network. In the survey, respondents reported that ensuring strong security across clouds, networks, applications and data will be critical for realising the advantages of multi-cloud IT. This is clearly a work in progress; to date, only 11 percent believe they have been highly successful in seeing the full value of their multi-cloud strategy, while a majority (51 percent) rate themselves as only somewhat successful or unsuccessful so far.

A quick web search will uncover many cases of vulnerabilities and real-life incidents. In one blog post by VMware, it is noted that it’s the job of IT and security teams, not just cloud providers, to take care of many aspects of security. To stop sophisticated bots, frequent data exfiltration of personally identifiable information (PII), application attacks, and other threats, it’s essential to implement a security strategy across all your clouds, private or public that is as stringent as the one used for your on-premises solutions, if not more so.

Deterministic or Accidental Multi-cloud Complexity – It All Needs to be Secured

It’s easy to understand why the proliferation of multi-cloud environments has tended to outpace the evolution of multi-cloud security. While the move to multi-cloud is often part of a clearly defined and intentional strategy, this isn’t always the case. For many organisations, the shift happens on a more ad hoc basis. For example, it may happen when a company with a single-vendor cloud strategy acquires or merges with another organisation using a different cloud platform. Business units and development teams may source their own cloud resources, with or without IT’s blessing as shadow IT. New requirements for specific services, data sovereignty (such as GDPR), or integration lead IT to add new vendors to the environment. As a result, most companies end up in a more complex multi-cloud setup than they had envisaged.

Intentional or not, the evolution to multi-cloud environments typically focuses on the business and IT factors driving it. As with many technologies in IT operations, organisations first provision the services they need to address various requirements, and only then turn their attention to how best to control, govern, and manage the resulting environment. This often proves more difficult than anticipated, as shown in the results of the survey. Nearly two-thirds of respondents (63 percent) said that ensuring security across all clouds, networks, applications and data was the top challenge of multi-cloud IT, which is good news, as it is top-of-mind, even if the solutions are not ubiquitous today. Management skills and expertise (37 percent) and centralised visibility and management (33 percent) were also cited—both key concerns for effective multi-cloud security.

Essential Security Capabilities and Practices

As IT, security teams, and business leaders have worked to close the security gap in their multi-cloud environment, a clear sense of the most relevant technologies to leverage is needed. In the BPI report a majority named centralised visibility and analytics into security and performance (56 percent), automated tools to speed response times and reduce costs (54 percent), and centralised management from a single point of control (50 percent) as the top capabilities for improving multi-cloud security, reliability, and performance. With the volume of digital business data and transactions constantly rising, 38 percent of respondents also pointed to the need for more scalable, higher-performing security solutions. This will only be exacerbated over time, especially with the rise of IoT and the emerging 5G connectivity.

Looking at the most important considerations in protecting the security and reliability of multi-cloud environments, 62 percent of survey respondents agreed on the importance of centralised authentication or pre-authentication to help maintain effective control over the users, admins, and systems allowed to access various resources across multiple clouds. One respondent, Raja Mohan, senior strategic architect for cloud and platform services at Franklin Templeton, explained the reasoning behind this emphasis: “How do we deliver highly secure applications in a way in which it doesn’t matter where they reside? How do we provide seamless, secure services? That’s the goal.”

An answer to this question is seen in the high ranking of centralised security policies as a critical practice for multi-cloud IT (46 percent). Among defensive technologies, many respondents called out specific high value defences such as robust web application firewalls (WAFs) (40 percent) and DDoS protection (33 percent).

IT Operations Need to Partner with the Security Teams for Cross-Cloud Security

Organisations have been doing their best with the security tools available to them, but they’re far from satisfied with the results. “At this juncture, we’re taking advantage of security solutions from our public cloud providers augmented with our existing toolset, but we are continuing to evolve in that space,” said Mohan.

Indeed, IT organisations are continually reassessing their solutions and vendors and identifying areas where change is needed. Only nine percent of survey respondent are extremely satisfied with their current security solutions for multi-cloud environments—while 38 percent see a need for significant improvements. Only 18 percent believe they do not need to re-evaluate their suppliers. Figures like these are a wake-up call for everyone in the multi-cloud security space.

This evidence shows the need to adopt a Polynimbus secure application services approach to give the power back to IT and security teams so they can provide a secure and consistent secure application services environment across their clouds. Powered by application delivery controller (ADC) solutions, Polynimbus mindsets and practices will be the most effective way to ensure that multi-cloud compliance, security policies, functionality, and expectations are met, while easing the burden of over worked and stressed IT and security teams. Ultimately, this approach will make vigilance easier to enact and responsibility easier to fulfil.

You can learn more about the security challenges that come with multi-cloud IT and how they’re being addressed in the complete report, “Mapping the Multi-Cloud Enterprise: Next Steps in Optimising Business & IT Agility, Efficiency & Security.”

Help AG and Forcepoint Partner to Enable Middle East Enterprises to Protect their Data from Breaches and Insider Threats

In a move that strengthens its ability to enable Middle East businesses to protect their data against breaches, insider threats and cyber-attacks, Help AG, the region’s leading cybersecurity solutions, services and consultancy provider, has entered into partnership with global cybersecurity leader, Forcepoint. While the agreement extends across Forcepoint’s entire product portfolio, Help AG will focus particularly on the vendor’s unique dynamic security protection offerings, Dynamic Data Protection, Dynamic Edge Protection and Dynamic User protection, offering these to enterprises in the UAE and KSA.

 

“Data is one of the most valuable assets for businesses and its protection is therefore a top priority. Middle East organisations are looking to safeguard their data, not just for compliance purposes, but also because of the potential impact breaches can have on business continuity and brand reputation,” explained Stephan Berner, CEO at Help AG. Research by the Ponemon Institute has shown that the impact of data breaches has been especially severe for Middle East organisations. The region reports the world’s highest average number of breached records, at 38,000 per incident, with the average cost of each data breach averaging at nearly $6 million. Both these figures are about 50% more than the global average.

 

“Forcepoint’s security solutions perfectly compliment the rest of our portfolio and their model has the benefit of supporting both cloud and on-premise deployment options. Furthermore, their open platform strategy facilitates seamless integration with other industry-leading solutions. We can therefore leverage their products to build comprehensive, multi-vendor solutions that protect the entire data life cycle for our clients, whether in the cloud or in private data centres,” said Berner.

 

Forcepoint offers next generation DLP, which overcomes the rigidity and hurdles of traditional DLP by reducing alert volumes, false positives and alarms to focus on what matters. Forcepoint is a 9-time leader in Gartner’s Magic Quadrant for Enterprise DLP and their solutions protect organizations from information leaks and data loss at the perimeter, inside the organization and in enterprise cloud apps, including Office 365, Box, and Salesforce.

The vendor’s DLP solution includes an analytics engine that identifies and ranks high-risk incidents, reducing false positives and enabling businesses to isolate problems faster.

 

Dynamic Data Protection employs behavioural analytics and machine learning in its  solution to examine and assess user behaviour. By understanding attributes like typical access patterns of users, this individualised, adaptive security protects enterprises against malicious user actions such as data exfiltration or unauthorized access to critical assets and systems.

 

“As business models evolve to meet the challenges of digital transformation, the way that organisations adapt their data protection strategies will prove critical. By moving to a human-centric approach which places the data, and the understanding of user behaviour at the centre of their design, organizations can proactively protect themselves,” said Gihan Kovacs, Senior Country Manager for UAE and Pakistan at Forcepoint. “Help AG has a proven track record in rapidly assessing and embracing best of breed technologies that solve key cybersecurity challenges. We are confident that with their expertise and support we will be ready to successfully engage with and serve a broader segment of Middle East enterprises.”

 

Help AG is now a Platinum Partner within the vendor’s Partner Program. In addition to offering consultancy and implementation services, the company will also become an Accredited Service Provider on behalf of Forcepoint.

NetApp Architects Application-Integrated Data Management for Kubernetes with Project Astra

NetApp introduces vision for enterprise-class data services for stateful, cloud-native applications with any Kubernetes distribution on any cloud

NetApp (NASDAQ: NTAP), the leader in cloud data services, today introduced Project Astra, a vision for a software-defined platform that is currently in development with the Kubernetes community. Project Astra will deliver the industry’s most robust, easy-to-consume, enterprise-class storage and data services platform for Kubernetes that enables both application and data portability for stateful applications.

Although companies everywhere are rapidly adopting Kubernetes, many organizations lack reliable data and application services, and have difficulty making application data as portable as the applications themselves are in Kubernetes. Yet to meet the standards that CIOs expect, IT teams and site reliability engineers must find a way to store, govern, protect, and replicate the data for both stateless and stateful cloud-native applications with enterprise-class cloud storage and data services.

Project Astra is being purpose-built for and in collaboration with Kubernetes developers and operations managers to help bridge the fundamental gap that exists between the popularity of containers today, the capabilities and user experience they require, and their ability to deliver true, comprehensive portability. NetApp’s vision for Project Astra is to enable companies to work seamlessly with their choice of Kubernetes distribution, on any cloud.

Project Astra leverages the underlying technology delivered through NetApp’s public cloud partners and enhances it through Kubernetes-native integration of data services with applications.

NetApp is working with the Kubernetes community to further develop technology that advances the user experience and extends the promise of Kubernetes to data-rich workloads. Together, NetApp and the Kubernetes community are building a platform to help you:

• Discover applications with your Kubernetes of choice, whether on your premises or in any cloud

• Integrate and unify applications and data management

• Deliver NetApp’s expertise in data and Kubernetes both as a service and as built-in capabilities

• Extend the promise of portability for all workloads, including stateful, data-rich apps

“Project Astra represents the next major step in the evolution of storage and data services for Kubernetes,” said Anthony Lye, senior vice president and general manager of NetApp’s Cloud Data Services business unit. “We are making a decisive and long-term commitment to addressing the data challenges of Kubernetes, together with the communities and platforms that use it. Project Astra will provide a software-defined architecture and set of tools that can plug into any Kubernetes distribution and management environment.”

Project Astra builds on NetApp’s experience in enabling customers to manage petabytes of container data with NetApp® Trident and NetApp Kubernetes Services and adds a specific focus on the developers and operations managers who are innovating with containers today.

“As the first product manager for Kubernetes with Google back in 2014, I’m thrilled to be at NetApp as we continue to lead the effort to tackle the very real challenges that organizations are facing,” said Eric Han, vice president of product management for NetApp’s Cloud Data Services business unit. “I’ve been inspired by the potential of Kubernetes to transform IT services—and by the passion of the community that has helped to build Kubernetes to its prominence today. In a few short years, Kubernetes has become the de facto choice in orchestrating container environments. Yet there is still potential, and a need, to further evolve. With Project Astra, NetApp is delivering on the true promise of portability that professionals working with Kubernetes require today and is working in parallel with the community and our customers to make all data managed, protected, and portable, wherever it exists.”

Kubernetes developers and operations managers who are interested in participating can sign up here.