Organizations are shifting application environments, migrating workloads between on-premise, private and public clouds and operating a hybrid application ecosystem spread
across multiple environments.
According to Radware’s 2021 State of Web Application and API Protection Report, 47%
of organizations who operate on the public cloud deploy applications on more than a just
a single cloud environment. Moreover, many organizations continue to deploy applications
either on-premise or on private clouds. According to the same report, 51% of production
applications are hosted either on-premise on in private clouds.
There are many reasons why organizations leverage multiple platforms, but they all face
a common problem: how to secure a rapidly changing application environment across
multiple platforms?
Securing Distributed Assets is a Challenge
The challenge with securing a distributed cloud environment is that many of those platforms frequently come with their own built-in security tools. Using these native tools can lead to disparate security silos with inconsistent security policies, varying levels of protection, and fragmented logging and reporting.
Specifically, there are three main challenges when it comes to protecting cross-cloud assets:
Challenge 1: Creating A Cross-Platform Security Perimeter
The first challenge is securing applications and network resources against outside malicious traffic.
The legacy world of physical data centers was simple: network resources and administrators were located on the same network and frequently in the same physical location. Administrators had control over computing resources and defenses were concerned primarily on keeping malicious traffic out of the organization’s network.
[You may also like: Addressing the Challenges of Least Privilege Access]
Public clouds are different: computing infrastructure is no longer hosted in physical data centers under the control of the organization but are run on shared resources in remote data centers managed by third parties.
Malicious traffic can come via various vectors and defenses must mitigate all of them. Security managers must create a security perimeter which keeps any type of malicious traffic outside of their applications, regardless of where it is deployed.
Challenge 2: Securing Remote Cloud Infrastructure
The second challenge deals with protecting infrastructure hosted on cloud environments once the external perimeter has been breached.
Moving to the cloud means losing visibility and control. Whereas in the “old” world of on-premise computing, computing infrastructure was under the direct control of IT and network managers, moving workloads to remote cloud data centers has led to organizations losing direct control over their assets. In effect, the old insider is now an outsider to their own computing assets.
[You may also like: Using Best Practices to Secure Apps in Multi-Cloud Environments]
Access to cloud-hosted workloads is now managed remotely using APIs provided by the cloud hosting providers. Administrators no longer have direct control over their workloads and securing public cloud workloads is now a shared responsibility between the customer and public cloud vendor.
This means that the public cloud infrastructure– the backend running the applications – is now a potential target for malicious actors and organizations must secure those platforms against penetration and abuse.
Challenge 3: The Ability to Change
The third challenge is the change process itself, which is an inevitable part of cloud migration.
Migrating to the cloud is not a one-time, immediate, static process. In fact, it is a continuous, dynamic process, with multiple starts, milestones and changes. It is not uncommon for the target environments to change, for applications to be added or removed, and for new cloud environments to be added, in addition to existing and
ongoing deployments.
The combination of larger attack surfaces, decreased visibility, the increased vulnerability of applications and rapidly changing cloud environments means that organizations must be able to quickly deploy security policies which can protect multiple – and frequently changing – cloud environments in tandem.
Creating a Cross-Platform Security Architecture
For organizations to secure their cloud application environment, they must create a cross-platform security architecture that is:
- Comprehensive – protect cloud applications and cloud infrastructure against any type of application threat, whether it targets the application surface or the application infrastructure
- Consistent – protect applications at same level, across multiple environments, whether they are on-premise, on a private cloud or in the public cloud
- Adaptable – be able to adapt to changes in the application environment and deployment architecture
- Agnostic –protect the application environment regardless of where the application is running
