Imperva: Securing the cloud
Gartner predicts global spending on public cloud services will grow from $155B in 2014 to $210B in 2016.
As cloud adoption accelerates, enterprises are prioritising how to integrate and migrate existing systems, from enterprise resource planning (ERP) to customer relationship management (CRM) systems, to cloud-based platforms.
Cloud services, be it a software-as-a-service (SaaS) or infrastructure-as-a-service (IaaS) based solution, often run critical applications and store business-critical data.
However the majority of existing security controls do not cover the range of different cloud deployments because they were designed for on-premise applications.
However as customers take advantage of cloud-based services to reduce costs and increase flexibility, moving applications and data off-premise causes new and very significant risk exposure for organisations. So how do you secure the cloud?
There are three key steps that organisations need to be aware of and plan for, with cloud security platforms to function in this highly connected world.
Three key steps
For internally facing corporate applications, the move to cloud based solution removes the traditional on-premise security framework.
To fill this gap, companies need to source a solution that provides a comprehensive security and compliance stack for the SaaS based corporate applications such as employee, CRM and back office-oriented applications.
There are three main challenges that drive the need to protect these corporate applications:
• Managing compliance in the cloud – There is a need to generate an audit trail of all user access ranging from login events to a full activity log and enable enforcement of the necessary separation of duties between the SaaS administrator and IT security.
Administrators can generate activity reports for both internal and external compliance audits and exposure reports for forensic analysis.
• Controlling 'Shadow IT' – It is imperative to automatically detect cloud applications that are used without corporate approval and provide risk scores and usage metrics.
• Cyber intrusion prevention – The weakest link in many cloud applications’ security is the abuse of legitimate user accounts.
The right cloud security platform identifies and protects against account-centric attacks including account takeovers, manin- the-middle attacks, DNS poisoning and brute force attacks.
Block the attacks
Internet facing production applications hosted in the cloud can be protected in two ways. Firstly some customers prefer the SaaS model for web application firewall (WAF) delivery.
Organisations can meet that need with an application-aware global content delivery network platform that provides best-of-breed security, DDoS protection, load balancing, and failover solutions.
It is possible for cloud security platforms to apply real time remedies to websites and applications, achieving 50% speed benefits whilst consuming 40 to 70% less bandwidth. This achieves security and availability to better protect cloud delivery models.
Do it yourself cloud application security
For those organisations that want to take their on-premise solution to the cloud or that prefer a 'do it yourself' model for application security, identifying a WAF that technically aligns with Amazon Web Services (AWS) is ideal.
Enterprise is making a strong push to move their customer facing applications to AWS so that they can realise significant infrastructure savings by managing load peaks with temporary AWS capacity.
With a specifically designed security platform for AWS, customers can replicate their existing on-premise security controls as they migrate to the cloud.
Leveraging Amazon Cloud Formation, WAF instances are created and moved along with the applications they protect, including across availability zones, allowing for fast deployment of large enterprise-scale environments with minimal operational overhead.
By Jason Burn, area vice president Pacific, Imperva