Is Network Security Still a Thing in the Age of Public Cloud?
So, you’ve decided to migrate your data center to the cloud. Your consulting firm is suggesting that you implement a hub-and-spoke model as this is the topology recommended by cloud providers.
Their guidance: “Just stick in your gateway firewall and you’re good to go."
Hold up. How about internal network security posture in the cloud? Will the data center be secure right out of the box? What are the risks of migration exactly?
In this blog post, we will address these questions — and more.
Cloud security gaps
When moving to the cloud, modern enterprises encounter an increasingly complex security challenge. They’re still facing the threats of ransomware and other security attacks, but neither the cloud-native security tools nor their legacy firewall tools can cater to the unique challenges of the cloud.
In particular, they’re experiencing:
Poor visibility
The lack of a single consistent policy
Decentralized governance
Poor visibility
The visibility provided by the cloud provider is based on raw logs that inventory the flows between the different workloads. Without integrating those logs into a third-party system that provides clear understanding of the application dependencies and how the applications communicate, it’s extremely complex to determine what policy you need to apply to your applications.
No single, consistent policy
Creating consistent policies across hybrid cloud environments using native cloud security tools is extremely complex. Microsoft Azure, for example, holds multiple subscriptions, each subscription having its own objects and rules and, therefore, its own policies that are not shared across the different regions. This makes it extremely difficult to see the big picture.
Decentralized governance
The third challenge is operational: How do we connect the security policy to the actual DevOps operations? With application owners creating the application infrastructure as code, the security team is facing the challenge of how to work with this new concept (infrastructure as a code) and still maintain the network security posture.
The result is weak security in cloud environments — and attackers know it. According to IBM’s Cost of Data Breach Report 2023, 82% of all the breaches reported last year involved data stored in the cloud — public, private, or multiple environments. Even worse, the report found that 39% of those breaches spanned multiple environments, incurring a higher-than-average cost of US$4.75 million.
Agentless visibility and policy controls across hybrid cloud
Akamai is officially launching visibility and cloud segmentation capabilities as part of its award-winning Akamai Guardicore Segmentation.
These capabilities allow organizations to contain attacks on applications and workloads in their hybrid cloud and Kubernetes environments, and provide the same visibility and policy controls provisioned in on-premises environments. This is achieved through automatic application discovery, comprehensive visualization of cloud flows, precise segmentation policies, and network security alerts — all from a single pane of glass and without the need to install agents.
With Akamai Guardicore Segmentation you can go beyond the data center to secure Azure, AWS, GCP, and other cloud infrastructure with a single view of the cloud and a single, consistent security policy across your hybrid environment. This allows you to identify threats, anomalies, and potential vulnerabilities and quickly apply security controls that adapt to any change in your cloud environment.
Easy access to Akamai Guardicore Segmentation via online store
Akamai Guardicore Segmentation is available in the Microsoft Azure Marketplace, an online store that provides applications and services for use on Azure. Azure customers can now easily access Akamai Guardicore Segmentation and extend industry-leading segmentation capabilities to the cloud and data center with ease.
Key use cases
Customers typically approach us for a cloud segmentation solution to:
Secure platform-as-a-service (PaaS) environments
Achieve cloud compliance
Prevent ransomware and other cyberthreats
Ensure comprehensive visibility
Secure PaaS environments
Security for PaaS deployments is in high demand as many businesses move away from Infrastructure as a service (IaaS) to take advantage of cost savings, increased efficiency, and speed. Akamai provides security with robust controls to manage and regulate access to PaaS resources, ensuring interactions are both secure and compliant.
Achieve cloud compliance
Choosing a cloud platform adds another layer of complexity to regulatory compliance. A company may be required to adhere to regulations such as HIPAA (Healthcare Information Portability and Accountability Act) and the PCI DSS (Payment Card Industry Data Security Standard) and other cloud-specific regulations — and going through these audits without the right tools can be challenging. With Akamai Guardicore Segmentation you can visualize and segment your cloud environments to help you meet the stringent demands of industry regulations and standards.
Prevent ransomware and other cyberthreats
With businesses storing more sensitive data in the cloud, attackers can target a larger pool of valuable information. Akamai implements east-west segmentation to protect against lateral threats within hybrid cloud environments.
Ensure comprehensive visibility in the cloud
Being able to see what you protect is key to any segmentation project. Akamai provides complete, context-rich visibility into your traffic across all hybrid cloud environments using a single pane of glass. Customers typically engage with us during their cloud migration journey in order to map and protect their digital crown jewels, critical assets, and applications.
The unique cloud capabilities of Akamai Guardicore Segmentation
Akamai Guardicore Segmentation provides unmatched cloud capabilities that no other segmentation vendor provides, including:
A single user interface for visibility
A single tool to manage policy across agent-based and agentless
Security value on top of segmentation capabilities
Policy suggestions for the cloud
A scalable and secure solution
Single pane of glass with a single user interface
A true single pane of glass, featuring a single user interface for visibility (Figure 1), and a policy that covers your entire data center and cloud with one management system. We use an interactive network dependency map to ensure that your business gets the best visibility into what’s happening in your on-premises and cloud environments.
This visibility allows you to easily identify segments, group views, and list dependencies among applications to plan cloud migration, monitor the environment, or segment fast without errors — all based on real-time data rather than assumptions.
Fig. 1: A single map for on-prem and hybrid cloud environments
A single tool for agent-based and agentless policy management
A single tool to manage your policy across agent-based and agentless. We’re using a hybrid enforcement engine that leverages multiple enforcement points. This allows an organization to simply define the intent of network policy and have the Akamai Guardicore Segmentation policy engine take care of the rest by dynamically deciding which agent-based and agentless enforcement points are used across the data center.
Security value on top of segmentation capabilities
Akamai Guardicore Segmentation’s Reputation Analysis and Threat Intelligence Firewall combine within the customer’s cloud environment to provide security on top of segmentation.
Policy suggestions
Policy suggestions for the cloud can be used for cloud workloads and flows using out-of-the-box templates (Figure 2).
Fig. 2: Ringfence an Azure application using automated policy suggestions
A scalable and secure solution
All policy-related calculations are done from inside the cloud with a dedicated Akamai Guardicore Segmentation component. This allows us to better align with the dynamic nature of the cloud. Data does not leave your cloud environment and the solution architecture scales automatically with your cloud environment.
Akamai is the only vendor that does not require you to compromise your posture for cloud support. Unlike other vendors that require external connectivity to access network security groups and flows, Akamai keeps your data in your environment.
Consolidation is key
In its Top Trends of Cybersecurity 2022 report, Gartner predicts that over the next two to three years we will see large numbers of companies move away from the strategy of combining best-of-breed security products from multiple vendors. Instead, these companies will increasingly pursue a strategy of using single vendors to provide several categories of cybersecurity solutions.
According to Gartner, this consolidation will lower the total cost of ownership and improve operational efficiency in the long term, ultimately leading to better overall security.
Extending Akamai Guardicore Segmentation to the cloud allows organizations to protect their business-critical applications — whether they are on-premises, in the cloud, or on legacy servers — while reducing the number of security solutions that need to be managed.
Learn more
To learn more about Akamai Guardicore Segmentation’s unique cloud capabilities, talk to an expert.
