It’s 6:00 a.m. on a Monday morning. You get an automated text from your security systems that a DDOS attack was attempted, but new security policies downloaded several hours earlier proactively protected the systems from the attacking IP address. All is well.
The alternative is not good—meaning that you had no idea of the DDOS attack, and now you’re playing cloud security whack-a-mole to fend off the attack until you can put more permanent solutions in place. Of course, other types of breaches could be much worse, in terms of their impact on the enterprise.
Proactive and automated security solutions are known as centralized trust. Simply put, these are central repositories of security policies that are linked to local repositories in the enterprise cloud. They may even contain centralized identities—things, processes, or people—that that can be centrally credentialed.
The cloud is the perfect place to have centralized trust, both for the cloud platforms themselves and enterprise resources wherever they may reside. Sadly, enterprises may not be willing to adopt this model.
How centralized trust works
Here’s how centralized trust works: As security threats are noted, the central security policy repository is updated, and those updates are sent to all subscribing distributed security policy repositories. Or, the new policies can also be centrally read, without actually replicating the policies.
The idea is that you get an instant notification of a common threat, which is translated into a policy that you instantly put into production to eliminate the threat. This process is completely automated; there are no people involved, and so it’s the ultimate in proactive security, both for small threats such as DDOS and for larger threats such as data breaches.
Obviously, enterprises need to have their own security policies. That means private and public security policies must exist in the enterprise-level security policy repository, marked accordingly.
Enterprises fear losing local control, and thus make themselves less secure
Although this is the ultimate security defense model, one that could keep many enterprises out of cloud security trouble, I really don’t believe many enterprises will go for it. The reason is obvious: They won’t accept outside security automation, instead considering that a threat to them an their control.
But we’re already there. Public cloud providers proactively deal with security threats in an ongoing basis, and enterprises that have hundreds of workloads on those public clouds benefit from their providers’ security systems.
However, this is a passive process for the enterprises, because they are not actively engaged in the process. Although the platforms are protected by the cloud providers, the enterprise’s applications and data may not be protected. After all, securing those areas is the responsibility of the cloud tenant, which is the enterprise that uses the public cloud.
Security systems seem to be enterprise-driven, even those in the public cloud. Each cloud-based security solution, as well as the supporting cloud-based security policies, is unique to each enterprise. That means the level of risk is all over the place.
Although centralized security could provide much better protection and greatly reduce risk, enterprises don’t seem to want it, even though there are more upsides than downsides. Bummer.