The Future of Cloud Security.

Updated: Jun 15


Cloud computing has been on the rise in the recent past as more companies and enterprises adopt cloud based solutions as opposed to physical servers and locally hosted application. The increase can be attributed to the increase in remote working, cost reduction and faster way of user support.


As companies move towards cloud platforms, the native security approaches have proven to be ineffective as they are designed for physical servers and not the cloud. In view of that, Gartner developed a new cloud security approach called Secure access service edge (SASE) in August 2019.


What is SASE?


SASE is a security approach that is designed to combine network security functions

with the Wide Area Network capabilities to support the dynamic secure access needs of organizations. SASE is a journey of combining several security technologies to achieve a 360 degree visibility and protection of data and application regardless of location.


Fundamentals of SASE.

  1. Simplicity - SASE consolidates the network traffic with the security priorities in a single cloud delivered model. This makes it easier for administrator to manage all production services.

  2. Security – SASE allows administrators to control and protect users and services.

  3. Scalability – SASE will allow institutions to grow easily.


PILLARS OF SASE.


1. SD-WAN.

Software defined wide area network (SD-WAN) is a software defined approach for managing wide area networks. This is an improvement of the traditional wide area networks which connects branches and campuses to applications hosted in data centers.


With the increase in cloud application, WAN has become ineffective as users connects to the cloud via the internet.


Benefits of SD-WAN.

· Simplicity.

· Improved performance.

· Reduced costs.


2. Firewall as a service.

This is a firewall solution that is delivered as a cloud-based service that allows companies and institution to provide simplified perimeter security. It is the improvement of the hardware firewalls.


Advantages of firewall a a service.

  • Unified security policies.

  • Simplified deployment and maintenance.

  • Scalability

  • Flexibility

3. Cloud access security Broker.

Cloud access security broker: This is policy enforcement point placed between cloud service consumer and cloud service providers to enforce security policies as cloud resources are accessed. CASB can be used for both cloud services which are under the institution control and also third party cloud services.


CASB PILLARS.

  • cloud visibility -

CASB has allowed institution to have visibility of all cloud services that are being used in their institution whether managed or unmanaged. This has enabled network administrators to be able to configure policies that are targeted to the cloud services currently in use.

Visibility also has given institution to plan financially on cloud services.

  • Compliance

One of the major concerns of moving data and applications to the cloud, is being compliant with the compliance regulations. CASB has been developed to help companies and institution to comply with all the data breach regulations set by your industry.

  • Data security

Data is the most important asset for organization thus its security becomes very paramount. CASB helps you to classify data and also configure policies to prevent data loss over the cloud. This is achieved by defining data by context and using document fingerprinting technology.

  • Threat Protection

CASB is also designed to protect organization against cloud malwares and threats. Cloud storage services and associated users are always a target from attacks. CASB scans and remediate threats in real time.


4. Secure Web Gateway.

A secure web gateway (SWG) is a cloud based security solution that protects internal networks of organization against infected web traffic. Web is one of major gateways that hacker use to infiltrate internet-borne viruses, malware, and other cyberthreats.

According to Gartner, a secure web gateway must have:

  • URL filtering.

  • malicious-code detection and filtering.

  • Application controls for popular cloud applications.

Secure web Gateway is used to enforce data loss protection prevention. Some Malwares are designed to steal data from organizations over the internet without the knowledge of the user. Secure web gateway is able to protect all your data against data theft.



5. Zero Trust Network Access (ZTNA)

Zero Trust Network Access is a data security protection model which applies the “never trust, always verify” principle to grant access to IT services ad resources. Modern enterprise IT environments and corporate networks are made up of many interconnected segments, cloud services and infrastructure, mobile environments, and increasingly non-conventional technology such as IoT devices. Traditional models of granting user access to IT resources are ineffective and pose a great risk to IT environment as they rely on the “Trust but verify” model. This model assumes that everything inside the organization can be trusted.


Users are usually classified as trusted or untrusted. The trusted user gains access to the whole network without any restrictions. This model has is no longer viable because of the following:

  • Insider threats: A trusted user could access a critical data or application and maliciously or unknowingly expose the network to external threats.

  • Compromised credentials: If credentials of trusted user are stolen or accessed illegally, an attacker may use them to access the network and cause damages.

  • Sophisticated attacks: Hacker have advanced in their attacks, the need to prevent lateral movement in a network becomes of highest importance incase a section of a network is compromised.


Principles of Zero Trust Network.


  1. Assume that the network is hostile.

  2. Cyber-attacks have continually increased and enterprises must always be prepared for an attack.

  3. ZTNA assumes that an attack can originate from within the network or outside the network. All devices, users, and network flow must be authenticated before they ae authorized.

  4. ZTNA employs the least privilege principle. Users and devices are given zero access by default, then access given on need basis.

  5. It also employs Multi-factor authentication. Users require more than one form of authentication to get access.

  6. Policies should be dynamic, informed by several sources of Data.


By 2025, Gartner has predicted that over 50% of organization will have explicit strategies to adopt SASE.


Ariel Technology has partnered with global vendors that offer the SASE security framework.


References

https://www.paloaltonetworks.com/cyberpedia/what-is-a-sd-wan

https://www.fortinet.com/resources/cyberglossary/firewall-as-a-service-fwaas

https://www.netskope.com/security-defined/what-is-casb

https://www.netskope.com/products/capabilities/zero-trust-network-access