A little while ago, security professionals from my firm watched as hackers began probing the network of a large financial institution. The hackers took their time, poking here, prodding there, until they had a pretty good idea of the shape of things.
The company recognized their incumbent security solution had shortcomings and had first installed our intelligent software in passive mode. When we warned executives of an incoming attack, they first did not believe us because their security system wasn’t detecting anything. But eventually, they asked us to take a closer look.
Sure enough, a couple weeks after the probes ended, hackers launched a sophisticated, multi-vector attack that displayed significant knowledge of the financial institution’s network and weaknesses. We were able to quickly thwart them, without any impact to the business.
The reason I’m telling you this story is because this organization’s security flaws stemmed from a common habit that organizations of all sizes need to break. Like this financial institution, businesses all too often rely on disparate systems that cannot communicate to protect the private cloud, the public cloud, and the data center, not knowing that hackers can exploit the environments’ differences to gain access to all three. The sum of the parts is too often less than the whole.
In cybersecurity, we face bad actors who learn and evolve. They get better, smarter. When it comes to hybrid cloud security, the surface areas for attacks grow and valuable data traverses multiple different locations, sometimes simultaneously. What served as good enough one year earlier becomes inadequate and dangerously vulnerable the next. Complacency translates into business crippling breaches in this environment.
So here it is, the one habit you need to break if you have a hybrid cloud environment:
Stop thinking of security in pieces.
There’s never been a hybrid network that wasn’t assembled in parts.
Plenty of small companies start off with a data center in the basement. A few years and a couple satellite offices later, the company decides to move some applications onto a private cloud to accommodate the geography of its workforce. A few years after that, it moves other applications to a public cloud service to stay ahead of traffic surges, lower costs, and add agility.
At each stage, the network administrator establishes security protocols for the new environment based on the new architecture. But many network administrators never go back and adjust the data center’s security in light of the new private cloud, and the protocols are seldom adjusted when the second cloud is added.
There are lots of reasons for this. Budget plays a role. A planned cloud adoption might have a budget for security that only factors in the new environment. Or the administrator might believe that, having checked for hardware and policy compatibility between the new environments, the security policies are aligned, and there’s no need and no time to go back.
This isn’t and shouldn’t be the case.
Security gaps increase exponentially when adding new infrastructure. Security holes in the data center interact with holes in the public cloud and with those in the private cloud and vice-versa. Each environment is insecure in its own unique way.
To counter this, network administrators and CIOs need to bring their entire network under a single security blanket, a collection of network devices that communicate with each other across clouds and data centers to create a common baseline for security for rapid and accurate protection. Even if one part of the network is attacked, the other parts know about it and prepare defenses.
That single blanket should rely heavily on automation; there’s a global shortage of cybersecurity talent. It’s a hard discipline to learn, even harder to attract top talent and many companies are reluctant to hire individuals who learned as teens, dabbling in the cyber dark side. Automated systems can learn to coordinate detection and attack responses across an entire network without any manual intervention.
Take into account the robustness of the threat environment as well. DDoS attacks affect one part of your network, application attacks another, encrypted attacks a third. A single application in the cloud can have different security needs on-premise.
But treating security concerns holistically solves these problems. So whether you’re currently migrating applications or data to the cloud or you’ve been using multiple clouds for years, take the time to revisit and revise your security policies and make yourself a much tougher target because you are already in the hackers’ crosshairs you just may not know it.