Barracuda Networks Extends Cloud Security Reach to Azure
Barracuda Networks today announced it has extended the reach of its software-as-a-service (SaaS) application for managing cloud security to now include Microsoft Azure.
Previously available only on Amazon Web Services (AWS), Cloud Security Guardian now comes pre-loaded with security policies based on CIS Benchmarks. It uses that foundation to generate an interactive map of the cloud computing environment and automatically remediate security policy violations by configuring and deploying CloudGen Firewalls or CloudGen Web Application Firewalls (WAFs).
Tim Jefferson, senior vice president for data protection, network and application security at Barracuda Networks, said the relationship with Microsoft is deeper than with AWS because the Azure Cloud exposes a bi-directional Security Graph application programming interface (API) through which Cloud Security Guardian is able to access a much richer set of telemetry data. In contrast, AWS only makes available the telemetry data it exposes via the AWS CloudTrails service. Cloud Security Guardian for Microsoft Azure also integrates with the Microsoft Azure Firewall service.
Jefferson said many organizations are still struggling with cybersecurity in the age of the cloud because they are trying to lift and shift their existing cybersecurity frameworks for on-premises IT environments to a completely different class of platforms. Cloud service providers are more than capable of providing a more secure computing platform. Each organization, however, needs to secure the software that runs on top of that infrastructure. The shared responsibility approach to cybersecurity requires organizations to focus their efforts on finding ways to secure cloud-native applications, he said.
In fact, Jefferson noted, when most organizations express concerns about cloud security, it’s not so much about the platforms as much as it is a lack of visibility and workflow processes for securing the applications on those platforms. To facilitate that transition, Barracuda Networks makes available templates based on JavaScript Object Notation (JSON) files so developers or cybersecurity professionals can programmatically craft their own DevSecOps processes, said Jefferson. While there is a definite shift left occurring in terms of developers implementing security controls, he said cybersecurity professionals still need to be able to verify those controls and, when warranted, immediately fix vulnerabilities on their own.
The next major evolution of cloud security will be to extend those DevSecOps processes across multiple clouds, Jefferson said. Rather having to set up and manage DevSecOps processes for each cloud, organizations will want to be able to manage DevSecOps process across multiple cloud computing environments centrally. By employing Cloud Security Guardian across multiple clouds, the framework for achieving that goal is already in place, he said.
No two organizations are on same cloud security path. Cybersecurity concerns remain the No. 1 inhibitor for deploying applications in the cloud. How much of that has to do with perception versus the realities of complying with various regulatory mandates is difficult to assess. What is clear is that despite any lingering concerns, there are a greater number of sensitive applications running in public cloud computing environments than ever before.
— Michael Vizard
