This is part 1 of a two part series that discusses the risks involved for application security in the new multi-cloud environments. This part introduces cloud threats to the application, different types of cloud types and finally the latest multi-cloud design.
The World Wide Web (WWW) has transformed from simple static content to serving the dynamic world of today. The remodel has essentially changed the way we communicate and do business. However, now we are experiencing another wave of innovation in the technologies. The cloud is becoming an even more diverse technology compared to the former framework.
The cloud has evolved into its second decade of existence, which formulates and drives a new world of cloud computing and application security. After all, it has to overtake the traditional I.T by offering an on-demand elastic environment. It largely affects how the organizations operate and has become a critical component for new technologies.
The new shift in cloud technologies is the move to ‘multi-cloud designs’, which is a big game-changer for application security. Undoubtedly, multi-cloud will become a necessity for the future but unfortunately, at this time, it is miles apart from a simple move. It is a fact, that not many have started their multi-cloud journey. As a result, there are a few lessons learned, which can expose your application stack to security risks.
Reference architecture guides are a great starting point, however, there are many unknowns when it comes to multi-cloud environments. To take advantage of these technologies, you need to move with application safety in mind. Applications don’t care what cloud technology they lay in. What is significant is, they need to be operational and hardened with appropriate security.
Cloud threats to the application
Your applications are only safe when they are not reachable. However, realistically most need to be reachable in some form or another. When a bad actor finds there is profit to compromise the application, they will find ways to penetrate the perimeter and access the application stack. Tools are readily available and they often don’t need much technical skill.
One possible avenue for the bad actors to pursue is when your applications are in the cloud, interconnected with hybrid cloud or hosted in the newer more advanced and complex multi-cloud environment.
The cloud perimeter is only the first layer of defense, which is usually mistaken for complete security. It’s only the first layer of security for applications. Cloud providers provide you with default security tools but they can fall short in many ways. Every application stack is different. As a result, a safer approach would be to harden the application with appropriate security tools. Read more on Cloud Threats.
Different types of cloud
The common traditional cloud types are public, private and hybrid clouds. The public cloud entails off-site infrastructure with 3rd party management. Under this category, the services are accessible over the Internet for public access.
Similarly, the private cloud entails on or off-site infrastructure with private or 3rd party management. On the other hand, hybrid cloud is the bridging of both the private and public clouds. Within a hybrid environment, the application and its data can use a combination of both. There is a flow of application traffic between a public and private resource.
The majority of traditional use cases were satisfied with these types of clouds. The clouds enabled businesses to move quickly, do software analysis, save money and deliver better value.
However, requirements are changing with the passage of time. This varying necessity has introduced a new type of cloud – multi-cloud design. Multi-cloud is a special case of hybrid cloud computing. In plain words, it is the next phase of a hybrid cloud. Both share some similarities but have different infrastructure models. Let’s learn more about the present-day multi-cloud.
What is multi-cloud?
Today, most organizations are already using multiple clouds but now the cross-cloud communication is more widespread. This offers you the freedom to run an application on any cloud provider based on your business and technical requirements.
A multi-cloud design is the structure in which the redundancy model relies on multiple cloud providers to host your applications. Multi-cloud involves the use of multiple public cloud computing services in a single heterogeneous architecture. However, they bring with them security risks to the application.
In Part 2 we will introduce the requirements for multi-cloud, the types of multi-clouds and the risks they transport to application security.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Matt Conran. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/NEE3c0AxcZ0/