Your IT Infrastructure is Hybrid. So Why Not Your Security Model?
Today’s IT infrastructure is a mixed bag. The move to public clouds, private clouds and edge computing has created an extremely diverse environment, yet the on-premise data center hasn’t gone away. Whether for compliance reasons or to support mission-critical legacy applications, the data center still plays an important role in the mix. Hybrid infrastructure has become the norm. While this offers the flexibility to optimize computing resources to meet specific application needs, it creates a challenge for security teams: How can you ensure consistent protection across those disparate systems and resources?
As hybrid environments have become more diverse and complex, the attack surface expands, increasing the need for protection and dramatically heightening cyber risk. That’s why I believe it’s time for organizations to align their security strategies with today’s hybrid deployment reality.
The Challenge of Complexity
Why hasn’t security kept pace with the proliferation of deployment options? One reason is increased complexity. In the past, your application security strategy might have consisted of a gateway or web application firewall (WAF) in front of the data center, creating a single, consolidated point for security policy enforcement. Achieving consistent security policies was relatively easy.
But those days are in the past. When you add in multiple clouds with their own WAFs, serverless resources at the edge and a vast array of applications, the picture becomes much more complicated. You end up with many disparate systems for security: hardware systems in the data center, virtual appliances from a variety of vendors and cloud providers with their own WAFs. Backhauling this diverse traffic to your security stack doesn’t make sense – it’s expensive and can create a poor user experience. To achieve consistent security across environments, you need to bring the security to the applications.
One approach is to use a content delivery network (CDN) that serves as an intermediary between your users and the various clouds or edge resources. But what about workloads that aren’t on the CDN, including in the data center? Deploying and managing security solutions for these applications adds complexity since different applications have different requirements. Applying the wrong rule set to an application is a recipe for triggering false positives, increasing the workload on already overworked SOC teams.
The Value of a Hybrid Model
What’s needed is a hybrid approach to security that offers the simplicity of centralized management while addressing the disparate security needs of today’s hybrid environments.
A hybrid security model provides the ability to deploy a variety of rule sets for specific applications while providing a single, centralized way to manage it all. This requires a solution that enforces security regardless of where an application resides, whether in the data center, the cloud or a serverless environment at the edge.
Three Key Steps: Identify, Secure and Simplify
So, how can you achieve this hybrid security model? The first step is to identify where all your applications live. Given the proliferation of applications in the typical enterprise environment, this can be a complex task. (Pro tip: check with Finance to see where the checks are being sent). But it’s critical to gain visibility of all application locations. Indeed, this cataloguing process can be eye-opening as you discover applications business units have deployed “under the radar.”
Once you know where all your applications are located, you now have the ability to seek out a security solution that can provide consistent protection and security management across all of those locations. Finding a solution that supports all locations — from data center to clouds to the edge — is crucial to achieve consistent security and centralized management.
The last step is narrowing the list down to solutions that make it easy to manage this hybrid security environment. Security that is difficult to enforce ends up not being used, so simplification is key. Using a managed service can make a lot of sense, especially if it offers the option of managing on-premise systems yourself, if that’s a priority, while maintaining a centralized view.
Eliminating Security Gaps
In today’s cyberthreat landscape, vulnerabilities live in the gaps. In a hybrid IT environment, those gaps can be created by inconsistencies in security. With cyberattacks increasing in volume and sophistication, eliminating security inconsistencies across your diverse infrastructure is essential.
Hybrid environments are here to stay and will only grow in diversity and complexity. Embracing a hybrid approach to security enables organizations to maintain consistent protection across all applications — no matter where they live — while providing the centralized, simplified control that makes it all manageable. That’s a rational response to meeting today’s cyberthreats while empowering security teams.
