Download as PDF, PPTX
Uploaded byAlgoSec
best practices-managing_security_in_the hybrid cloud
Managing security in hybrid cloud environments is complex due to multiple security vendors, controls, stakeholders, and environments spanning on-premises, private clouds, and public clouds. The document outlines six best practices for tighter hybrid cloud security: 1) use next-generation firewalls in the cloud, 2) use dynamic objects to configure firewalls, 3) gain visibility over the entire hybrid network, 4) evaluate and remediate risk across the hybrid network path, 5) cleanup cloud security policies, and 6) maintain infrastructure-as-code security as part of the cloud change pipeline. Adopting these practices can help organizations securely manage networks spanning multiple cloud and on-premises components.
More Related Content
Similar to best practices-managing_security_in_the hybrid cloud
best practices-managing_security_in_the hybrid cloud
- 1. 6 BEST PRACTICESFOR Managing Security in the Hybrid Cloud Omer Ganot Cloud Security PM, AlgoSec
- 2. • Most organizationsare hybrid • Managing hybrid network security is complex • Network security is key for protecting your workloads • Follow the best practices to stay secure in the hybrid network 2 | Confidential INTRODUCTION
- 3. AGENDA Complexities of movingto the cloud 1 2 3 6 best practices for tighter hybrid cloud security Q&A 3 | Confidential
- 4. % OF WORKLOADSRUNNING IN THE PUBLIC CLOUD IN PRODUCTION 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% 1-20% 21-40% 41%-60% 61%-80% 81%-100% 2019 2021 • Cloud adoption is accelerating • 53% of respondents have over 40% of their workloads in the cloud • Almost 30% have over 60% in the cloud Source: CSA State of the cloud survey 2021
- 5. MANAGING SECURITY INA HYBRID ENVIRONMENT IS COMPLEX Multiple Security Vendors and Controls 3rd party on-prem Security Vendor Products Cloud Infra Security Controls Security Products by Cloud Providers and 3rd party Multiple Stakeholders CISO IT / Network Security Cloud Teams Security Operations Application Developers / DevOps 5 Multiple Environments Multi Cloud Private Clouds On-Premises
- 6. 1 USE NGFWS INTHE CLOUD
- 7. WHY YOU SHOULDUSE NGFWS IN THE CLOUD • Cloud providers’ native network security controls are not sufficient • Next-Generation Firewalls are essential for securing the cloud • Providing L3-L7 protection 7 | Confidential
- 8. FOLLOW THE VENDORBEST PRACTICES TO CHOOSE THE IDEAL DEPLOYMENT METHOD FOR THE CHOSEN NGFW 8 | Confidential Source: Check Point Source: Microsoft
- 9.
- 10. WHY YOU SHOULDUSE DYNAMIC OBJECTS • Configuration of traditional firewalls in the cloud is different than on premises • Use dynamic objects in NGFWs to match cloud assets using cloud-native categories 10 | Confidential
- 11. DYNAMIC OBJECTS -EXAMPLE 11 | Confidential Source: Palo Alto Networks
- 12. 3 GAIN VISIBILITY OVER YOURENTIRE HYBRID NETWORK
- 13. GAIN VISIBILITY OVERYOUR ENTIRE HYBRID NETWORK • You can’t protect what you can’t see • Evaluate security in your cloud services AND in the path from the internet and data center clients • Get a single, unified view for both network and security elements: • Public cloud (in many cases multi-cloud) • On-prem data center • Private cloud 13 | Confidential
- 14. Native Cloud SecurityControls (Security Groups/NACL/NSG) Virtual appliance in the cloud Traditional FW Virtual appliance in the SDN fabric Private cloud SDN – distributed FW GAIN VISIBILITY OVER YOUR ENTIRE HYBRID NETWORK 14
- 15. 4 EVALUATE AND REMEDIATERISK ON THE ENTIRE HYBRID NETWORK PATH
- 16. EVALUATE & REMEDIATERISK ON THE ENTIRE HYBRID NETWORK PATH Keeping up with risk and compliance is hard • Identifying risk across the entire hybrid network • Remediating risk across different controls • Keeping up with internal and regulatory compliance standards 16 | Confidential With AlgoSec, you can identify risky security policies, along with rich data such as affected assets and rule usage
- 17. 17 | Confidential EVALUATE& REMEDIATE RISK ON THE ENTIRE HYBRID NETWORK PATH
- 18. 18 | Confidential EVALUATE& REMEDIATE RISK ON THE ENTIRE HYBRID NETWORK PATH
- 19.
- 20. CLEANUP CLOUD POLICIES •Cloud security groups are constantly adjusted so they can rapidly bloat • SG limit is reached • It is hard to maintain • Becomes risky • Cloud SG cleanup • Must be accurate, based on validated and detailed flow log data • Refrain from application outage • Must be efficient 20 | Confidential
- 21. CLEANUP CLOUD POLICIES 21| Confidential
- 22. 6 DEVSECOPS: MAINTAIN IAC SECURITYAS PART OF THE CLOUD CHANGE PIPELINE
- 23. MAINTAIN IAC SECURITYIN THE CLOUD CHALLENGES • DevOps are mainly focused on business application infrastructure • DevOps trust the SecOps to find the security risks • SecOps have little control over cloud changes • DevOps work with specific tools which they like and are already natural for cloud • "Classic" DevOps-SecOps risk mitigation processes are too slow 23 | Confidential
- 24. MAINTAIN IAC SECURITYIN THE CLOUD- SOLUTION For existing risks • Run risk analysis and get detailed risk remediation recommendations • Implement risk remediation using DevOps native tools and processes Proactively, before a risk is introduced • Run what-if risk checks for cloud SG changes as part of code pull request • Tighten the change to eliminate risk and only then push to production 24 | Confidential
- 25. SUMMARY • Hybrid networksare complex and comprise of many different security controls • Maintaining security in hybrid networks is a challenge • Adopt best practices and use the relevant tools and processes to stay secure 25
- 26.
- 27.