Who is responsible for securing cloud services? It’s a question we asked in our recent State of the Firewall Survey. And the responses, as you can imagine, are split. About a third of the IT security pros we surveyed said it’s up to the IT/Cloud team. Some said the Security Engineering team (15.2%) and others thought it was up to the Security Operations group (17.5%). 20% said they weren’t sure or it didn’t apply to them.
With 90% of the individuals we surveyed stating that they had adopted or were planning to adopt a cloud solution, it’s a question that needs an answer…fast.
Cloud have speed and accessibility on their side. They allow organizations to quickly launch new services without spending millions on new IT infrastructure. For many, especially larger organizations, this runs counter to how they traditionally operate. But pressure from customers, who more and more are expecting on-demand services, is forcing enterprises to adapt, possibly more quickly than they feel comfortable. There are plenty of examples of rogue cloud services popping up on the network without authorization from anyone in the IT or security groups.
A recent research note from Gartner outlines the steps organizations can take to establish proper governance over cloud services. It’s well worth the read for anyone looking to adopt an IaaS or PaaS solution. While security governance is just a small piece of the puzzle, it’s certainly an important one.
For FireMon, we see the cloud no differently than any other networking technology. You want to monitor and control the rules that allow access to and within your cloud services just like you would an on-premises host. No matter who has responsibility, they need to have the right level of visibility into the security of the environment. This includes monitoring traffic behavior, changes to access and compliance status in real-time to ensure security is in lockstep with the deployment of cloud services, rather than lagging behind.
Here are three ways we’re providing that infrastructure-independent view to our customers:
Manage any firewall policy deployed in the cloud.FireMon manages firewall policies from leading firewall vendors, including Check Point, Palo Alto Networks, Cisco, Fortinet and Juniper Networks, that are deployed in a cloud environment such as Amazon Web Service (AWS) or Azure. Whether your firewall is located in a physical or virtual environment, you can connect a Security Manager data collectors to monitor the firewall security policies associated with it.
Manage cloud security infrastructure with the same visibility as on-premises.
Security Manager will manage native, embedded AWS security groups just like it manages policies for a traditional firewall.
Manage private cloud security infrastructure with the same visibility as on-premises.
Security Manager can manage native, embedded NSX distributed firewall policies (for example, virtual Palo Alto Networks virtual firewalls deployed in an NSX environment) as well as OpenStack embedded groups.