Security management and business orchestration of
hybrid cloud
The trend of going to the cloud is irreversible. Large companies originally deployed private clouds. When they continue to use public clouds, in order to ensure business interoperability in the two environments, hybrid cloud solutions are bound to be considered. At this time, whether the security platform supports the deployment of hybrid clouds and whether the security policies in different environments can be consistent are all issues that need to be solved by cloud security vendors.
In this section, the innovation sandbox finalist company ShieldX (also Gartner's 2017 Cool Vendor) provides a hybrid cloud-oriented security platform, and provides orchestrated security functions, covering such as malware detection, DLP, access control, micro-segmentation, etc. In addition, it is compatible with third-party security vendors and provides more security features.
PaaS: Moving to CaaS Security/DevSecOps
The current PaaS application platform has shifted to a platform based on container technology. Containers have become a new virtualization technology. In addition, container orchestration is also a supporting technology for implementing complex functions. However, whether the container itself is in terms of computing, storage, or network, it needs to evaluate its security in advance.
DevOps has become a standard term for agile development. Embedding security into the entire life cycle of DevOps is called DevSecOps. This technology is listed by Gartner as one of the top ten new technologies in 2017. In this year's Sandbox, Layered Insight, a company that injects security agents into the container image, realizes the built-in security functions without perceiving developers and operators. In addition, this innovation sandbox finalist company StackRox supports the implementation of DevSecOps in common shared container clouds or container environments.
Key issues of
cloud security: business system security
As an infrastructure, cloud computing carries a variety of business systems, and the security of business systems is a priority for cloud computing security.
For example, the 2017 innovation sandbox finalist company VeriFlow provides a traffic visualization solution in a hybrid cloud environment, allowing administrators to clearly understand the traffic situation in the entire environment and fine-grained control of network traffic.
McAfee's virtualized cloud security platform can monitor the traffic in the network and extract the metadata in the traffic. After correlation analysis, the network flow can be mapped to user behavior, and then the suspicious behavior of network users can be analyzed according to the business model. The network-side user behavior analysis (UEBA) in the cloud computing environment.
Cloud security business actualization problem: lack of visibility
North America is already considering the real problems encountered in the cloud computing environment, such as internal malicious attackers stealing data in the VPC or disrupting normal services in the cloud; or attackers using sudden security vulnerabilities to sweep external applications and implement the next step attack. How to deal with fast-acting attackers, IBM Resillent System, Splunk Phantom (a 2016 innovation sandbox award-winning company) achieve closed-loop, agile and flexible services through incident handling sheets or automated scripts, quickly isolate attackers, and restore the system to normal status.
With the increasing use of cloud computing systems, users have also begun to consider the safe handling process in the cloud, but the challenge is also obvious: the lack of visibility (Visibility) makes it difficult to check or troubleshoot.
Emergency response process in the cloud
David Shackleford from SAN introduced how to conduct emergency response in "Incident Response in the Cloud". The entire process follows NIST 800-61R2, including preparation, detection and analysis, response, and post-event actions.
Preparation Phase
It is necessary to collect enough information and understand the CSP's disposal process, so as to know the user's disposal process. And establish a log collection mechanism, some CSPs provide this mechanism, such as AWS's CloudTrail service, but some CSPs do not;
Detection and analysis phase
Look for anomalies from various logs (logs provided by CSP, login logs, cloud service metrics (CloudWatch), etc.), such as active abnormal users, effective new resources, cross-regional activities, etc.;
Response phase
It mainly includes isolation and recovery, and the ThreatResponse suite can be used to respond on AWS.
Action afterwards
After recovery, continue to assess whether there are still risks, so as to form a closed loop of emergency response.
Horizontal and vertical development of cloud computing security
In short, there are two dimensions in the development of cloud computing security:
Horizontally, expand from traditional IaaS, PaaS and SaaS security to container (CaaS) security and DevSecOps;
Vertically, from traditional compliance requirements to result-oriented emergency response, UEBA and NTA, accelerate the application and development of these new technologies in the cloud environment.
