As we count down the days to VMworld 2021, we’re excited to share our deep-dive blog series on secure access service edge (SASE): What it does, how it works, and what your enterprise needs to know to implement it successfully. We kick off with a couple quick overview blogs on cloud security and cloud networking. The series then rolls on, delivering a close look into how VMware SASE incorporates these practices to help IT teams reduce workloads, cut costs and ensure connectivity and security across the enterprise.
The global pandemic, and associated surge in remote work, accelerated a massive move to the cloud.
In fact, cloud-first organizations currently dwarf the number on-premise enterprises by a ratio of three-to-one and recently reported a 200% increase in plans to relocate over 75% of their apps and workloads to the cloud.
While companies have doubled down on cloud adoption, cloud security remains an issue — and 44% of IT teams are concerned their security systems cannot safely secure remote work.
What is cloud security? Essentially, it’s the practice of safeguarding and protecting cloud environments during the deployment and management of technologies and operational standards.
Cloud security isn’t radically different from on-premises security and uses a five-layered technology approach, designed to protect users, devices, data, applications, and the network.
Just as wearing multiple layers of clothes shields you from cold temperatures, the same holds true for cloud security: To boost your protection, add more layers.
How exactly does a multi-layered approach help protect your enterprise? Here’s a quick checklist explainer of the five layers:
Layer one: Authentication and access control
Authentication and access controls help properly identify users, match them to a proper set of resources, and control access based on corporate policy.
These solutions combine individual components to grant or restrict access, enforce IT policy, and establish a Zero Trust model that aligns with established cloud security principles.
Layer two: User behavior analytics and logging/reporting
As the threat landscape continues to morph and expand, user behavior analytics monitors user behavior patterns and applies algorithms, speeding the identification and response to novel attacks.
Suspected threat data is logged in central servers, where it can be mined to create trending data and actionable insights to ward off future malicious acts.
Layer three: Asset and data classification
Companies purchase and discard assets all the time. Only by setting up an automated, formal process for tracking and securing these assets can IT teams satisfy corporate directives and government mandates.
Four key questions must be answered, including:
- What assets does the company possess?
- Where are the assets located?
- Why are the assets important?
- How should the assets be classified and ranked?
Layer four: Configuration hardening
Configuration hardening focuses on ascertaining the state of network environments — and securing them by decreasing or eliminating attack vulnerabilities.
An unhardened system represents easy prey for cybercriminals, enabling them to perform data exfiltration and lateral movement within your cloud environment. By hardening your system, you’re frustrating attackers by making them spend more time on penetrating your network and forcing them to employ aggressive and risky strategies, which may not evade detection.
Layer five: Logical segmentation
Logical segmentation centers on separating the cloud environment into distinct zones of trust to minimize an intrusion’s impact. This empowers you with total control over traffic flows without modifying your physical infrastructure.
- For a closer look at this cloud security framework, check out the white paper Intro to SASE: Cloud Security Foundation here.
- Want to learn even more about cloud security? Register now for VMworld, which features almost 70 sessions, panels, hands-on labs, and keynotes related to SASE, cloud security and the emerging edge.
Be sure to stay tuned for next week, where our blog series continues as we spotlight cloud networking. See you there!