As we count down the days to VMworld 2021, we’re excited to share our deep-dive blog series on secure access service edge (SASE): What it does, how it works, and what your enterprise needs to know to implement it successfully. We kick off with a couple quick overview blogs on cloud security and cloud networking. The series then rolls on, delivering a close look into how VMware SASE incorporates these practices to help IT teams reduce workloads, cut costs and ensure connectivity and security across the enterprise.
The global pandemic, and
associated surge in remote work, accelerated a massive move to the cloud.
What is cloud security?
Essentially, it’s the practice of safeguarding and protecting cloud
environments during the deployment and management of technologies and
operational standards.
Cloud security isn’t
radically different from on-premises security and uses a five-layered
technology approach, designed to protect users, devices, data, applications,
and the network.
Just as wearing multiple
layers of clothes shields you from cold temperatures, the same holds true for
cloud security: To boost your protection, add more layers.
How exactly does a
multi-layered approach help protect your enterprise? Here’s a quick checklist explainer
of the five layers:
Layer one:
Authentication and access control
Authentication and access controls help properly identify
users, match them to a proper set of resources, and control access based on
corporate policy.
These solutions combine individual components to grant or
restrict access, enforce IT policy, and establish a Zero Trust model that
aligns with established cloud security principles.
Layer
two: User behavior analytics and logging/reporting
As
the threat landscape continues to morph and expand, user behavior analytics monitors
user behavior patterns and applies algorithms, speeding the identification and
response to novel attacks.
Suspected
threat data is logged in central servers, where it can be mined to create
trending data and actionable insights to ward off future malicious acts.
Layer
three: Asset and data classification
Companies purchase and discard assets all the time. Only by
setting up an automated, formal process for tracking and securing these assets
can IT teams satisfy corporate directives and government mandates.
Four key questions must be answered, including:
What
assets does the company possess?
Where
are the assets located?
Why
are the assets important?
How
should the assets be classified and ranked?
Layer four: Configuration hardening
Configuration hardening focuses on ascertaining the state of
network environments — and securing them by decreasing or eliminating attack
vulnerabilities.
An
unhardened system represents easy prey for cybercriminals, enabling them to
perform data exfiltration and lateral movement within your cloud environment.
By hardening your system, you’re frustrating attackers by making them spend
more time on penetrating your network and forcing them to employ aggressive and
risky strategies, which may not evade detection.
Layer
five: Logical segmentation
Logical segmentation centers on separating the cloud
environment into distinct zones of trust to minimize an intrusion’s impact.
This empowers you with total control over traffic flows without modifying your
physical infrastructure.
Learn
more
For a closer look at this cloud security framework, check out the white paper Intro to SASE:Cloud Security Foundationhere.
Want to learn even more about cloud security? Register now for VMworld, which features almost 70 sessions, panels, hands-on labs, and keynotes related to SASE, cloud security and the emerging edge.
Be
sure to stay tuned for next week, where our blog series continues as we spotlight
cloud networking. See you there!
