The new ‘oil’ of our generation is data. This data isn’t benign, it’s extremely valuable, and it’s also a big target. However, to support growing data, application, and digital requirements, leaders in the tech and business space are turning to cloud for improved scalability, performance and user experience. Today, organizations are deploying more cloud platforms to support an ever-growing distributed user-base.
DDoS ATTACKS
Let’s start here – Over the past few years, there have been more DDoS attacks against more IT infrastructures all over the world. These attacks have evolved from simple, volumetric attacks to something much more sophisticated. Basically, these attacks are downright vicious against our networks.
Now, attackers are using application-layer and HTTP attacks against certain targets within an organization. Consider this, DDoS attacks are larger than ever before. Arbor Networks 13th annual Worldwide Infrastructure Security Report illustrates this point very clearly:
- The largest attack reported by a service provider was 600 Gbps. Ten years ago, the largest attack was 8 Gbps.
- Complex, multi-vector attacks are experienced by 59 percent of service providers.
- Demand for managed DDoS mitigation services is strong across the board. The top five verticals requesting managed services are financial, government, cloud/hosting, e-commerce and education.
Remember, service providers aren’t the only target. Even though Arbor reported that the largest attack against a service provider was 600 Gbps; some enterprises aren’t as lucky when they become direct targets. Just about a year ago, in 2018, 1.35 terabits per second of traffic hit the developer platform GitHub. All at once. This was the most powerful distributed denial of service attack ever recorded to date.
It’s important to point out that it’s not just DDoS. Although you should be working with a partner that can mitigate a DDoS attack, cloud security goes beyond link saturation and denial of services. You also need to worry about the physical aspect of securing your cloud and ensuring data security.
SAFELY SECURING YOUR CRITICAL APPLICATIONS
CLOUD & VM-LEVEL SECURITY
Other tools allow you to inject solutions like software-defined network (SDN) and network functions virtualization (NFV) right into your cloud ecosystem. These tools help you segment networks, insert virtual network security monitors, and incorporate significantly better reporting and alerting tools. This is where you start to get into the proactive nature of cloud security. That is, these solutions can actually scan for malicious behavior and adjust your network accordingly.
This holds true for DDoS attacks and link saturation. It’s important to note that DDoS attacks have only become more ferocious as they target more systems and grow in size. Working with a good cloud and data center partner means having additional bandwidth should an attack occur. From there, incorporating good security tools deep into your application and virtualization layer will help secure core data points.
CLOUD MEANS MULTI-TENANCY, SERVICES, USER EXPERIENCES & MANAGEMENT
Need to isolate your data for data locality purposes? Work with a partner and system that can support this initiative and help geofence entire data sets and applications. Or, maybe you’re working with governance, risk, and compliance. In this case, it’s absolutely critical to leverage solutions that can help you stay compliant while still delivering a powerful solution. Challenge your partners and be sure to ask good questions to ensure both security and positive user experiences.
ENFORCING COMPLIANCE & SECURITY FOR YOUR CLOUD
Here’s another example. Others in the online or retail space have created powerful e-commerce gateway platforms for PCI-compliant workloads. In these cases, you can isolate the flow of data, create payment and processing gateways, and even ensure that data only flows within specific regions as needed. This is a great way to offload processing to a cloud or data center partner while still staying agile and compliant.
Compliance aside, your security model should not complicate the way you manage cloud and your data center. In fact, good partners will actually help you design around simplicity and security. Most of all, they design around user experience. This means working with advanced solutions that support virtualization, new types of applications, working with new data-driven solutions, and much more. When it comes to cloud security and user experience, it doesn’t have to be either one or the other. New designs now allow you to have the best of both worlds.
NEVER FORGET THE PHYSICAL ASPECT OF CLOUD SECURITY
Again, threats against cloud and data center operators are only getting more advanced, persistent, and targeted. In the latest AFCOM State of the Data Center report we saw the top 5 infrastructure threats facing today’s data center. This includes:
- Ransomware: 56%
- Outside threats (human): 48%
- Advanced Persistent Threats (Theft of IT and/or company data): 44%
- Inside threats (human): 42%
- Loss of PII (personally identifiable information): 40%
When it comes to deploying a cloud, your strategy really does need to be holistic. That is, be sure to look at all security design aspects as you architect your own cloud model. This may even mean hiring a security team to do things like pen and vulnerability testing.
Cloud security doesn’t have to be complicated. In fact, a good partner will actually help guide the design to simplify management while still helping the organization grow. Security solutions can now be deeply integrated into the visualization, cloud, and even physical layers. All of this translates to better user experiences, simplified and centralized management, and greater capabilities to respond proactively to evolving threats.
Ultimately, a good design also gets you user and customer confidence. Remember, mitigating risk not only helps with brand image and your stance in the market, it will absolutely help your organization leverage more cloud options in a digitally-connected world.