Why Traditional Enterprise Security Fails in the Public Cloud

The public cloud has radically changed the way organisations develop and deploy information systems.  This rapid shift has unfortunately left many organisations with traditional security controls blindsided.  How did this happen, and what can be done?

The processes that underpin traditional enterprise security are built either directly around traditional tooling (e.g., NGFW and EDR use) or around their outputs (e.g., SOC utilising SIEM & SOAR).  When organisations first shifted their systems into the public cloud, they carried this tooling and processes with them.  With a bit of determination and support from vendors, solution architects were able to wedge this traditional tooling into the public cloud and get it functional.  This approach is more-or-less what became known as ‘hybrid-cloud’ and once these projects were completed, applications had the same level of security, regardless of if they were on-prem or in the cloud… at least, initially.

Over time, the way information systems were developed began to change and public cloud providers started offering services in support of this evolution.  Computing moved off virtual-servers and shifted from monolithic deployments to dynamic microservices.  Workloads became dynamic, utilising ephemeral containers deployed on-demand by orchestration tools (e.g., Kubernetes) or simply executed in the cloud ‘serverless’.  With this modern, application architecture, networking and endpoints are abstracted away.  Importantly, the network and endpoint security tooling that we know and love are also bypassed, along with the processes in security operations that rely on their output.

This disconnection between traditional enterprise security architecture and the modern public cloud leaves security teams in the dark.  It's not that modern public cloud architecture is insecure.  In fact, when ‘well architected’, it is very secure.  If you were to collate all the security principles and features of the public cloud and bundle them together, this would be what is generally referred to as ‘cloud native security’.  The problem that remains for security teams is how they can be sure information systems deployed in the cloud are securely configured and free from vulnerabilities?  This is where Cloud Native Application Protection Platforms (CNAPP) can help. 

Deploying CNAPP gives security teams a comprehensive view of their public cloud security.  Not only does this address the disconnect above, but when utilised effectively it enables security operations to work more proactively, efficiently and focus on priority issues.  However, that is a subject to be covered in another article. 

If cloud native security is something that you need help with, please get in touch with us via info@progresscyber.au.