Light Dark
February 16, 2021 By Mike Elgan 3 min read
Cloud Security
Network
Security Services

Firewall services, cloud network protection tools and other IT defense staples are seeing a lot of changes in 2021. IT landscapes are growing more complex, as are the defense systems that protect them. Remote work is common, and more work is moving to the cloud. Companies of all sizes will be looking to streamline digital defense. What current tools or soon-to-be rolled out methods should they be keeping an eye on to do it? 

Five major changes are relevant today. Take a look at hybrid work environments, the way cloud landscapes are handled between the enterprise users and the providers, automation, centralization and next-gen firewalls. 

Changing to Hybrid Cloud Network Protection

Most employers now embrace a hybrid work model (some employees in the office, some working from home), a hybrid IT infrastructure (some on premises, some in the cloud) and a hybrid cloud model (some public cloud, some private).

And, this quick shift to remote work and the cloud in 2020 led to new openings for attacks. Part of this resulted from increased reliance on the cloud. Other openings came from an increase in the use of cloud-based services — often without an increase in budgets. 

“Moving to cloud without a cloud strategy results in ad hoc adoption patterns, resulting in higher costs, disjointed management, security vulnerabilities and overall dissatisfaction with cloud outcomes,” says Raj Bala, a senior research director at Gartner

Meanwhile, the shift to remote work increased the attack surface. Workspaces moved to insecure locations and unapproved insecure equipment and networks. Employees are also taking a much larger role in their own protection — and the defense of your business. Threat actors are going wild seeking ways to exploit all these systems now beyond the direct control and protection of defense staff.

Adding to the challenge are some problems inside the house: an ongoing skills shortage and the need for more specialized roles. 

What the Cloud Brings

While the quick adoption of cloud services can be challenging, it’s also a chance to improve security in key ways. By making your operations less complex, you can reduce the need for extremely specialized roles, lower costs and be safer at the same time. 

AWS shared responsibility model brings clarity to the assignment of cloud defense jobs. While Amazon takes responsibility for the protection of the cloud itself (including physical objects), entities that use AWS are in charge of defense inside the cloud. For example, they are in charge of the maintenance and defense of guest operation systems and other software. The secure configuration of the AWS Network Firewall also belongs to the client entity in this case.

Take patching as an example. Amazon is responsible for patching the software that runs the cloud infrastructure. Meanwhile, the customer is on the hook for patching the OS and app software they install on AWS. App protection is all on the cloud customer. That’s also why smart security analytics that enables you to rapidly spot threats are a must.

Posture Management and Automation

Cloud Security Posture Management (CSPM) has also gained new urgency in the remote-work world. CSPM enables you to add some automation to the monitoring and fixing of some defense issues. For example, it can spot networks configured poorly, spot where permissions need to be restricted and see policy violations and other potential risks. And, it can serve as a huge boon when complying with national rules.

Firewall Services of the Future

Fragmented and hybrid clouds call for advancements in firewalls, too. Future firewall services currently in production will address the continued rise in on-site Internet of things (IoT), and also the ongoing trend of moving mission-critical apps to the cloud.

Some believe firewalls will become obsolete; the opposite is true.

The role of firewalls and firewall services will be huge in the future where most work is done remotely and on the cloud. Web application firewalls (WAF) can protect application programming interfaces, mobile apps and other resources from distributed-denial-of-service attacks, bots and other attacks. They do this by watching for strange activity, logging events and sending alerts or making changes to stop threats for online apps, including those in the cloud. 

Future WAFs will integrate artificial intelligence (AI) — machine learning, to be more precise — to reduce false positives through the use of statistical models to predict the likelihood that any specific event is malicious. AI will also be able to offload work from staff by checking logs and handling some configuration. 

Firewall Services and More for a Cloudy Future

The work-from-home future happened sooner than anyone expected. We now live in a hybrid work, hybrid IT and hybrid cloud world. Because of this, we need to deal with defense, make our jobs simpler and address the skills shortage with the same discipline with which we moved from the office to home. Providers are offering new ways to do this, with built-in defense offerings. They now have increased insight into and can better discover hidden threats in the cloud. 

With these, you can take charge of cloud defense. Remember, use automation and AI wherever possible. Follow best practices like the AWS cloud transformation maturity model. Keep up-to-date with today’s firewall services. In addition, practice the AWS security maturity assessment now and on a regular basis going forward.

Embrace the hybrid everything world we live in, and seize the chance to simplify and automate. 

 |  |  |  |  | 
Mike Elgan

More from Cloud Security
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 4, 2024

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature