In recent years, enterprises have begun migrating their traditional Information Technology (IT) infrastructure to more cost-effective cloud technologies.
This trend is expected to continue to gain momentum in 2017. However, as enterprise network borders extend to the cloud, security protection becomes a difficult task due to open and complicated environments as well as scattered edge implementations.
It is no surprise that cloud-related security issues also increased last year, with new attacks and intrusions that specifically targeted the cloud. In parallel, enterprises increased their investments in cloud security in the hopes of preventing breaches. Although cloud complexity makes it difficult to reach a consensus for security best practices, advancements in cloud security have made technical progress. More effective security methods and products have recently been released.
This year, Huawei expects the following trends to merge for cloud security:
1. Third-Party Security Solutions Must Align with Services
Enterprise customers may use private, hybrid, and public clouds that contain heterogeneous environments including Internet-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Most IaaS cloud service providers offer security solutions, covering host, network, and storage security management. However, most IaaS service providers offer only standard security solutions, which cannot meet the demanding security requirements of enterprise customers.
Many third-party vendors can completely customize and adapt security solutions for specific industry customers. These solutions may include unified user authentication and identity access management that comply with enterprise business needs. Other options include unified security policies for IaaS, PaaS, and SaaS services, or security mechanisms that can be easily integrated into the overall existing security solutions.
2. Investment in SaaS Apps Requires New Solutions
Enterprises increasingly prefer SaaS services whose growth rate will eventually surpass IaaS. But for security and IT teams, it is quite difficult to manage SaaS. When customers use SaaS services provided by the public cloud, often security and IT teams are unaware of these services. To be specific, the teams lack knowledge of breaches, such as whether important data is leaked, or other infraction details like time, identity, or service interruption. For SaaS, Cloud Access Security Broker (CASB) offers an excellent solution that helps enterprise security and IT teams to control and manage such security risks. Crucial CASB functions — such as user behavior analysis, data leak prevention, and unified policy management tools — can thoroughly mitigate risks brought about by SaaS services. Thanks to these advantages, more enterprises will deploy CASB.
3. Machine Learning and Artificial Intelligence Protect Big Data Security Platforms
Network borders and host protection concepts, such those in the traditional IT architecture, do not fully apply to the cloud. Larger amounts of east-to-west and north-to-south traffic as well as centralized, large-scale data and Apps in the elastic network make the cloud a vastly complicated system. A lack of security posture awareness of the entire cloud pushes accurate security protection further away from adequate control.
In 2017, machine learning and Artificial Intelligence (AI) will continuously develop. This leads to a Big Data security platform based on up-to-date technologies that will be deployed in more cloud networks. This protection platform interworks with inevitable growth of Internet of Things (IoT) sensors that will widely rely on cloud-based monitoring systems to constantly collect and analyze data, but will need to detect threats within the cloud.
4. Design Security Mechanisms into IoT Development
Previously, security vulnerabilities were not fully considered in the design of the majority of IoT devices, including smart cameras, wearable devices, industrial sensors, and home intelligent devices. As a result, such devices served as unsuspecting attack springboards and resulted in several security intrusion incidents in 2016.
In 2017, numerous IoT devices with potential security risks still exist in networks, and more unsecured IoT devices will emerge. It is further predicted that related cloud Apps will face more severe threats: Larger-scale Distributed Denial of Service (DDoS) attacks will emerge; more viruses, Trojan horses, and Advanced Persistent Threats (APTs) will enter the cloud through unprotected IoT devices.
5. Prevent Ransomware from Intruding on Cloud Infrastructure
Unfortunately, ransomware attacks significantly increased in 2016; and, there is no evidence showing that these intrusive activities will decrease this year. In fact, such attacks will become more rampant: the targets will be the key cloud infrastructure with inroads that reach important data.
As ransomware itself forms a malicious business model, many victimized enterprises are willing to pay the ransom demands to get rid of the intrusion. Consequently, ransom success rate remains high. Meanwhile, preservation of an enterprise reputation prevents disclosure or information sharing of ransomware attacks, increasing the difficulties for security companies to locate or eliminate ransomware.
6. Automate the Biggest Weaknesses of Cloud Security
As cloud service providers place more emphasis on security protection, cloud infrastructure and services also will require better security measures to prevent vulnerabilities or compliance issues. Replacing human interaction with machine learning and AI detection capabilities will continue to trend as ways to eliminate vulnerabilities with cloud-based intrusions.
Furthermore, cloud technologies and Big Data protection require continual understanding of the shared responsibility of cloud security techniques, as well as constant development of specific security regulations to minimize risks.
Download Huawei Anti-DDoS Solution V-ISA Technical White PaperThe fast growing prosperity of cloud computing is accompanied by a surge in the provision of Internet as well as DDoS attacks and their variants. DDoS attacks are more prone to targeting the application layer especially WEB and DNS services, launched mainly out of malicious competition.Profitable online services are allegedly undergoing more and longer attacks, according to Huawei Cloud Security Center. This white paper will illustrate how Huawei V-ISA Reputation Mechanism enables Precise Defense against New DDoS Attacks.