Ways to secure your cloud Deployments (feat. Azure Demo from Microsoft)

Print Friendly, PDF & Email

CEO Satya Nadella outlined Microsoft’s compelling cybersecurity vision at a recent conference in Washington. Clearly, this is a very different Microsoft which takes security very seriously. We can attest to this firsthand based on our close partnership with Azure security and leadership teams which began almost two years back with the Barracuda Web Application Firewall Azure edition. Since then, we have added many additional offerings in the Azure ecosystem and we have a growing respect for their willingness, vision and diligence in working with us as one of their preferred security partners.

We are proud to be one of the leading security partners in the Azure ecosystem and it has shown results. The Barracuda Web Application Firewall was featured in the demo, right around the 35 minute mark:  http://news.microsoft.com/security2015/

The demo gave a glimpse of how the Azure Security Center automatically recommends the Barracuda Web Application Firewall based on gaps in security posture. From there, the presenter talks through how streamlined the deployment is and then goes on to show the security alerts dashboard (video grab below). Here the Barracuda Web Application Firewall has blocked and logged a SQL injection attempt directly into the Azure security center with rich details around the attacker and attacked web application.

At Barracuda, we strive to provide best-of-breed, cloud-connected solutions that facilitate cloud migrations by overcoming security roadblocks. More and more enterprises are deploying application workloads in the cloud – an IDG survey found that around 69% of organizations have at least one application in the cloud. Following are four high level guidelines to ensure a smooth and secure migration to public cloud.

Understand your security responsibilities and choose your cloud provider carefully

Security responsibilities in the cloud vary between the different types of clouds, but application security is almost always your responsibility, except for SaaS use cases (see figure below from the book Cloud Security and Privacy by Mather, Kumaraswamy, and Latif):

This is true even when the cloud infrastructure has security compliances like PCI. The applications and data that you put in the cloud are not and cannot be secured automatically by the cloud infrastructure and will require additional cloud-specific security solutions.

This makes it essential that organizations thoroughly asses if the security solutions available within a cloud will meet its specific needs before they make a cloud provider selection.  At a minimum, common security solutions like (next-gen) firewalls, IPS / IDS, VPN, application firewalls should be thoroughly investigated.

Prioritize cloud-integrated solutions over generic virtual images

Just like virtualization earlier, many security vendors have been slow to move to the cloud. Even when they have done so, sometimes the solution is just a virtual machine image counterpart of their physical appliance that can be deployed in an IaaS cloud. Choosing such a solution could be a costly mistake.

Organizations should seek solutions that facilitate the core cloud paradigms and integrate smoothly with cloud based services. This includes things like:

  • Integration with the cloud infrastructure layer, e.g. dynamically scale up or out (vertically or horizontally), auto scaling, integrating with the cloud metrics and statistics system, etc.
  • Integration with cloud identity layer like Azure AD, etc.
  • Integrating with the cloud reporting, alerting, security event management layers

Barracuda has been striving hard to bake our solutions fully into the cloud and not just pay lip service to cloud migration. The demo above shows this in action.

 Seek portable solutions with centralized management consoles for a dispersed environment

According to Gartner, nearly 50% of the enterprises will have hybrid clouds – a mix of private and public clouds – by the end of 2017. This makes it important that security solutions you select today can be moved around freely in such environments. Further, when you have such solutions dispersed across clouds, a centralized, single pane of glass management console becomes indispensable for streamlining management, maintenance and applying updates. It also provides immediate insights into your security posture across your entire dispersed infrastructure in real time.

Barracuda addresses the first of these with our virtual license portability program. For the second requirement, all our security solutions can also be managed centrally from the Barracuda Appliance Control cloud based console, at no additional cost to customers.

 Prioritize vendors with demonstrated expertize in the cloud

Security solutions deployed in the cloud requires technical expertise above and beyond that of on-prem deployments. There are some best practices that carry over, but there are also entirely new ones that are specific only to the cloud. For example, capacity planning in the cloud differs greatly from on-prem deployments. When security solutions are fully integrated into the cloud, single points of failure disappear. The requirement for redundancy in on-prem scenario is automatically eliminated by elasticity in the cloud.

Barracuda has been the first or one of the first to offer security solutions in each of the major public clouds – AWS, Azure and VMWare vCloud. Barracuda Networks was the first Microsoft Azure Certified Security Solution Provider. The Microsoft Azure Certification assures that the Barracuda Solutions have been tested for readiness and compatibility with Microsoft Azure public cloud, Microsoft Cloud Platform hosted by service providers through the Cloud OS Network, and on-premises private cloud Windows Server Hyper-V deployments.

Visit our corporate website for more information on these Barracuda public cloud solutions:

 

Scroll to top
Tweet
Share
Share