Yesterday we talked about the first of these three security models:
- On-premises only
- Cloud only
- Hybrid on-premises and cloud
Today we'll look at security models that are based completely on cloud solutions.
Put simply, this model applies primarily to organizations that have migrated all IT capabilities to the cloud. The organization likely employs endpoint protection, but there is no perimeter, application, or data security on the premises. This model works well for companies that have a highly distributed workforce and are heavily invested in cloud-based workloads and SaaS.
We've talked at length about shared responsibility, which is the security model used by public cloud providers. Shared responsibility isn't the topic of this post, but it's unavoidable in a conversation about cloud-based security. This concept refers to the fact that the cloud provider shares the security responsibility with the customer. The provider secures the cloud infrastructure, such as the physical data centers, the underlying servers and connectivity, and the services that belong to the provider. Your responsibility as a customer is to secure what you bring to the cloud: applications, data, connectivity, and anything else. Whatever you decide to put in the cloud has to be secured by you.
One of the misconceptions about cloud-based security is that the customer can take a hands-off approach. Even when using hosted services like Barracuda Essentials for Email Security or public cloud solutions like the Barracuda NextGen Firewall for AWS, administrators have to stay hands-on in their security posture. Are there any gaps in deployments? Does the reporting show any trouble spots? These questions are similar to the questions you'd ask of your on-premises solutions, and that's the point. The cloud brings you benefits of scalability, HA, faster response times, flexible perimeter protection, bandwidth optimization, better ROI, and more. But it does not bring you a “hands-off” security deployment.
A “hands-on” approach doesn't have to be difficult, though. It's much easier to manage cloud deployments if you have deployed central management and can access everything through a single pane of glass. Barracuda solutions offer this through Barracuda Cloud Control, which provides access to hosted services, appliances, public cloud deployments, tech support, licensing information, a support forum, and more. Barracuda public cloud solutions are also engineered specifically for the public cloud platforms and offer flexibility in licensing so that you can control your expenses in the way that works best for you. The Barracuda Cloud Ready Program also allows you to try our public cloud solutions free for 90 days so that you can practice your migrations and deployments before you make a move.
Another consideration of cloud-only deployments is that of availability. Mission-critical workloads usually have to be available 100% of the time. If your Internet connection isn't reliable in terms of uptime or performance, that connection will have to be replaced or augmented with another. When connectivity has to extend to branch locations and microsites, SD-WAN capabilities can help manage the connectivity between those sites and the cloud. The Barracuda NextGen Firewall provides SD-WAN technologies that perform load balancing, encrypted VPNs, and WAN optimization technologies. These capabilities help offset some of the costs of connectivity and high-quality lines.
Take a look at this white paper for more details on cloud-only security pattern, as well as other considerations for cloud v on-premises security. You can download the paper or read it in full below:Osterman_Research_ Deploying_Managing_Security_Cloud
Tomorrow we will cover the hybrid security model.
The Osterman Research White Paper, Deploying and Managing Security in the Cloud, was first published here.
The Barracuda Cloud Ready Program is here, and our public cloud solutions are here: