Note: This is the first in a six-part series on public cloud security. You can follow the entire series here.
When cloud was in its infancy and customers were beginning to understand the ramifications of the Shared Security Responsibility Model, firewall security seemed to be the perfect security solution. Next-generation firewalls and web application firewalls (WAFs) became the primary security mechanisms to protect web-facing applications and infrastructure run in the public cloud.
As organizations and developers increasingly embraced the cloud, it became apparent that firewalls were only part of the security story. ~ Rich TurnerClick To Tweet
As organizations migrated more workloads to the cloud, they also began developing native applications in Azure, AWS, GCP, and others. It quickly became apparent that firewalls were only part of the security story. While most could secure the perimeters, and some provided additional advanced security techniques (such as those available in Barracuda CloudGen Firewall products), other security lapses were beyond their control.
New categories of products quickly emerged to fill the void – or did they? CWPP, SIEM, CSPM – In today’s market, there is an almost bewildering “alphabet soup” of solutions that look beyond firewall and built-in protections to address security across the control, management and data planes. While the notion of a “plane” is really an antithesis to the cloud, where infrastructure consists of a vendor-managed network and numerous services, it is a useful way to visualize where security lapses continue to occur.
Our next blog post will review these planes and explain why it helps to keep them in mind when implementing cloud security and choosing among the alphabet soup of cloud protections.'While the notion of a “plane” is really an antithesis to the cloud, where infrastructure consists of a vendor-managed network and numerous services, it is a useful way to visualize where security lapses continue to occur.' - Rich TurnerClick To Tweet
Rich is the Director of Public Cloud Product Marketing at Barracuda. He joined the team as part of the acquisition of C2C Systems in 2014. Rich is one of Barracuda’s public cloud experts – he works directly with the cloud ecosystems and has been quoted in eBooks from Microsoft on public cloud security. He is also a frequent contributor to Barracuda’s own cloud blogs. For our cloud motions, he helps develop strategies and execution with our partners and sales teams.
You can email Rich at email@example.com.