Securing the everywhere cloud

Print Friendly, PDF & Email

Amazon Web Services (AWS) during the recent AWS re:Invent conference has begun promulgating the idea that IT organizations should start thinking about deploying the “Everywhere Cloud” as application workloads become more distributed than ever. AWS CTO Werner Vogels told conference attendees that the Everywhere Cloud will make it simpler for organizations to centrally secure and manage a highly distributed computing environment that now spans the entire globe.

Not surprisingly, AWS is making a case for securely deploying those workloads on platforms it manages. The argument is that the AWS cloud is more secure than any on-premises IT environment that an internal IT team might be able to build and maintain themselves. Within the context of the AWS cloud that’s a true statement. However, it’s also beside the point. The trouble with cloud security has nothing to do with the underlying platform. The core issue has to do with how organizations now routinely allow developers with little to no security expertise to configure cloud infrastructure using tools such as Terraform. Almost inevitably, developers using those tools will make a configuration mistake that, for example, leaves a port open through which data can be easily exfiltrated.

Like all other cloud service providers, AWS advocates a shared responsibility model for securing cloud environments. It’s up to the organizations deploying applications on a cloud computing platform to secure them. No matter how secure the underlying platform is there are plenty of opportunities for organizations to make mistakes.

Security, of course, becomes more challenging to attain and maintain when employing multiple clouds. Organizations today are not only deploying applications on multiple clouds they are also connecting a wide range of application workloads running in local data centers and at the network edge to those cloud environments. In effect, the attack surface that needs to be secured continues to exponentially expand as the so-called Everywhere Cloud continues to expand.

Obviously, it will be easier to achieve that goal if organizations are able to standardize on a single cloud platform. The number of organizations that are likely to be able to maintain that level of cloud discipline is few. The bulk of security teams like it or not are going to be required to support development teams that will routinely deploy workloads on multiple cloud platforms depending on the performance requirements of their application workloads. That means security teams need to find a way to enforce a common set of security policies across a cloud computing environment made up of a wide range of diverse platforms.

There are already multiple approaches that enable cybersecurity teams to accomplish that goal. The bar that security teams are being required to meet, however, is that whatever approach they employ to secure application can not slow down the rate at which applications are being built and deployed. The hope is that the adoption of best DevSecOps practices will resolve that issue, but it will take years to both train developers and to add, for example, code inspection tools to the platforms they currently use to build applications. In the meantime, the onus for making sure cloud applications are secure will continue to fall on security teams that will find themselves being stretched even thinner by the Everywhere Cloud than they already are.

Scroll to top