The challenges of the public cloud for large enterprises

by Nati Hazut
Posted on Sep 25th, 2019

The enterprise IT network is less and less what it was a few years ago. The traditional IT network then was on-prem or in private clouds. Servers and other network components were protected by a firewall, and access was through a limited number of points. IT put together and managed the network, and controlled who had access. Security was multi-layered, involving a number of solutions and appliances, and was applied to a well-known threat model. The risks were limited or, at the very least, manageable.

This has all changed with the rapid adoption of public cloud networks by enterprises. The modern IT network is now moving to the public cloud. Instead of a single, well-protected network, it is a collection of many networks, some ad-hoc. There is no longer a perimeter surrounding the network. There are many access points to these networks. 

This change has brought with it new challenges, for management and for IT. Not the least among the challenges, there are new security risks. These networks are no longer created and managed only by IT, but now also by DevOps, QA, and others. Security is ignored and is often in conflict with their primary interests of getting environments up and running as quickly as possible.

IT and security teams find themselves struggling to keep up with the pace of this change. They are overwhelmed by the sheer size of cloud networks and resources and hampered by methods and tools that are not suited to networks of this nature, and which do not scale to the numbers of resources involved.

Authorization (permissions) misconfigurations are one of the new security risks and are behind a number of high-profile breaches of modern enterprise cloud networks.

Previous authorization models granted global rights to users across large parts of a network. Once connected to the network, much of the network was accessible. Access rights were set at very coarse levels, such as admin, user, and guest. With few access points, and with the presence of other defenses surrounding the network, whatever deficiencies this model had were covered, and there was a perception of a secure network. This was borne out by the relatively few incidents of a breach.

This model is collapsing today. Authorization misconfigurations are not covered by other defenses in a perimeter-less environment. User permissions are often set up for convenience, and quick access to resources, with little thought for security. Many resources are left exposed to simple hacks.

This leads to a lack of visibility for security teams, who struggle to keep up with business needs and the pace of change. The result – breaches, often of poorly protected cloud storage assets, revealing vast amounts of private information. The cost of these lapses is high, as the magnitude of some breaches becomes known.

Traditional models for securing networks, including authorization management, require new thinking and new tools for the modern corporate network. Yesterday’s solutions don’t work for the networks of today.

  • General