Improving Hybrid Cloud Security

Introduction

Digital transformation and migration to the cloud is now inevitable for organizational success. Gone are the days of legacy services storing data on-premises. More and more businesses are moving their applications and data to the cloud to allow for a better overall user experience. As organizations shift towards a hybrid cloud infrastructure, IT teams are predictably going to face issues of accessibility, latency, scalability, data breaches and much more.

Cybersecurity has always been needed to maintain the efficacy of the IT infrastructure. However, movement of critical enterprise data to hybrid cloud environments has only pushed cloud security to the forefront for SecOps and NetSecOps teams. As digital transformation necessitates enterprise data migration to the cloud, there increasingly becomes a need to make sure these cloud users, data and workloads, are secure. With cyberattacks increasing in frequency and money demanded reaching all-time highs, businesses need to do everything they can to protect their brand, stakeholders, enterprise data and future interests. Security in the cloud is essential for enterprise success as IT must operate continuously and flawlessly. Let’s dig into the details.

As we wrap up the year, just looking at some of the statistics on cyberattacks is staggering1:

  1. In 2020, the average business cost of a cyberattack was $3.86 million and it took over 200 days to detect a breach
  2. Cyberattacks were projected to hit $6 trillion in annual loss in 2021 which has doubled since 2015
  3. Average costs for ransom with a ransomware attack increased in last 3 years from $5,000 to around $200,000
  4. Estimates suggest in 2021 a ransomware attack took place every 11 seconds
  5. Nearly one in 6,000 emails contain a suspicious link potentially related to ransomware

This is just a sample of the issues businesses face and while some have the tendency to downplay the possibility of ransomware attacks (i.e. “it will never happen to us”), the last thing any company wants is shutting down and being held hostage for extortion due to their lackadaisical approach for cloud security. In the business of thievery, cyberattacks are real, growing and a brooding threat that needs to be taken seriously. SecOps teams need actionable data and visibility to maintain security as organizations complete this digital transformation of moving workloads and projects to the cloud.

Importance of Network Visibility  

Observability in the cloud to manage service experience and securing applications and data in the cloud depends on network visibility and is not a given, it must be acquired. Just like the rest of the IT infrastructure, you need to plan, architect, implement, and manage a network visibility blueprint almost as–a-service. This enables the agility you need to roll out new services, migrate existing ones, and assure secure and ideal experiences. A cloud solution for assuring services and guarding against cyberattacks is based on solid network visibility and intelligence so there is no time wasted to get to the root cause. The solution should be modular, simple, scalable and cost-effective.

NDR in the Cloud

Cyberthreats are intended specifically to skirt around traditional security tools used to identify malicious online activity. In the past, the strategy would be to evade network/firewall/server logs, or SIEM systems that happen to centralize network visibility. However, the problem with conventional methods is that cyberattackers are becoming more skilled at bypassing these systems. Cybercriminals understand what to look for and plan accordingly to launch their threats.  

Ultimately, the strength of an organization’s security posture depends on the quality of the network data its tools receive as packet capture must be continuous and cover everything across the cloud infrastructure. The stronger quality of network data, the stronger the cybersecurity posture and better chance enterprises have to thwart cyberattacks. The data is then recorded and stored for forensic analysis to identify patterns used to anticipate and stop future threats. Capturing and analyzing this network data is essential to understand how cyberattackers think. In order for enterprise networks to be secure, SecOps and ITOps teams have to think from the perspective of the criminals’ minds to develop a data protection strategy for customer data and the organization.

The use of Network Detection and Response (NDR) in the cloud is not easily detectable. The best part about using NDR capabilities is attackers are likely unaware how their every activity is stealthily being monitored. Furthermore, other widely used NDR platforms enable decryption of encrypted packets to get that holistic network visibility so cybercriminals cannot mask facetious online threats. NDR in the cloud also streamlines processes for IT teams because it automatically collects data for forensic purposes, eliminates the need for using additional resources or programs to do it. 

NDR platforms usually work well across any network architecture including private networks public clouds and hybrid cloud environments. NDR provides for cross-team collaboration from an AIOps perspective allowing for an uncompromised network, while saving on costs through tool consolidation. Without proper NDR in the cloud across the business network, there is a greater risk for undetected breaches.

Different Methods for Protecting Data in the Cloud

Every organization is different and how they go about protecting their cloud infrastructure is purely up to them. NDR is a newer foundation piece for cloud security. Here are additional tips that can help securing your cloud environment:

  • Agent vs Agentless – A monitoring solution that uses agents must be deployed inside the application, exposing parts of the workload while increasing security risks. An agent-less solution monitors traffic between VPCs or packets going in and out of cloud apps
  • Network Speeds – As companies upgrade networks, they outpace speeds of packet ingestion. Sending packets at 100Gbps to NDR in the cloud that can only process at 50Gbps results in dropped packets, creating same blind spots with incomplete data
  • Elasticity Scalability – Being in the cloud is all about scaling with ease and adding VPCs as needed. IT Teams should create or remove new monitoring subnets or new virtual packet broker instances as quickly as VPCs are added
  • High-low Traffic Volume – Virtual packet brokers must handle the highest possible load in and out of cloud environments

cPacket provides comprehensive network visibility through a series of Network Detection and Response (NDR) tools. The cPacket cCloud Visibility Suite as part of cPacket Intelligent Observability Platform provides a range of packet-data-based cloud-native services giving always-on network intelligence for the Security Operations Center (SoC). The agentless cCloud solution has advanced processing features including filtering, traffic aggregation, and load balancing to pre-process and deliver accurate packet data in real-time to security, performance, analytics, and AIOps solutions, simplifying the overall network monitoring topology. The cCloud  solution also captures the packet data to cloud storage for compliance, stateful application analysis, forensics, and incident response.

Conclusion

Network visibility gives complete access to network packet data, directly improving hybrid cloud security, as well as organizational efficiency. At the same time, not having that visibility leaves holes in the cloud infrastructure, giving cyberattackers indirect opportunities to compromise the networks. This holistic approach to hybrid cloud security ensures packet visibility for data in the public cloud, giving security teams the confidence they need knowing their workloads and data in the cloud is constantly safeguarded, 24/7. The benefits are reduced risk and increased IT operational efficiency through service agility, experience assurance, traffic mirroring, forensics for incident response, and transaction velocity for enterprises.

  1. Fox, Jacob. “Cybersecurity Statistics for 2021: Cobalt Blog.” Cobalt, Cobalt, 28 Feb. 2021, https://cobalt.io/blog/cybersecurity-statistics-2021.