With more and more enterprises adopting multicloud and hybrid strategies, the concept of a single, physical perimeter has essentially been eradicated. The new edge is constantly shifting with a mix of public cloud environments, on-premises hardware and virtual perimeters. The need to effectively secure this new infrastructure cannot be stressed enough.
A well-designed edge security strategy is the key to protecting these multicloud environments. Today’s most effective security applications and services are edge-based, away from the central network of core infrastructure. They can use compute power from the devices where they are accessed, as well as workloads on the nearest cloud server.
Let’s look at three of the most critical edge security controls: web application firewalls (WAFs), DDoS protection, and cloud access security brokers (CASBs).
Web application firewalls
Through rulesets, WAFs filter traffic between web apps and the internet. But for a WAF to be truly effective, location is of the utmost importance. Early WAF deployments (before the age of the cloud) were within an organization’s data center. This meant a threat or attack had to make it into the data center before being detected. By placing a cloud-based WAF at the edge of the network, issues can be thwarted before they reach the core infrastructure.
DDoS attacks continue to be a leading source of security incidents, according to the 2018 Verizon Data Breach Investigations Report, and they can be especially harmful in cloud-heavy environments. A disruption in network connectivity can disable critical cloud-based platforms.
By using DDoS protection with an edge network, attacks can be mitigated close to the end user without actually causing a break in service. And by combining DDoS protection with a cloud-based WAF (specifically with Layer 7 DDoS protection in mind), applications can be secured and attacks mitigated without the threats even making contact with the core infrastructure.
Cloud access security brokers
CASBs are another essential control for cloud security. They sit between users and cloud applications to monitor activity and ensure that security policies are being adhered to. Cloud-based services are easy to access and exist in just about every area of business, which has led to a massive uptick in the use of applications without approval and shadow IT. This can introduce a whole host of risks. CASB implementation gives IT and cybersecurity teams greater visibility into the cloud services being used within their organizations while also reporting on associated risks, applying security policies, and monitoring/detecting threats and malware.
Cloud computing requires a new way of thinking about network perimeters. The edge is now multi-dimensional and dynamic. It may seem like a daunting task to monitor and secure, but technology has kept pace. With the right tools placed within the right strategy, enterprises can take advantage of innovation without having to sacrifice security.
Oracle Dyn will be at Mobile World Congress 2019, Feb. 25-28 in Barcelona. Join us in the Digital Planet at booth 8.1E61 to learn how our edge security services can help protect your multicloud environments.